This year the plugin contest gathered five contestants. But as you know, there can only be one, well, two winners!
Based on the plugin's functionality, robustness, usefulness, ease of use and documentation, we declare the following winners:
Congratulations to both! We are pleased with the improved plugin quality and complexity.
Below is the list of all submissions in no particular order. All contest entries are interesting and useful:
A quote from the documentation:
Rails is a plugin that simplifies the task of working with multiple instances of IDA Pro. It allows you to view comments from other open instances of IDA, jump to other open instances, and jump directly to the function definition in the instance that owns it.Our comments: Rails is a neatly written little plugin for OS X that lets the user link multiple local instances of IDA. It will most certainly help you reduce the amount of
Cmd+Tabbing, and save your time from searching for functions! It will be very useful when working with projects consisting of several interoperating modules.
Dean has recorded a nice video, explaining how the plugin works.
A quote from the documentation:
IDAscope is an IDA Pro extension, intended to ease reverse engineering with a focus on malware analysisOur comments: The short quote coming from the documentation gives a pretty good higher-level idea what IDAscope is about, but in case you want a slightly more detailed introduction, here are its most important features:
Here's the short description, from the documentation:
Krypton is an IDA Plugin that assists one in executing a function from IDB (IDA database) using IDA's powerful Appcall featureOur comments: Krypton can be very useful if you're often dealing with malware that encrypts its strings or other commonly used data. The source code was clean and the documentation very helpful.
krypton takes xrefs from a given function (say a possible decoder) to find all function calls to it and then parses and finds the parameters used (including prototype, no of arguments, and the arguments themselves) from instructions and uses them to execute the function using Appcall, this is most useful in analyzing a malware binary with encryption
The IDA Toolbag plugin provides many handy features, such as:
Our comments: Not only is the list of features the IDA Toolbag offers very impressive, it also brings collaboration to the rank of a first-class citizen in IDA workflows. It is the clear winner among this year's submissions.
The IDA_Signsrch Win32 plugin is a handy port of Luigi Auriemma's signature matching tool signsrch. It can scan the whole database and comment known byte sequences, e.g. standard encryption constants or compression dictionaries.
Our comments: Improved for speed, coming with a rich set of predefined signatures, and featuring a clever and efficient pattern-matching algorithm, IDA_Signsrch is a valuable addition to any reverse engineer.
We would like to thank everyone who participated in the contest. As is usually the case, we received quite interesting plugins this year. We are looking forward to receiving more submissions in the next contest.
A note to the downloaders: please be aware that all files come from third parties. While we did our best to verify them, we cannot guarantee that they work as advertised, so use them at your own risk.
For the plugin support questions, please contact the authors.Date: 21 September 2012