/lumen

A private Lumina server for IDA Pro

Primary LanguageRustMIT LicenseMIT

Lumen

A private Lumina server that can be used with IDA Pro 7.2+.

lumen.abda.nl runs this server.

You can read about the protocol research here.

Features

  • Stores function signatures so you (and your team) can quickly identify functions that you found in the past using IDA's built-in Lumina features.
  • Backed by PostgreSQL
  • Experimental HTTP API that allows querying the database for comments by file or function hash.

Getting Started

Running the server

Pre-built binaries are not distributed at the moment, you will have to build lumen on your own.

  1. git clone https://github.com/naim94a/lumen.git
  2. Get a rust toolchain: https://rustup.rs/
  3. cd lumen
  4. Setup a Postgres database and execute src/schema.sql on it
  5. cargo +nightly build --release

Docker Method

  1. Install docker-engine and docker-compose.
  2. If using a custom TLS certificate, copy the private key (.p12/.pfx extension) to ./dockershare and set the key password in .env as PKCSPASSWD.
  3. If using a custom Lumen config, copy it to ./dockershare/config.toml.
  4. Otherwise, or if you have finished these steps, just run docker-compose up.
  5. Regardless, if TLS is enabled in the config.toml, a hexrays.crt will be generated in ./dockershare to be copied to the IDA install directory.

Usage

./lumen -c config.toml

Configuring IDA

You will need IDA Pro 7.2 or above in order to use lumen.

The following information may get sent to lumen server: IDA key, Hostname, IDB path, original file path, file MD5, function signature, stack frames & comments.

  • In your IDA's installation directory open "cfg\ida.cfg" with your favorite text editor (Example: C:\Program Files\IDA Pro 7.5\cfg\ida.cfg)
  • Locate the commented out LUMINA_HOST, LUMINA_PORT, and change their values to the address of your lumen server.
  • If you didn't configure TLS, Add "LUMINA_TLS = NO" after the line with LUMINA_PORT.

Example:

LUMINA_HOST = "192.168.1.1";
LUMINA_PORT = 1234

// Only if TLS isn't used:
LUMINA_TLS = NO

Configuring TLS

IDA Pro uses a pinned certificate for Lumina's communcation, so adding a self-signed certificate to your root certificates won't work. Luckily, we can override the hard-coded public key by writing a DER-base64 encoded certificate to "hexrays.crt" in IDA's install directory.

You may find the following commands useful:

# create a certificate
openssl req -x509 -newkey rsa:4096 -keyout lumen_key.pem -out lumen_crt.pem -days 365 -nodes

# convert to pkcs12 for lumen; used for `lumen.tls` in config
openssl pkcs12 -export -out lumen.p12 -inkey lumen_key.pem -in lumen_crt.pem

# export public-key for IDA; Copy hexrays.crt to IDA installation folder
openssl x509 -in lumen_crt.pem -out hexrays.crt

No attempt is made to merge function data - this may casuse a situation where metadata is inconsistent. Instead, the metadata with the highest calculated score is returned to the user.

Get info from DB

Get info by function name

sudo docker exec --env PGPASSWORD=1 -it lumina-postgres psql -A -U lumina -d lumina --no-password -P pager=off -c "select encode(files.chksum, 'hex'), file_path, funcs.name  from funcs join dbs on funcs.db_id = dbs.id join files on dbs.file_id = files.id where funcs.name like 'sm_%' ;" -F';'

Developed by Naim A.; License: MIT.