Docker IDA: Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.

Docker IDADocker containers are the future! It surely seems so from the myriad projects that are being ‘dockerized’! One such cool project is Docker IDA, your answer for large scale reverse engineering, which allows you to run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.

What is Docker IDA?

Docker IDA is an open source project that allows you to dockerize IDA Pro to make reverse engineering on a large scale simpler and faster. It does so by wrapping IDA Pro with a command line interface, which automates the use of IDAPython scripts and batch analysis. This solves the problem that malware analysis and reverse engineering industry has been facing since long – upscaling these tools and getting software to run reliably when moved from one computing environment to another. One container can wrap up a piece of software in a complete file system that includes everything it needs to run IDA Pro. is configured to have everything you need for a working IDA machine, ready to run scripts:

  • IDA Pro (Linux version) automatically installed with all its dependencies.
  • pip install – Install external python libraries that integrate into the IDAPython engine such as pexpect, networkx, flask, gunicorn.
  • Sark – The excellent library by Tamir Bahar is preinstalled, to simplify IDAPython scripting
  • Special wrapper script in order to quickly run IDA without ANY screen output

With such a dockerized machines, you can perform automated unpacking of malwares, fuzz files, string de-obfuscation or check for for buffer overflow exploits.

Docker IDA Installation:

  1. Clone docker-ida repository:
    $ git clone https://github.com/intezer/docker-ida
    
  2. Copy IDA Pro installation file to the repository’s ida directory:
    $ cp <ida-installation-file-path> docker-ida/ida/ida.run
    
  3. Build Docker IDA image:
    $ sudo docker build -t ida --build-arg IDA_PASSWORD=<password> docker-ida/ida

Requirements

Notes

Experiência em ambientes open source e Pentesting. Atualmente sou freelancer e sempre aberto para participações em projetos e atividades voltadas ao hacking e análise de malwares. Participe do grupo de discussões no Telegram: https://t.me/MalwareReverseBR

5 comments On Docker IDA: Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.

Leave a reply:

Your email address will not be published.