“Karta” (Russian for “Map”) is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin makes use of a singular approach that allows it to help large binaries (>200,000 capabilities), with virtually no influence on the general efficiency.
The matching algorithm is location-driven. Which means it’s primary focus is to find the totally different compiled information, and match every of the file’s capabilities primarily based on their authentic order throughout the file. This fashion, the matching is dependent upon K (variety of capabilities within the open supply) as a substitute of N (measurement of the binary), gaining a big efficiency increase as often N >> K.
We imagine that there are 3 primary use circumstances for this IDA plugin:
- Figuring out an inventory of used open sources (and their variations) when looking for a helpful 1-Day
- Matching the symbols of supported open sources to assist reverse engineer a malware
- Matching the symbols of supported open sources to assist reverse engineer a binary / firmware when looking for 0-Days in proprietary code
Learn The Docs
Set up (Python 3 & IDA >= 7.4)
For the newest variations, utilizing Python 3, merely git clone the repository and run the
setup.py set up script. Python 3 is supported since variations v2.0.0 and above.
Set up (Python 2 & IDA < 7.4)
As of the discharge of IDA 7.4, Karta is barely actively developed for IDA 7.4 or newer, and Python 3. Python 2 and older IDA variations are nonetheless supported utilizing the discharge model v1.2.0, which is likely going to be the final supported model as a consequence of python 2.X finish of life.
Karta’s identifier is a smaller plugin that identifies the existence, and fingerprints the variations, of the present (supported) open supply libraries throughout the binary. No extra have to reverse engineer the identical open-source library again-and-again, merely run the identifier plugin and get an in depth record of the used open sources. Karta presently helps greater than 10 open supply libraries, together with:
- And so on.
After figuring out the used open sources, one can compile a .JSON configuration file for a particular library (libpng model 1.2.29 as an example). As soon as compiled, Karta will mechanically try to match the capabilities (symbols) of the open supply within the loaded binary. As well as, in case your open supply used exterior capabilities (memcpy, fread, or zlib_inflate), Karta can even try to match these exterior capabilities as nicely.
- src: supply listing for the plugin
- configs: pre-supplied *.JSON configuration information (hoping the group will contribute extra)
- compilations: compilation ideas for producing the configuration information, and classes from previous open sources
- docs: sphinx documentation listing