Yet Another Ghidra Integration for IDA
Yagi intends to include the wonderful Ghidra decompiler into both IDA pro and IDA Free.
๐ฆ You can download installers for Windows and Linux versions here, then press F3 and enjoy! ๐ฆ
Here is the list of architectures that Yagi can decompile at the moment:
| Arch Names | Yagi |
|---|---|
| x86 | โ๏ธ |
| x86_64 | โ๏ธ |
| arm | โ๏ธ |
| aarch64(armv8) | โ๏ธ |
| powerpc | โ๏ธ |
| mips | โ๏ธ |
| sparc | โ๏ธ |
| avr8 | โ๏ธ |
| 6502 | โ๏ธ |
| z80 | โ๏ธ |
| eBPF | ๐โ๏ธ๐ |
| cp1600 | โ |
| cr16 | โ |
| dalvik | โ |
| jvm | โ |
| tricore | โ |
| riscv | โ |
| System Z | โ |
| xCore | โ |
| 68000 | โ |
It's easy to add one if it's supported by Ghidra. Just open an issue, and we will do our best!
It allows you to edit the following items:
- Global Symbol like function prototype, global variable, etc.
- Local stack variables name and type
- Local registry variables name and type
| Key | Interact |
|---|---|
| Decompile | ๐ฑ๏ธ Place cursor on function โจ๏ธ F3 |
| Edit Type | โจ๏ธ Y |
| Clear Type | โจ๏ธ C |
| Edit Name | โจ๏ธ N |
| Cross References | โจ๏ธ X |
| Navigate | ๐ฑ๏ธ Double Click on keyword |
๐พ Changes are save into IDA database ๐พ
As Yagi is built using git submodules to handle Ghidra dependencies, you will first need to do a recursive clone:
git clone https://github.com/airbus-cert/Yagi --recursive
As Ghidra uses bison and flex to parse the sleigh grammar, we need first to install build dependencies from here
You also need the IDA SDK associated with your version of IDA.
Yagi's build system is based on cmake; you can find an MSI package here.
You need at least a Visual Studio compiler with C++ toolchain.
To generate a Wix installer, you need to install WiX before.
Then, let the cmake magic happen:
git clone https://github.com/airbus-cert/Yagi --recursive
mkdir build_yagi
cd build_yagi
cmake ..\Yagi -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER] -DCPACK_PACKAGE_INSTALL_DIRECTORY="IDA Pro 7.6"
cmake --build . --target package --config release
A new yagi-1.0.0-win64.msi will be generated. It will contain all the necessary dependencies to install the plugin.
To create a dev environment you need to generate the Visual Studio solution:
git clone https://github.com/airbus-cert/Yagi --recursive
mkdir build_yagi
cd build_yagi
cmake ..\Yagi -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER] -DBUILD_TESTS=ON
PATH_TO_IDA_SDK_ROOT_FOLDER represents the root path of the decompressed archive provided by Hex-Rays.
To launch unit tests, just use ctest installed with cmake:
cd tests
ctest -VV
As Ghidra uses bison and flex to parse the sleigh grammar and Yagi is built using Cmake and C++, you will need the following:
apt install cmake c++ git flex bison yacc
To generate an installer script:
git clone https://github.com/airbus-cert/Yagi --recursive
mkdir build_yagi
cd build_yagi
cmake ../Yagi -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER]
cmake --build . --target package --config release
This will produce a yagi-1.0.0-Linux.sh script. Then you just have to launch it:
./yagi-1.0.0-Linux.sh --prefix=[PATH_TO_IDA_INSTALL_FOLDER]
y
n
Enjoy!
To generate a dev environment you need to generate the Makefile:
git clone https://github.com/airbus-cert/Yagi --recursive
mkdir build_yagi
cd build_yagi
cmake ../Yagi -DIDA_SDK_SOURCE_DIR=[PATH_TO_IDA_SDK_ROOT_FOLDER] -DBUILD_TESTS=ON -DCMAKE_BUILD_TYPE=Debug
make
To launch unit tests, just use ctest installed with cmake:
cd tests
ctest -VV
- Handle enum types
- Add rules to handle end function computation on AARCH64
- Change constant type (key H, R)
Thanks Ghidra development team to open sources this master piece of software.
Thanks Hex-Ray teams to built a very extensible software.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent