"Just Another ReVersIng Suite" or whatever other bullshit you can think of
Why JARVIS?
What is it?
Isn't there already something similar?
Why does the code suck so much?
JARVIS is written entirely in Python and it is thought to be completely standalone. That means, although it runs within IDA, you can just copy its whole directory to anywhere you want. However, it is recommended (as a matter of convenience) to copy the contents of the IDAPlugin directory to IDA's plugins/
The auxiliary plugin jarvis_launcher.py registers a shortcut (Alt-J) which launches the actual plugin.
JARVIS is written in PySide (Qt). It consists of a dockable Widget with several tabs, one for each different category.
There are three different kinds of widgets, namely:
Functionality related to binary analysis (dough!) without any special emphasis in vulnerability finding.
At least I tried, sometimes the line between both is too thin...
The options available in this tab are:
Functionality specifically designed around bug hunting goes here.
There is not much at the moment...
This is for interacting with external tools.
This is the killer feature :) You can even save your notes to a file!
Yes, I know IDA Pro already has this feature and saves the data to the IDB file but it looked convenient to have everything in one place.
Runtime options controlling things like the amount of information being displayed, etc.
NOTE: a large amount of people still using an older version of IDA, for unknown reasons (cough, chinese guy, cough, australian company). Since the GUI features described below are based on changes introduced in version 6.7 of IDA, JARVIS was unable to start.
A quick workaround has been introduced to allow JARVIS to run in older versions of IDA, with limited functionality. However, the "connect functions" graph can still be used by selecting the origin and destination functions clicking the "show all functions" button and using the context menu (see screenshot below)
And now for the IDA 6.7+ users
The main goal of JARVIS is to get out of the way while adding some nice features which allow you to work faster. With this goal in mind, some GUI augmentation has been added for your clicking pleasure.
Calculating paths between basic blocks
A new context menu has been added to the disassembly view (the graph thingy). Of course it is labeled JARVIS.
Simply right click the basic block on the graph view and select the appropiate menu entry. You will see some logging on IDA's output window
Once you got both start and end basic blocks selected, click the connect basic blocks button to get a list of all possible paths connecting them.
Double clicking the Path ID you will be presented with a color chooser widget where you can select a custom color to paint the choosen path on the graph view.
A penetrating yellow, for example, always does the trick :)
Voila! There you have your very visual path between basic blocks.
Calculating paths between functions
Similarly to the method explained above, JARVIS adds a new menu item to the popup for the functions window
The graph is of course clickable and will take you to the corresponding function in IDA's disassembly view by double clicking on a node.
The complementary tracing tool is Intel PIN based with a PySide GUI.
Since IDA Pro has a version of PySide itself, it is advised to install PySide in a virtual environment (read this)
To install it:
The batch script run.bat takes care of transparently preparing the virtual environment and running the PinTracer program.
About the PinTool itself. A version compiled for Windows 32 bits against Pin 71313 (vc12) is included. If you have another version of Pin, you will need to compile the PinTool against it. The source code is included (PinTracer/src_pintool/PinTracer.cpp) and the simplest way to compile it is to use the MyPinTool trick, well described here