From f4821018b415ae0c26e6a110800e60a2ceb1e066 Mon Sep 17 00:00:00 2001 From: Cedric Halbronn Date: Mon, 24 Feb 2020 21:37:09 +0000 Subject: [PATCH] review doc + remove bookmarks as it is supported now --- README.md | 40 +++++++++++++++++----------------------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index fda6941..0eb0775 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ IDArling is a collaborative reverse engineering plugin for [IDA Pro](https://www.hex-rays.com/products/ida/) and [Hex-Rays](https://www.hex-rays.com/products/decompiler/index.shtml). It -allows to synchronize in real-time the changes made to a database by multiple +allows to synchronize in real-time the changes made to a database by multiple IDA users, by connecting together different instances of IDA Pro. It works by hooking certain events generated by one user in IDA and @@ -55,10 +55,10 @@ backward compability to add certain features. There are two different use cases: -* IDA Pro used for both the IDArling client and IDArling server, - by using the "Integrated Server". You can ignore the `Server-side` installation. +* IDA Pro used for both the IDArling client (IDA Pro plugin) and IDArling server, + by using the "Integrated Server". You can ignore the "Server-side" installation. * IDA Pro used for the IDArling clients and a remote IDArling server. You can refer - to the `Server-side` and `Client-side` installation + to the "Server-side" and "Client-side" installation ### Server-side @@ -73,13 +73,13 @@ python3 idarling_server.py -h 192.168.1.1 -p 12345 --no-ssl -l DEBUG ### Client-side -IDA 7.4 with IDA Python 3 is supported. +IDA Pro 7.4+ with IDA Python 3 is supported. Install the IDArling client into the IDA plugins folder. - Copy `idarling_plugin.py` and the `idarling` folder to the IDA plugins folder. - On Windows, the folder is at `C:\Program Files\IDA 7.x\plugins` - - On macOS, the folder is at `/Applications/IDA\ Pro\ 7.x/idabin/plugins` + - On macOS, the folder is at `/Applications/IDA Pro 7.x/idabin/plugins` - On Linux, the folder may be at `~/ida-7.x/plugins/` - Alternatively, you can use the IDAUSR folder such as `C:\Users\\AppData\Roaming\Hex-Rays\IDA Pro\plugins` on Windows. @@ -90,12 +90,9 @@ line into the console: import urllib2; exec(urllib2.urlopen('https://raw.githubusercontent.com/fidgetingbits/IDArling/master/easy_install.py')).read() ``` -**Warning:** The plugin is only compatible with IDA Pro 7.x on Windows, macOS, -and Linux. - ### Dedicated server -To enable the dedicated server, you can choose `Dedicated Server` after right-clicking +To enable the dedicated server, you can choose "Dedicated Server" after right-clicking the IDArling widget located in the status bar. The dedicated server requires PyQt5, which is integrated into IDA. If you're @@ -104,16 +101,14 @@ a pre-built package that can be installed with a simple `pip install PyQt5`. ## Connection to server and usage -Open the *Settings* dialog accessible from the right-clicking the IDArling widget located -in the status bar. Show the servers list by clicking on the *Network Settings* +Open the "Settings" dialog accessible from the right-clicking the IDArling widget located +in the status bar. Show the servers list by clicking on the "Network Settings" tabs and add your server to it. Connect to the server by clicking on it after right-clicking the widget again. Finally, you should be able to access the following menus to upload or download a database: -``` -- File --> Open from server -- File --> Save to server -``` +* File --> Open from server +* File --> Save to server ![](img/open_from_server.png) @@ -145,17 +140,17 @@ We like to define the following terms in the IDArling jargon: - group: a group correspond to a researched topic such as a given CVE, malware family, etc. regrouping several projects -- project: a project correspond to a given file hash to analyse -- database: a database is a snapshot of a an IDB as a given time. It is +- project: a project correspond to a given file to analyse (i.e. unique SHA-256 hash) +- database: a database is a snapshot of an IDB as a given time. It is used as a baseline to apply any change made from this snapshot by any other IDA user In general, the first thing is to create a group for the research topic you are -starting. Then, you create a project to analyse a given file hash (e.g. `ntoskrnl.exe` +starting. Then, you create a project to analyse a given file with a unique hash (e.g. `ntoskrnl.exe` on Windows 10 1809 x64 from May 2019) and then you create one initial database. All the changes made for this IDB can leave in the same database as long as all the changes you do are synced. However, if there are some major changes that are -not synced by IDArling, you need to create an additional database to track them +not synced by IDArling, you need to create an additional database to save them and all users SHOULD then use the latest database. In general, it is better to always start from the latest database (i.e. @@ -180,7 +175,6 @@ base IDB. * Syncs integer type (hex vs integer vs binary) changes in both IDA and Hex-Rays * Manually creating an enum and pasting in the code will actually sync across IDBs -* Opcode settings (Options > General > Number of opcode bytes) don't sync ### Known changes not currently synced by IDArling @@ -194,13 +188,13 @@ system and then save the snapshot, because we're unable to sync those. * upgrading IDA version * adding a new type: If you add a new type that is a pointer or another type -that doesn't sync to the struct or enum tabs, you MUST save a new database. +that doesn't sync to the struct or enum tabs, you MUST save a new database * converting raw data to code * sync notepad (github #79) -* marked locations (#80, #87) * local types from header imports or local types at all that are not structs or enums * renamed enums in Hex-Rays output +* Opcode settings (Options > General > Number of opcode bytes) don't sync ### Known issues due to IDArling use