search

mandiant / flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Apache License 2.0
3.25k stars 452 forks source link

How do you install this to IDA? #602

Closed vxcall closed 1 year ago

vxcall commented 1 year ago

Hi! I dont see the guide to install this to IDA as a plugin, so could you help me? Putting idaplugin.py to plugin directory didnt work. There is no info cuz its obvious for others?

HongThatCong commented 1 year ago

Run idaplugin.py as a Py script

mr-tz commented 1 year ago

Correct, thanks @HongThatCong! idaplugin.py is a IDAPython script you can just run within IDA (shortcut ALT + F7).

vxcall commented 1 year ago

Thanks for responding~! I ran it and nothing happened visually. I dont think it added string annotation to disassembly view. I assumed some sort of window or string annotation would appear. Only Caching 'Imports'... ok was displayed in output window btw.

my IDA is 7.7 and what i did is click File -> Script file -> select idaplugin.py which i copied from this repo. pip flare-floss has been done beforehand. Plz tell me any steps i missed here.

mr-tz commented 1 year ago

Hm, that should work and at least you should see more information in the Output window. Can you try again and copy the text from the Output window or a screenshot in here please?

vxcall commented 1 year ago

I loaded up new exe into IDA and test it. absolutely nothing came up. Its 32 bit executable btw. (Thanks mandiant for holding such interesting event flare-on, its too tough for me tho haha)

https://user-images.githubusercontent.com/33578715/203870405-0bbaeb28-60c8-433c-8542-b7574be9138f.mp4

p.

vxcall commented 1 year ago

Wait, it worked somehow Running script directoly does it, hold on ill post the video in sec

vxcall commented 1 year ago

Though its a bit bothering in comparison to run as a file, this way it runs nicely. If you have no idea why 'run file' didnt work, its kinda fine for me. https://user-images.githubusercontent.com/33578715/203876253-e6fb16ce-8f1b-4bcd-a1ae-8a0303867ef9.mp4

mr-tz commented 1 year ago

Ah there we go. When you save the file contents you copy pasted to a local file and run it, what happens?

vxcall commented 1 year ago

The first video i posted was me literally running file. Nothing happens. no output and no window created.

mr-tz commented 1 year ago

Have you tried to add print to see if the file and main execute properly?

vxcall commented 1 year ago

It turned out that the script file button itself is not working, your script is fine. Sorry for takin ur time. Thanks:)

mr-tz commented 1 year ago

😮 oh wow, glad we've figured it out 😄