Submit a plugin
Back to the list
aidapal
v1.1
  • Released on: 2024-06-05
  • Last update: 2024-10-08
Download
SHA256 checksum:
6862a3b544a31a83b0739d04e83f79482b49a0d8a6dc7fae5a6cd8eef9c3b7a9
aiDAPal is an IDA Pro plugin that uses a locally running LLM that has been fine-tuned for Hex-Rays pseudocode to assist with code analysis. Further details about this project can be found on our blog:
https://atredis.com/blog/2024/6/3/how-to-train-your-large-language-model
This repository contains the IDA Pro plugin, the associated fine-tuned weights as well as training dataset can be downloaded from Hugging Face:
https://huggingface.co/AverageBusinessUser/aidapal

Requirements / Setup

LLM Hosting/Service

This plugin uses Ollama's API for accessing the associated LLM - https://ollama.com/
Download the fine-tuned weights and Ollama modelfile:
Configure Ollama by running the following within the directory you downloaded the weights and modelfile:
ollama create aidapal -f aidapal.modelfile
Running ollama list should show an entry for aidapal after this step:
% ollama list
NAME                       	ID          	SIZE  	MODIFIED
aidapal:latest             	d04d7b95027b	4.4 GB	2 months ago

Python requirements

The plugin uses requests for HTTP requests to the API server - https://requests.readthedocs.io/en/latest/user/install/#install
By default the plugin uses the Ollama service running on the local host and is configured to use the aidapal weights, edit the plugin if either of these values should be different:
# this list holds the list of models registered with Ollama to be accessible from the plugin.
models = ['aidapal']
# where ollama service is running
ollama_url = "http://localhost:11434/api/generate"

Usage

After loading the plugin, a new context menu is accessible from the Hex-Rays window that will initiate analysis:

image.png

The plugin provides the option to analyze the full function or only the selected/highlighted lines via the menu.

When generation is complete, a results dialog will pop up, allowing you to accept or reject the results:
confirm_dialog.png
Once accepted, the Hex-Rays output will be updated with your changes. A full example of this can be seen in the following screengrab:
simple_usage.gif
The speed of generation is going to depend on the hardware you are executing on, the above example is representative of usage on ARM (Mx) based macbooks.

Analysis of data/globals is has initial support, when opening the context menu on a data location, a menu is available:

20241008191845image.png

Currently the plugin will gather any hexrays lines where the data is used to try to provide some context to how it is used within the program, for best results the code should be analyzed first in order to provide more information to the analysis process. Depending on how many references exist and the state of their analysis, the results will be generic:

20241008192519image.png

20241008192535image.png

A slightly better example shows a data reference that is used within code that has already been previously analyzed:

20241008193632image.png