Challenge

The inner workings of non-malicious software are sometimes worth investigating. Analysts need to have a clear understanding of the software used daily (operating systems, drivers, third-party applications, etc). Normally the internal details of commercial software are not documented, but there are legitimate reasons to examine them.

Approach

IDA supports all major architectures used in desktop, mobile, and embedded devices. It can be used to disassemble binaries with or without debug info. Using built-in features like FLIRT and Lumina, well-known or library functions can be identified. Third-party addons like BinDiff or Diaphora allow finding differences between binary versions to identify changes, fixes, or even backdoors.

IDA is frequently used to detect harmful backdoors in popular software:

Using a backdoor in a D-Link router to access the web interface without any authentication

IDA can also be used for black-box reverse engineering of embedded firmware:

Analyzing the firmware of Withings Health Mate fitness tracker

Google Project Zero often uses IDA for deep-dives into commonly used software to assess its security, integrity, and design:

Examining Pointer Authentication on the iPhone XS

Products

IDA Home
IDA Pro
IDA Free
IDA Classroom
IDA Pro OEM
Private Lumina Add-on
Teams Add-on
Training courses

Case studies

Malware Analysis & Digital Forensics
Vulnerability research & penetration testing
Dynamic Analysis & Debugging
Automotive Security
Interoperability
Software Assessments

Classroom

IDA Classroom Free
Classroom discount for IDA Pro

Resources

Documentation
Forum
Blog
Community plugins

Pricing

For organizations
For individuals
For education providers
Our reseller partners

Company

About us
Careers
Privacy policy
Terms of use
Contact us

Connect with the community on

X Mastodon LinkedIn YouTube

© 2024 Copyright Hex-Rays