Batch Binary Analysis with IDA Pro 7.4 Automation

Fri, 22 May 2020 00:00:00 +0000

It is easy to script analysis steps with IDAPython, but now we want to automate this analysis over, let’s say, 10,000 files. I did a quick Google and I couldn’t find a guide on how to perform batch binary analysis tasks by automating IDA Pro 7.x.

Unfamiliar with this, I was constantly guessing whether it was the command-line arguments, the script, or a combination of both that was not working. I’m sharing my experince here so you won’t have to be fumbling around like I was.

I will be using IDA Pro for Windows here, but it should be applicable to any of their supported platforms like Mac or Linux.

Simple Binary Analysis

Let’s write some simple IDAPython analysis script and run it within the IDA Pro console. This script loops through all functions in the executable and prints out its address and name:

import idc
import idautils

print 'count %d' % len(list(idautils.Functions()))
for ea in idautils.Functions():
 print hex(ea), idc.get_func_name(ea)

The idautils module contains higher-level functionality like getting a list of functions, or finding code & data references to addresses. If you are familiar with IDC scripting, most of the functions by the same name can be found within the idc module. This is not really meant to be an IDAPython or IDC scripting tutorial, so you will need to look elsewhere for that.

Mac Battery Firmware Hacking

Sun, 20 Nov 2011 16:36:00 +0000

[youtube=http://www.youtube.com/watch?v=bc1EU5GTbLE] Charlie Miller reverse engineers the Mac battery firmware updater, sniffs battery communications on the SMBus, writes an IDA processor plugin (in IDAPython) for the CoolRISC 816 processor in the bq20z80, and mucks around with the its firmware. All the source code and presentation materials are provided. [via Dangerous Prototypes]

ida pro on irq5 test

Batch Binary Analysis with IDA Pro 7.4 Automation

Simple Binary Analysis

Mac Battery Firmware Hacking