Skip to content
Branch: master
Find file History
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
analyzers Version 1.2.0 - Added Thumbs Up Jun 18, 2019
utils Version 1.2.0 - Added Thumbs Up Jun 18, 2019
README.md Version 1.2.0 - Added Thumbs Up Jun 18, 2019
__init__.py Version 1.2.0 - Added Thumbs Up Jun 18, 2019
analyzer_utils.py Version 1.2.0 - Added Thumbs Up Jun 18, 2019
thumbs_up_ELF.py
thumbs_up_firmware.py Version 1.2.0 - Added Thumbs Up Jun 18, 2019

README.md

 /$$$$$$$$ /$$                               /$$                       /$$   /$$          
|__  $$__/| $$                              | $$                      | $$  | $$          
   | $$   | $$$$$$$  /$$   /$$ /$$$$$$/$$$$ | $$$$$$$   /$$$$$$$      | $$  | $$  /$$$$$$ 
   | $$   | $$__  $$| $$  | $$| $$_  $$_  $$| $$__  $$ /$$_____/      | $$  | $$ /$$__  $$
   | $$   | $$  \ $$| $$  | $$| $$ \ $$ \ $$| $$  \ $$|  $$$$$$       | $$  | $$| $$  \ $$
   | $$   | $$  | $$| $$  | $$| $$ | $$ | $$| $$  | $$ \____  $$      | $$  | $$| $$  | $$
   | $$   | $$  | $$|  $$$$$$/| $$ | $$ | $$| $$$$$$$/ /$$$$$$$/      |  $$$$$$/| $$$$$$$/
   |__/   |__/  |__/ \______/ |__/ |__/ |__/|_______/ |_______/        \______/ | $$____/ 
                                                                                | $$      
                                                                                | $$      
                                                                                |__/      

Purpose

"Thumbs Up" is an additional mini IDA-plugin that was designed to drastically improve IDA's function analysis. The plugin uses basic Machine-Learning and heuristics in order to learn how IDA identified the different features (functions, fptrs, switch-tables, ARM/Thumbs transitions, etc.). After the learning phase, the plugin analyses the binary again, and uses the knowledge it acquired to improve the initial analysis results.

The matching results that Karta produces after using Thumbs Up are almost identical (~96%) to the results we received after we did a manual function analysis (which took us several man days). As Karta's matching results are highly dependent on the quality of the function analysis, it is highly recommended to use Thumbs Up as a pre-process phase before invoking Karta.

Additional Reading

https://research.checkpoint.com/thumbs-up-using-machine-learning-to-improve-idas-analysis

You can’t perform that action at this time.