Home

Awesome

Docker IDA

Run IDA Pro by Hex Rays disassembler in Docker containers. Ideal for automating, scaling and distributing the use of IDAPython scripts to perform large-scale reverse engineering tasks.

alt tag

Our blog: http://www.intezer.com/blog/

Requirements

Installation

  1. Clone docker-ida repository:

    $ git clone https://github.com/intezer/docker-ida
    
  2. Copy IDA Pro installation file to the repository's ida directory:

    $ cp <ida-installation-file-path> docker-ida/ida/ida.run
    
  3. Build IDA docker image:

    $ sudo docker build -t ida --build-arg IDA_PASSWORD=<password> docker-ida/ida
    

    Note: It is recommended to push the built image to a private Docker Hub repository (Pushing a repository to Docker Hub). Otherwise you have to build the image on every machine

Start an IDA Service Container

IDA service container receives remote IDA commands over HTTP and executes them. To start a container, run this command:

$ sudo docker run -v <host_shared>:/shared -p <host_port>:4000 -it ida -c <cores> -t <timeout>

Note: In order to run multiple containers on the same host, publish each container to a different host port

Usage

On The server:

On The client:

  1. Install ida_client Python library:

    On Windows:

    $ pip install "git+https://github.com/intezer/docker-ida#egg=ida_client&subdirectory=ida_client"
    

    On Linux / Mac OS X:

    $ pip install 'git+https://github.com/intezer/docker-ida#egg=ida_client&subdirectory=ida_client'
    

    Note: pip version must be 8.1.1 or higher

  2. Send commands to the containers using the Python library:

    >>> import ida_client
    >>>
    >>> client = ida_client.Client(['http://localhost:4001', 'http://localhost:4002'])
    >>>
    >>> client.send_command('idal -Sextract_file_functions.py -A zlib.dll.sample', timeout=600)
    True
    >>>
    >>> files = ['zlib.dll.sample', 'Win32OpenSSL.sample']
    >>>
    >>> # Building list of commands to send at once
    >>> commands = ['idal -Sextract_file_functions.py -A %s' % file for file in files]
    >>>
    >>> client.send_multiple_commands(commands, timeout=600)
    [True, True]
    

Advanced Usage

Troubleshooting

If the script doesn't run correctly:

Notes