Home

Awesome

About

POC of an offline server for IDA Lumina feature.

More details on https://www.synacktiv.com/publications/investigating-ida-lumina-feature.html

Instalation

Python package installation

Download project and run python lumina/setup.py (or pip install .).

Server can also be used as a standalone script. The command lumina_server won't be registered in the PATH though. You will have to run manually using python3 lumina/lumina_server.py.

Generate certificates

This step is optionnal if you don't need using TLS. You will then have to modify the LUMINA_TLS = NO in ida.cfg.

Generate a new ROOT CA certificate and key using one of these lines (you can remove the -nodes option to set a passphrase but keep in mind you will need to pass passphrase argument to server script):

# sha256WithRSAEncryption
openssl req -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -sha256 -keyout luminaRootCAKey.pem -out luminaRootCAK.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

# ecdsa-with-SHA256 (prime256v1)
openssl req -nodes -x509 -newkey rsa:4096 -sha512 -keyout luminaRootCAKey.pem -out luminaRootCA.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

Client setup

Copy the CA certificate (luminaRootCA.pem) to IDA config directory as hexrays.crt:

e.g (linux): cp luminaRootCA.pem $HOME/.idapro/hexrays.crt

modify the IDA configuration file (cfg/ida.cfg), either in installation directory or (recommanded) user directory:

// Lumina related parameters
LUMINA_HOST               = "localhost";  // Lumina server url (default : "lumina.hex-rays.com")
                                          // warning: keep the the semicolon
LUMINA_MIN_FUNC_SIZE      = 32            // default function size : 32
LUMINA_PORT               = 4443          // default port : 443
LUMINA_TLS                = YES           // enable TLS (default : YES)

First run

Start the server

Usage:

usage: lumina_server [-h] [-i IP] [-p PORT] [-c CERT] [-k CERT_KEY]
                     [-l {NOTSET,DEBUG,INFO,WARNING}]
                     db

positional arguments:
  db                    database file

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        listening ip address (default: 127.0.0.1
  -p PORT, --port PORT  listening port (default: 4443
  -c CERT, --cert CERT  proxy certfile (no cert means TLS OFF).
  -k CERT_KEY, --key CERT_KEY
                        certificate private key
  -l {NOTSET,DEBUG,INFO,WARNING}, --log {NOTSET,DEBUG,INFO,WARNING}
                        log level bases on python logging value (default:info)

exemple:

lumina_server db.json --cert luminaRootCA.pem --key luminaRootCAKey.pem --ip 127.0.0.1 --port 4443 --log DEBUG

Start server, (re)start IDA with an idb database and push your first function using Lumina. Hit ctrl-c to terminate server and save database.

Important: keep in mind that the database is only saved or updated on server exit (ctrl-c).