BRUTAL IDA restores your original workflow by blocking the undo and redo keyboard shortcuts.

Our comments:

Tamir Bahar's plugin is a good reminder that, whatever the reason,
people don't like their workflows broken.

While plugins typically tend to add functionality, this one is here
to remove some: nostalgia is a very powerful feeling indeed! (or
is it Stockholm Syndrome?)

Download BRUTAL-IDA-master.zip

Get BRUTAL IDA from github

[…] checks the validity entry and exit blocks of control flow graphs (CFGs)

Our comments:

CFG Inquisitor essentially restricts what can be considered a
valid entry-, or exit-point of a function.

This is a fairly small plugin, with what appears to be somewhat
specific heuristics. It's unclear whether it would be reasonable
to extend these to all binaries that IDA can analyze.

The plugin is still under active development, and doesn't seem to
support x86_64 at this point.

Download cfg_inquisitor.zip

IDA Pro plugin that implements more user-friendly register and stack views

Our comments:

deReferencing is an IDA Pro plugin that implements new registers and stack views.
Adds dereferenced pointers, colors and other useful information, similar to some GDB plugins (e.g: PEDA, GEF, pwndbg, etc).

Supports x86, x86-64, ARM, ARM64, MIPS32 and MIPS64

The plugin adds custom views that try to interpret values in registers and stack as pointers
and automatically dereference them. Values are colored depending on the type of memory they belong to.

It is robust, useful, easy to install and use. The code is nicely modularized and readable.

Download deREferencing-master.zip

Get deREferencing from github

Idapython script to carve binary for internal RPC structures

Our comments:

findrpc.py is a single-file script which tries to find Windows RPC server and client descriptions in PE binaries.

The target audience is somewhat small but apparently RPC is an underexplored part of Windows so it's
a promising area for finding previously unknown vulnerabilities.

The declared feature list is quite impressive:

• View in a glance which RPC clients and servers are embedded in the binary
• Locate dispatch tables for RPC servers
• Quicky rename every RPC proc handlers found
• (On Windows) Generate decompiled IDL from RPC declarations

Unfortunately in our tests it only worked reliably on some binaries and it was
difficult to diagnose why exactly it failed on others, so there is definitely room for improvement.

For displaying results, the authors opted out for native Qt widgets as opposed to IDA's standard choosers
so, for example, copying the text from the result list did not work as it was not implemented

IDL decompilation feature uses a separate Windows binary without source code which is not always convenient.

That said, when it did work, the results were nice and useful
for finding hidden interfaces in Windows binaries

Download findrpc-master.zip

Get findrpc from github

IDA command palette & more

Our comments:

Ifred is a palette like we have seen several ones. It performs a fuzzy search
on IDA commands and on names from the current database. Compared to other
solutions, we like the attractive, customizable look. It also lets you create
your own palettes.

Download ifred.zip

Get ifred from github

Packages for IDA Pro

Our comments:

Idapkg tackles the problem of installing IDA plugins and managing their
dependencies. Based on an online repository,
it will let you search for packages and install or uninstall them. This is
still a proof of concept, but is an interesting step towards an easy and standard
way of installing IDA plugins.

Download idapkg.zip

Get idapkg from github

an IDA Python plugin that identifies and matches open-sourced
libraries in a given binary. The plugin uses a unique technique
that enables it to support huge binaries (>200,000 functions),
with almost no impact on the overall performance.

Our comments:

Karta really is a composite of a few things:

• the ThumbsUp plugin, which helps recovering functions in
  ARM binaries, where IDA falls short
• the identifier that identifies what open source libraries
  were compiled in, and with what version (e.g., from identifier strings)
• the matcher, which will match functions coming from
  the previously-identified libraries

Thumbs Up in and of itself is a rather significant achievement since
it uses machine learning to recover what appears to be functions,
that IDA didn't spot, and it appear to be doing a very good job with
ARM binaries.

For the rest of its work, Karta will use an approach that differs from FLIRT
(and other tools) in quite a few aspects:

• it will only try to match functions from a library if the identifier
  identified that the library is be present in the file,
• it will use many heuristics to determine the “likeliness” of
  function presence, based on where they are in the file

Running the plugin can take a significant amount of time (it's written in
Python), but the results can be very satisfying.

For the record, Karta has quite a few dependencies, so be sure
those are installed, and reachable through sys.path:

• awesomelib
• Cute
• decorator
• elementals
• hexdump.py
• networkx (use version 2.2: newer versions require Python3.)
• Sark
• sklearn

Download Karta-master.zip

Get Karta from github

The plugin allows IDA API commands to be run from your phone, anywhere!
(Provided you have cell service).

Our comments:

We have hard time imagining someone controlling his IDA with SMS messages but
if there are any desperate souls that need such a functionality,
this plugin is right for you.

A bit of set up that includes installing
some python packages, registering on an online web site that handles
SMS messages, and punching a hole in your firewall, and you are ready to go.

Just be informed any person who happens to know where to send SMS messages to
will be able to participate, for example, like this:

Download sms-ida.tar

an IDAPython tool for C++ vtables reconstruction on runtime.

Our comments:

The script does not require any installation, so to use it, just press
Alt-F7 and select the Main.py file. It will add tons of breakpoints
to your database and then once you run the target application using
a debugger backend of your choice, it will create C++ virtual tables.
Naturally, the application will execute slower than usual because of the
breakpoints. Besides of creating virtual tables the script also adds cross
references to the called functions.

It supports x86, x64, and Aarch64.

We like the idea, it has a great potential.
Hopefully the author will continue to improve the script.

Download Virtuailor-master.zip

Get Virtuailtor from github