Igor’s tip of the week #47: Hints in IDA
Hints (aka tooltips) are popup windows with text which appear when you hover the mouse cursor over a particular item in IDA. They are available in many situations.
IDA Pro on Apple Silicon
IDA Pro for ARM64 is coming! We have ported all of IDA to run natively on Apple Silicon and it will be available in IDA 7.6. Initial analysis shows that the hype is real. IDA is consistently performing much faster on M1 macs: And a visual representation, for your viewing delight: https://www.hex-rays.com/wp-content/uploads/2020/12/split.mp4 We have also ported the mac […]
Updates to XNU debugging tutorial
Along with the release of Service Pack 3 for IDA 7.5, we have updated our XNU Debugging Tutorial with a new section about macOS11 kernel debugging. It has some analysis and debugging tips for the new kernelcache format in macOS11 Big Sur. We hope you will find it useful! Downloads
Updates to iOS Debugger Tutorial
We have updated our iOS Debugging Tutorial. It has some new sections that should be of particular interest: “Debugging the DYLD Shared Cache” discusses how to combine IDA’s incremental dyldcache loading functionality with the iOS Debugger. “Debugging System Applications” is a concrete example of how to use IDA to debug an iOS system daemon on a […]
IDA 7.2 – The Mac Rundown
We posted an addendum to the release notes for IDA 7.2: The Mac Rundown. It dives much deeper into the Mac-specific features introduced in 7.2, and should be great reference material for users interested in reversing the latest Apple binaries. It’s packed full of hints, tricks, and workarounds. We hope you will find it quite […]
IDA Dalvik debugger: tips and tricks
One of the new features of IDA 6.6 is the Dalvik debugger, which allows us to debug Dalvik binaries on the bytecode level. Let us see how it can help when analysing Dalvik files. Encoded strings Let us consider the package with the encrypted strings: STRINGS:0001F143 unk_1F143:.byte 0x30 # 0 # DATA XREF: STR_IDS:off_70 STRINGS:0001F144 aFda8sohchnidgh: .string “FDA8sOhCHNidghM2hzFxMXUsivl2k7hFOhkJrW7O2ml8qLVM”,0 STRINGS:0001F144 […]