Challenge

Information is rarely produced and consumed strictly inside an application. Modern computers exchange information with other computers, store information on the disk, or in the cloud. Quite often, the used data format is undocumented, but there may be the need to interact with the application or extract its data. For example, to extract data from an obsolete software we need to know the used format. Or to take down a botnet, we may need to know its network protocol in order to send commands to the zombie computers it infected.

Approach

To deal with exotic file formats, IDA Pro can be easily extended with custom-crafted "loaders" and make the data available from within the UI. When it comes to reverse-engineering network protocols, one will typically pair up IDA Pro with a packet capture tool (e.g., Wireshark). The discovery of the protocol will be sped up thanks to analyzing both the traffic, and matching its usage in the client-side or server-side code.

IDA can be used to reverse-engineer undocumented network protocols, which has many practical benefits:

G Data Software's analysis of an IoT botnet

IDA is often used to reverse-engineer legacy software.

When software outlasts its creators, the source code might not be available and users are sometimes stuck with older infrastructure that can't be easily modified or updated. IDA can be used "surgically" to patch legacy binaries and make them behave in the desired way:
Shipping unofficial patches for an unsupported version of InternetExplorer that is still in use

Some examples of using IDA to explore exotic file formats:

Updating the KLN89B: Using IDA to extract GPS data from a proprietary file format

Products

IDA Home
IDA Pro
IDA Free
IDA Classroom
IDA Pro OEM
Private Lumina Add-on
Teams Add-on
Training courses

Case studies

Malware Analysis & Digital Forensics
Vulnerability research & penetration testing
Dynamic Analysis & Debugging
Automotive Security
Interoperability
Software Assessments

Classroom

IDA Classroom Free
Classroom discount for IDA Pro

Resources

Documentation
Forum
Blog
Community plugins

Pricing

For organizations
For individuals
For education providers
Our reseller partners

Company

About us
Careers
Privacy policy
Terms of use
Contact us

Connect with the community on

X Mastodon LinkedIn YouTube

© 2024 Copyright Hex-Rays