/IDASynergy

A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By

Primary LanguagePythonMIT LicenseMIT

IDASynergy by Cubica Labs

Prerequisites

PySide for IDA Pro, specific for your IDAPython version.

Pysvn

Installation

To install IDASynergy, copy the contents of the source tree to:

%APPDATA%\Hex-Rays\IDA Pro\

WARNING: If you already have an idapythonrc.py under that directory, just add the contents of idapythonrc.py to it.

Then launch IDA Pro as usual. You will find IDASynergy under both the FILE and OPTIONS menus.

Directory Structure

As a recommendation for the organization of IDASynergy projects, it is encouraged to use the following directory-structure. This is just a recommendation, you could obviously have all your local repositories together in a svn directory somewhere. But for starters, you can use this:

C:\path\to\your\binary.exe
C:\path\to\your\binary.idb
C:\path\to\your\local_repo\

So the local repository is in the same directory, but the IDB and the .dat files generated by IDASynergy are not in the same subdirectory. This is recommended so you don't commit the idb by mistake. Just that.

Initial Checkout

SVN users:

  • If this is the first commit of the project, please use the "IDASynergy SVN Commit" option in the File menu

  • If you need to checkout the project, please use the "IDASynergy SVN Checkout" option in the File menu

  • If the project is already checked-out in your local copy, use the "IDASynergy Load from local repository" option instead

  • You can update the local copy without leaving IDA Pro by using the "IDASynergy SVN update" option

Non-SVN users:

If your version control software is not SVN, you will need to manually manage your repository

  • Use the "Load from local repository" option whenever you want to import changes to IDA

Known Security Issues

There are two known security issues in this software, that we're going to fix in the releases to come:

  • If the SVN server's security certificate is not signed, we accept it without user verification.

    • This allows for MITM attacks
  • We store the password in plain-text on the config file.

    • If your machine gets owned, the password can be retrieved with no effort.