Back to the list
The Heimdallr IDA plugin exposes a localhost gRPC server for each IDA instances which allows the [Heimdallr client](https://github.com/interruptlabs/heimdallr-client) to navigate to locations in IDA.
1. Install heimdallr-ida with pip ([ensure the pip you are using matches the python environment IDA is using
- Using git directly pip3 install -e git+https://git@github.com/interruptlabs/heimdallr-ida.git#egg=heimdallr_ida
- From the source repo `pip3 install -e ./heimdallr-ida/`
2. Launch IDA and enter the following into the console:
import heimdallr
heimdallr.install()
3. Relaunch IDA and verify gRPC server sucessfully started up. You should something like the following in the output console:
[Heimdallr RPC] Plugin version 0.0.1
Starting server on 127.0.0.1:51278
Wrote {"pid": 36813, "address": "127.0.0.1:51278", "file_name": "example.i64", "file_hash": "b058de795064344a4074252e15b9fd39"} to /Users/roberts/.idapro/heimdallr/36813
1. Install heimdallr-client with pip
- You may need poetry depending on your python version pip3 install poetry
- Using git directly pip3 install -e git+https://git@github.com/interruptlabs/heimdallr-client.git#egg=heimdallr_client
- From the source file here pip3 install -e ./heimdallr-client/
2. Verify settings.json has been created in the relevant application directory
- MacOS/Linux - $HOME/.config/heimdallr/
- Windows - %APPDATA%/heimdallr/
3. Modify settings.json to be accurate for your system
- ida_location is the location of your IDA Installation (should be automatically filled)
- idb_path is an array of locations for the heimdallr client to search for corosponding idbs
In MacOS we can use AppleScript to act as a stub to forward URI requestst to our python client script. To configure this:
1. Locate path to `heimdallr_client` script
roberts@RobertS-IL-Mac heimdallr_client % whereis heimdallr_client
heimdallr_client: /opt/homebrew/bin/heimdallr_client
2. Open ./heimdallr-client/macos-stub/heimdallrd.scpt in Script Editor (double click)
3. Change the heimdallr_client path to be valid for your system
4. Export it as an Application (File -> Export...)
a. Ensure "File Format" is "Application"
5. Modify the `Info.plist` file to add the following text between it's first set of dictionary tags
CFBundleURLTypes
CFBundleURLName
IDA URL
CFBundleURLSchemes
ida
(an example Info.plist is in ./macos-stub/Info.plist)
6. Move the Application Bundle to /Applications/ and resign it:
codesign --force -s - /Applications/heimdallrd.app
7. Run the Application bundle (double click) to register it with the system as a URI handler.
For other operating systems a electron app is available to act as a URL handler. You can get it on github: https://github.com/interruptlabs/heimdallr-client/releases/tag/v0.5.2
You should now be able to open ida:// URIs from anywhere in the system. This could be a Slack DM, a Confluence page, or a Obsidian note. The format is as follows (these):
ida://example.i64%3Foffset%3D0x1002315b6%26hash%3Db058de795064344a4074252e15b9fd39%26view%3Ddisasm
These are automatically generated by creating a note in the `heimdallr_ida` plugin
The search behaviour for a relevant IDB is as follows:
1. Search for an open IDA instance with this database already open
2. Search IDA recently open files for the location of the database
3. Search your `idb_path` for matching files
The search pattern is used to ensure links can be used easily within a team - so long as you have a database based on the same source file and is named the same.
IDBs are matched by both the database name and source file hash. As such **changing the database name will cause URIs to no longer be valid**.
You can make notes by highlighting the area of text in IDA you want to copy and pressing "Ctrl+Shift+N". The text will be added to a code block with a link back to where it came from and added to your clipboard.
If you want to make a link to share with someone else, pressing "Ctrl+Alt+N", and the link to where you are in IDA will be added.
This currently only works for the Disassembly and Pseudocode views.