Repository files navigation

"In fact I've actually triggered buffer overflows by just entering my real name."

-- A.

Augur is a blazing fast IDA Pro headless plugin that extracts strings and related pseudo-code from a binary file.It stores pseudo-code of functions that reference strings in an organized directory tree.

• Blazing fast, headless user experience courtesy of IDA Pro 9 and Binarly's idalib Rust bindings.
• Support for binary targets for any architecture implemented by IDA Pro's Hex-Rays decompiler.
• Decompilation feature based on thedecompile_to_file API exported byharuspex.
• Pseudo-code of each function that references a specific string is stored in a separate directory.

• https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust

• https://github.com/0xdea/rhabdomancer
• https://github.com/0xdea/haruspex
• https://docs.hex-rays.com/release-notes/9_0#headless-processing-with-idalib
• https://github.com/binarly-io/idalib

The easiest way to get the latest release is viacrates.io:

1. Download, install, and configure IDA Pro (seehttps://hex-rays.com/ida-pro).
2. Download and extract the IDA SDK (seehttps://docs.hex-rays.com/developer-guide).
3. Install LLVM/Clang (seehttps://rust-lang.github.io/rust-bindgen/requirements.html).
4. On Linux/macOS, install as follows:

   export IDASDKDIR=/path/to/idasdkexport IDADIR=/path/to/ida# if not set, the build script will check common locationscargo install augur

   On Windows, instead, use the following commands:

   $env:LIBCLANG_PATH="\path\to\clang+llvm\bin"$env:PATH="\path\to\ida;$env:PATH"$env:IDASDKDIR="\path\to\idasdk"$env:IDADIR="\path\to\ida"# if not set, the build script will check common locationscargo install augur

Alternatively, you can build fromsource:

1. Download, install, and configure IDA Pro (seehttps://hex-rays.com/ida-pro).
2. Download and extract the IDA SDK (seehttps://docs.hex-rays.com/developer-guide).
3. Install LLVM/Clang (seehttps://rust-lang.github.io/rust-bindgen/requirements.html).
4. On Linux/macOS, compile as follows:

   git clone --depth 1 https://github.com/0xdea/augurcd augurexport IDASDKDIR=/path/to/idasdk# or edit .cargo/config.tomlexport IDADIR=/path/to/ida# if not set, the build script will check common locationscargo build --release

   On Windows, instead, use the following commands:

   git clone--depth1 https://github.com/0xdea/augurcd augur$env:LIBCLANG_PATH="\path\to\clang+llvm\bin"$env:PATH="\path\to\ida;$env:PATH"$env:IDASDKDIR="\path\to\idasdk"$env:IDADIR="\path\to\ida"# if not set, the build script will check common locationscargo build--release

1. Make sure IDA Pro is properly configured with a valid license.
2. Run as follows:

   augur<binary_file>

3. Find the extracted pseudo-code of each decompiled function in thebinary_file.str directory, organized by string:

   vim<binary_file>.strcode<binary_file>.str

• IDA Pro 9.0.241217 - Latest compatible: v0.2.3.
• IDA Pro 9.1.250226 - Latest compatible: current version.

Note: checkidalib documentation for additional information.

• CHANGELOG.md

• Integrate withoneiromancer.
• Allow users to choose to process string cross-references even if decompiler is unavailable.
• Implement functionality similar tohttps://github.com/joxeankoret/idamagicstrings.