Firmware binaries often use raw binary file format without any metadata so they have to be loaded manually into IDA. You can do it interactively using the binary file loader, but if you have many files to disassemble it can quickly get boring. If you already know some information about the files you’re disassembling, you can speed up at least the first steps. For example, if you have a binary for big endian ARM, which should be loaded at address 0xFFFF0000, you can use the following command line:
ida -parmb -bFFFF000 firmware.bin
The -p
switch tells IDA which processor module to pre-select. You can see the available names for different processor types in the second column of the processor selector pane in the load dialog:
The -b
switch specifies the load base to be used, however due to IDA’s origins as a DOS program, the value needs to be specified in paragraphs (16-byte units), so we have to omit the last hexadecimal zero.
In case the file is recognized by IDA as some specific format, it will be used instead of the plain binary, but the processor specified will be retained if possible. For example, since IDA 8.3 the firmware for Cortex-M processors is usually recognized as such out-of-box:
If you prefer to have the file loaded as plain binary or another non-default format, you can force it using the -T
switch with the unique prefix of the preferred format name:
ida -parm -b800400 -Tbinary firmware.bin
(-Tbin
would also work)
See also:
IDA Help: Command line switches
Igor’s tip of the week #41: Binary file loader