docker-idapro
docker-idapro copied to clipboard
blacktop
IDA Pro Docker Image
IDA Pro Docker Image
Why?
For use as an ipsw pipeline.
Dependencies
Image Tags
REPOSITORY TAG SIZE
blacktop/idapro latest 1.09GB
blacktop/idapro 8.4 1.09GB
blacktop/idapro 8.2 1.09GB
blacktop/idapro 8.0 804MB
blacktop/idapro 7.7 804MB
Getting Started
On macOS
- Install XQuartz
brew install --cask xquartz -
open -a XQuartzand make sure you "Allow connections from network clients" in the Security tab - Now add the IP using Xhost with:
xhost + 127.0.0.1orxhost + $(ipconfig getifaddr en0) - Start up IDA Pro
docker run --init -it --rm \
--name idafree \
-v `pwd`:/data \
-e DISPLAY=host.docker.internal:0 \
blacktop/idapro /data/bin
NOTE: ⚠️ This is the IDA Free version and does not seem to be able to do headless analysis.
To persist settings across sessions:
docker run --init -it --rm \
--name idafree \
-v `pwd`:/data \
-v $HOME/.idapro:/root/.idapro \
-e DISPLAY=host.docker.internal:0 \
blacktop/idapro /data/bin
Build IDA Pro
- Put a copy of the linux installer in the
profolder and name itidapro.run
IDAPW="your-install-pw-here" make build-pro
- Enter image container:
make ssh-pro
root@add3b0fd6966:/ida# ./ida64
-
This will open the GUI; now accept the license agreement and set any settings you want to persist and close the window.
-
Rebuild the IDA Pro image with the new
ida.regfile:
make build-reg
Congratulations! You now have a registered IDA Pro image that you can perform headless analysis with 🎉
Headless
Batch mode (creates idb and asm files)
docker run --init -it --rm \
--name idapro \
-v `pwd`/files:/files \
-v `pwd`/logs:/logs \ # you can pipe the logs out
--entrypoint=idat64 \ # idat64 uses less resources than ida64
blacktop/idapro -B -a- -P+ -L/logs/ida.log /files/kernelcache.release.iPhone11,8
tail -f logs/ida.log
Possible file format: Apple XNU kernelcache for ARM64e (kernel + all kexts) (/ida/loaders/macho64.so)
Possible file format: Apple XNU kernelcache for ARM64e (kernel only) (/ida/loaders/macho64.so)
Possible file format: Apple XNU kernelcache for ARM64e (single kext) (/ida/loaders/macho64.so)
Possible file format: Apple XNU kernelcache for ARM64e (normal mach-o file) (/ida/loaders/macho64.so)
bytes pages size description
--------- ----- ---- --------------------------------------------
134217728 16384 8192 allocating memory for b-tree...
191143936 23333 8192 allocating memory for virtual array...
262144 32 8192 allocating memory for name pointers...
<SNIP>
Autonomous mode
docker run --init -it --rm \
--name idapro \
-v `pwd`/samples:/samples \
-v `pwd`/py:/ida/python \
-v `pwd`/scripts:/ida/idc \ # add local scripts to IDA
--entrypoint=idat64 \
blacktop/idapro -A -Sanalysis.idc /samples/bin
NOTE: Here are a list of other CLI options
TODO
- [ ] Add support for diaphora
- [ ] Add support for binexport
- [ ] Add support for ida_kernelcache
- [ ] Add support for ida_kcpp
- [ ] Add support for PPLorer
Issues
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue
License
MIT License Copyright (c) 2022-2024 blacktop
blacktop