Log in

View Full Version : New ideas for IDA

LLXX
April 30th, 2006, 22:30
Recently I was analysing some code with a friend using IDA when I thought of this - IDA is an interactive, but single-user tool. Could it be possible to make it multiuser, i.e. have one machine where the "director" of the analysis resides, which other machines running an IDA client can connect to, perhaps over the Internet, and have many reversers work on the program simultaneously? I'm sure this would make reverse-engineering much more fun and efficient.

Also, given the clearly superior skills of the IDA authors, I'm still surprised that they haven't attempted to produce an Interactive Decompiler, since decompilation is just one more step above disassembly and not much more difficult to accomplish. All the decompilers I've found are either incomplete, buggy, and noninteractive.

Comments and opinions are welcome.
Kayaker
April 30th, 2006, 23:22
Hi,

I'm not sure if this qualifies as the same thing but OpenRCE was trying something along those lines. I don't know if anyone has really tried it yet but..

https://www.openrce.org/distributed_rce/

OpenRCE Distributed RCE

The idea behind Distributed RCE is to enable groups of reverse engineers working on the same target to do so simultaneously. OpenRCE users can advertise IDA/Olly Sync servers that they are running on this page. Currently this portion of the site serves as a central server list. Eventually a dedicated server will be run on OpenRCE. Once established, an interesting experiment may be an attempted mass speed reverse engineering of newly discovered malicious binaries.

To add a server to this list fill out the pertinent information at the bottom of this page. Users should message the listed server owner for account information if they are interested in joining on a project. Perhaps at some point in the future an analyst score card or analyst resume will be developed to help owners when deciding which users to grant IDA Sync Server access to.
Polaris
May 1st, 2006, 06:34
Quote:
[Originally Posted by LLXX]Recently I was analysing some code with a friend using IDA when I thought of this - IDA is an interactive, but single-user tool. Could it be possible to make it multiuser, i.e. have one machine where the "director" of the analysis resides, which other machines running an IDA client can connect to, perhaps over the Internet, and have many reversers work on the program simultaneously? I'm sure this would make reverse-engineering much more fun and efficient.


Kayaker answered already nicely to this question, just check the IDASync plugin.

Quote:
[Originally Posted by LLXX]Also, given the clearly superior skills of the IDA authors, I'm still surprised that they haven't attempted to produce an Interactive Decompiler, since decompilation is just one more step above disassembly and not much more difficult to accomplish. All the decompilers I've found are either incomplete, buggy, and noninteractive.

Comments and opinions are welcome.


IMHO, they DO have an interactive decompiling system (or at least a prototype), and they have screenshots on their website (http://www.datarescue.com/laboratory/vd2.htm)... Sadly this is really old stuff.

However, if you look closely at the latest post on Ilfak's blog, (http://www.hexblog.com/2006/04/portable_output_for_assembler.html#more), you can see that the output style is __REALLY__ close to the one that IDA produces, so that one may be very well suspecting that an integrated interactive environment for decompilation is already available on top of IDA...