The IDA Disassembler and Debugger is an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X. IDA has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial-off-the-shelf validation.
IDA Pro is a disassembler
Capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language.
IDA Pro is a debugger
Complements the static analysis capabilities (examining the code without executing the program) of the disassembler by allowing users to single step through the code being investigated.
FAST - IDA analyzes binaries in a matter of seconds.
FULLY INTERACTIVE - Work seamlessly and quickly with the disassembler and analyse code more intuitively.
ALL STANDARD PLATFORMS SUPPORTED - IDA runs on all standard platforms — MS Windows, Linux, Mac OS X both in GUI and console modes.
MULTIPLE PROCESSOR HANDLING - Same interface and features for dozens of processors to speed up the analysis process.
HANDLES NUMEROUS FILE FORMATS - IDA loads and disassembles virtually any file format.
POWERFUL DEBUGGER - IDA is also a versatile debugger, supports multiple debugging targets and can handle remote applications.
PROGRAMMABLE - Extend IDA in line with your own requirements through IDC or IDAPython.
OPEN PLUG-IN ARCHITECTURE - IDA’s functionality can easily be extended by the use of programmable plug-ins.
FLIRT - Fast Library Identification and Recognition Technology(FLIRT) identifies standard function calls for many compilers.
GRAPHING - Code graphing provides a pictorial overview of the code structure at a glance.
LUMINA SERVER - The Lumina server holds metadata (names, prototypes, operand types) about a large number of well-known functions.
CUSTOMIZABLE - IDA sports a fully customizable and unified work environment on all platforms.
Given the speed and the complexity of today’s hostile code, a powerful analysis solution is required. IDA Pro has become such a standard in the field of malware analysis that information about new viruses is often exchanged under the form of “IDA Databases”. IDA Pro is used daily by anti-virus, malware and spyware analysts to investigate new virus samplesthreats and to provide timely solutions.
The topic of vulnerability disclosure remains quite controversial but software is, as a matter of fact, unfortunately often vulnerable to outside attacks. IDA Pro is the ideal tool to investigate such vulnerabilities. If they aren’t fixed they could be exploited by third-parties with dishonest or criminal intentions. The Wisconsin Safety Analyzer, for instance, is a very interesting project investigating software vulnerability where IDA Pro plays an important role.
A lot of software are developed outside the country where they are used. Since those programs are incredibly hard to verify and since complete source code audit and rebuilds aren’t always practical or possble, tools such as IDA provide a convenient way to check if a program really does what it claims to do, contains no harmful vulnerabilities and leaks no sensitive information.
Software is invading our lives at every level. Respect of essential privacy rights is a concern for many, at a time when the amount of data about individual users that can potentially be collected, sold or exploited has surged to an unprecedented level. IDA Pro helps investigate software that may cause concern, thereby protecting your essential rights.
IDA PRO version 7.5 was released in May 2020 with many new features and improvements:
A tree-like folder view is available in many IDA standard views. You can create folders and move items between them. To start with, the following views have it:
Functions and Names
Imports
Structures
Enums
Local types
For Structures and Enums, the tree panel is shown by default, for other views it can be enabled via the “Show Folders” context menu item.
You can create, rename and delete folders, and move items between them. This will help organizing information when dealing with large binaries.
A new decompiler has been added to our lineup. Any 32-bit MIPS binary supported by IDA can be decompiled, including compact encodings. The infamous delay slots are handled transparently and seamlessly. A MIPS disassembler-decompiler comparison page is available and contains a few interesting examples.
Here are a few screenshots:
Big-endian MIPS32 code
Little-endian MIPS32 code
MIPS16e code
microMIPS code
We have added type libraries with most major APIs and additional frameworks from macOS and iPhone SDKs. They are especially useful when paired with the decompiler.
List of initially available type libraries
Sample of x86_64 user-mode code using CoreFoundation APIs
Sample of ARM64 kernel code using IOKit classes
In addition, we improved support for the KTRW debugger. Breakpoints and watchpoints works with it out of box using the same Corellium-ARM64 configuration.
On the decompiler side, we added support for atomic ARM64 instructions such as CAS (compare-and-swap), LDADD (atomic add) and many others. They are translated into corresponding C11 functions from stdatomic.h, so you should see fewer _asm{}
blocks when dealing with code compiled for arm64e.
ARM Atomic
Lumina functionality is available for MIPS and PPC binaries.
PC: ELF binaries employing Intel CET (Control-flow Enforcement Technology) are becoming very common due to Debian enabling this compiler option by default, followed by Fedora and other Linux distros. We now support such binaries out of box, including in the decompiler. We have also added support for several new instructions that were added recently to Intel and AMD processors.
Intel CET
ARM: Recent compilers targeting 32-bit ARM code prefer using MOVW and MOVT instruction pairs to load 32-bit constants and addresses instead of constant pool as was common in the past. While IDA already handled such pairs when they were placed together, advanced optimizations can place these pairs apart, preventing IDA from combining them, discovering the full value and adding a cross-reference to the destination. We have improved our heuristics to handle such scattered pairs and added an option so analysis can be tuned to be more or less aggressive depending on your specific binary.
ARM MOVT
ARM MOVT
ARM MOVT
Decompiler:
MACHO:
OBJC:
TIL:
This service pack contains enhancements and fixes to the 7.5 version. IDA 7.5 SP1 is designed to improve user experience especially for newly released features such as the tree-like folder view function and the MIPS decompiler.
IDAPython:
UI:
ELF:
Kernel / Misc.:
Kernel:
This release fixes some immediate issues with the new macOS11/iOS14 binaries and focuses principally on enhancing the static analysis for new file formats.
The new MH_FILESET kernelcache format from macOS 11 is now fully supported.
Kernelcache – before
Kernelcache – after
IDA 7.5 Service pack 2 improves the analysis of dyldcache files from macOS11/iOS14
Dyldlcache – before
Dyldcache – after
SP2 also improves the analysis of Objective-C metadata in binaries compiled with XCode 12 (specifically __objc_methlist sections)
objc – before
objc – after
Decompiler:
MACHO:
OBJC:
TIL:
The Service Pack 3 introduces a handful of new and interesting features specific to the soon-to-be-released macOS 11 (Big Sur) and provides fixes for numerous minor issues.
Debugger:
MACHO:
Feel free to contact E-SPIN for your specific project or operation requirements, so we can assist you on the exact requirement in the packaged solutions that you may require for your operation or project needs. From software to value added services such as computing hardware, 3rd party complementary software, training and managed services.
IDA Pro 7.5 released
IDA 7.5.200519
May 19, 2020
Hex-Rays announces the release of IDA Pro 7.5.
IDA Pro is certainly the fastest and most reliable software solution to support professionals in their reverse-engineering work. Version 7.5 has been developed to improve the IDA experience further. It notably introduces the following features:
A lot of work has taken place since the previous release of IDA. Below is quick visual overview of the number of significant changes between 7.4SP1 and 7.5. and cumulatively since version 6.0.