An open API service indexing awesome lists of open source software.

https://github.com/0xdea/haruspex

Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.
https://github.com/0xdea/haruspex

ida-plugin ida-pro idalib reverse-engineering vulnerability-research

Last synced: about 1 month ago
JSON representation

Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.

Awesome Lists containing this project

README

        

# haruspex

[![](https://img.shields.io/github/stars/0xdea/haruspex.svg?style=flat&color=yellow)](https://github.com/0xdea/haruspex)
[![](https://img.shields.io/crates/v/haruspex?style=flat&color=green)](https://crates.io/crates/haruspex)
[![](https://img.shields.io/crates/d/haruspex?style=flat&color=red)](https://crates.io/crates/haruspex)
[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)
[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)
[![build](https://github.com/0xdea/haruspex/actions/workflows/build.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/build.yml)
[![doc](https://github.com/0xdea/haruspex/actions/workflows/doc.yml/badge.svg)](https://github.com/0xdea/haruspex/actions/workflows/doc.yml)

> "Hacking is the discipline of questioning all your assumptions all of the time."
>
> -- Dave Aitel

Haruspex is a blazing fast IDA Pro headless plugin that extracts pseudo-code generated by IDA Pro's
decompiler in a format that should be suitable to be imported into an IDE or parsed by static
analysis tools such as [Semgrep](https://semgrep.dev/), [weggli](https://github.com/weggli-rs/weggli),
or [oneiromancer](https://crates.io/crates/oneiromancer).

![](https://raw.githubusercontent.com/0xdea/haruspex/master/.img/screen01.png)

## Features

* Blazing fast, headless user experience courtesy of IDA Pro 9 and Binarly's idalib Rust bindings.
* Support for binary targets for any architecture implemented by IDA Pro's Hex-Rays decompiler.
* Pseudo-code of each function is stored in a separated file in the output directory for easy inspection.
* External crates can invoke `decompile_to_file` to decompile a function and save its pseudo-code to disk.

## Blog post

*

## See also

*
*
*
*
*
*
*

## Installing

The easiest way to get the latest release is via [crates.io](https://crates.io/crates/haruspex):

1. Download, install, and configure IDA Pro (see ).
2. Download and extract the IDA SDK (see ).
3. Install LLVM/Clang (see ).
4. On Linux/macOS, install as follows:
```sh
export IDASDKDIR=/path/to/idasdk
export IDADIR=/path/to/ida # if not set, the build script will check common locations
cargo install haruspex
```
On Windows, instead, use the following commands:
```powershell
$env:LIBCLANG_PATH="\path\to\clang+llvm\bin"
$env:PATH="\path\to\ida;$env:PATH"
$env:IDASDKDIR="\path\to\idasdk"
$env:IDADIR="\path\to\ida" # if not set, the build script will check common locations
cargo install haruspex
```

## Compiling

Alternatively, you can build from [source](https://github.com/0xdea/haruspex):

1. Download, install, and configure IDA Pro (see ).
2. Download and extract the IDA SDK (see ).
3. Install LLVM/Clang (see ).
4. On Linux/macOS, compile as follows:
```sh
git clone --depth 1 https://github.com/0xdea/haruspex
cd haruspex
export IDASDKDIR=/path/to/idasdk # or edit .cargo/config.toml
export IDADIR=/path/to/ida # if not set, the build script will check common locations
cargo build --release
```
On Windows, instead, use the following commands:
```powershell
git clone --depth 1 https://github.com/0xdea/haruspex
cd haruspex
$env:LIBCLANG_PATH="\path\to\clang+llvm\bin"
$env:PATH="\path\to\ida;$env:PATH"
$env:IDASDKDIR="\path\to\idasdk"
$env:IDADIR="\path\to\ida" # if not set, the build script will check common locations
cargo build --release
```

## Usage

1. Make sure IDA Pro is properly configured with a valid license.
2. Run as follows:
```sh
haruspex
```
3. Find the extracted pseudo-code of each decompiled function in the `binary_file.dec` directory:
```sh
vim .dec
code .dec
```

## Compatibility

* IDA Pro 9.0.240925 - Latest compatible: v0.1.3.
* IDA Pro 9.0.241217 - Latest compatible: v0.4.2.
* IDA Pro 9.1.250226 - Latest compatible: current version.

*Note: check [idalib](https://github.com/binarly-io/idalib) documentation for additional information.*

## Changelog

* [CHANGELOG.md](CHANGELOG.md)

## TODO

* Integrate with Semgrep scanning (see ).
* Integrate with weggli scanning (see ).
* Improve decompiler output in the style of [HexRaysPyTools](https://github.com/igogo-x86/HexRaysPyTools)
and [abyss](https://github.com/patois/abyss).
* Implement parallel analysis (see ).