idapromcp_333

# IDA Pro MCP Intelligent Reverse Analysis Platform (Enhanced Version) > 🚀 Fully Automated · Intelligent · One-Stop Reverse Analysis Toolchain > > **This project is an enhanced secondary development based on [mrexodia/ida-pro-mcp](https://github.com/mrexodia/ida-pro-mcp), retaining the original core functionality while DIY extending some features.** --- ## 🌟 Project Introduction IDA Pro MCP is an intelligent reverse analysis platform that integrates LLM (Large Language Model) with IDA Pro, supporting multiple clients (Cursor, Cline, Roo Code, Windsurf, LM Studio, etc.). It features one-click automation for advanced functions such as function/variable renaming, type fixing, commenting, struct declaration, obfuscation detection, anti-debugging detection, algorithm recognition, script generation and execution, automatic main flowchart generation, and structured analysis report export. > **This enhanced version focuses on upgrading automation capabilities such as obfuscation detection, basic algorithm recognition, and structured reporting, significantly improving the intelligence and automation level of reverse analysis.** It is suitable for various scenarios including CTF, binary security analysis, malware analysis, automated auditing, and team collaboration. --- ## ✨ Main Features - **One-click Automatic Analysis**: With just one prompt, automatically complete tedious tasks such as function/variable renaming, type fixing, commenting, and struct declaration. - **Multi-client Support**: Compatible with mainstream LLM clients such as Cline, Roo Code, Cursor, Windsurf, and LM Studio. - **Batch Processing and Automation**: Supports batch renaming, batch commenting, batch type fixing, and batch patch point localization, greatly improving analysis efficiency. - **Obfuscation and Anti-debugging Detection (Enhanced)**: - Automatically identifies various obfuscation and anti-debugging techniques such as control flow flattening, switch/case, indirect jumps, dead code, string encryption, anti-debug APIs, TLS, PEB, int 0x2d, etc. - Detection results are more detailed, supporting reports on flattening, string_encryption, anti_debug, dead_code, and other multidimensional information. - **Basic Algorithm Automatic Recognition (Enhanced)**: - Supports automatic detection of common encryption/encoding/hash algorithms such as RC4, Base64, TEA, MD5, AES, DES, SHA1, SHA256, CRC32, XOR, BASE32/58/85, ROT13, Zlib, LZMA, Mersenne Twister, etc. - Detection results include algorithm type and confidence level, automatically summarized in the analysis report. - **Structured Analysis Report (Enhanced)**: - One-click export of a multidimensional analysis report in Markdown format (report.md), covering entry points, key functions, anti-debugging points, algorithms, obfuscation, main flowcharts, code complexity, cross-reference hotspots, etc. - The report details each function's algorithm type, confidence level, obfuscation features, etc., facilitating traceability and automated analysis. - **Brute Force and Dynamic Analysis Assistance**: One-click generation and automatic execution of angr/frida scripts, supporting symbolic execution, dynamic hooking, and automatic string collection from debug registers/memory. - **Visual Main Flowchart**: Automatically generates mermaid/graphviz flowcharts to intuitively display the main logic. - **Incremental Change Tracking**: Automatically records all changes such as renaming, commenting, and type fixing, making it easy to trace back and perform incremental analysis. - **All-Chinese Comments and Documentation**: Code, interfaces, and reports are all in Chinese, making it easy to get started and for secondary development. ## 🆚 Main Differences from the Original [mrexodia/ida-pro-mcp](https://github.com/mrexodia/ida-pro-mcp) - **Significantly Enhanced Obfuscation Detection Capability**: Not only detects control flow flattening but also supports multi-dimensional obfuscation features such as switch/case, indirect jumps, dead code, string encryption, anti-debugging, etc. - **Richer Basic Algorithm Recognition**: Supports automatic recognition of over a dozen common encryption/encoding/hash algorithms, with more intuitive results and quantifiable confidence levels. - **More Comprehensive Structured Report Content**: The algorithm type, obfuscation features, confidence levels, etc., for each function are automatically summarized in the report, facilitating team collaboration and automated tracing. - **Improved Interface Annotations and Documentation**: All interfaces have detailed Chinese annotations, making it easier for secondary development and automatic generation of API documentation. - **Compatible with All Core Features of the Original Version, with Continuous Expansion of New Features.** --- ## 🛠️ Installation and Environment Requirements ### 1. Environment Dependencies - **Python 3.11 and above** - **IDA Pro 7.x and above** (must support Python 3.11 plugins) - **Dependencies**: `mcp>=1.6.0` (declared in pyproject.toml) ### 2. Installation Steps (Remember to use the Python that comes with IDA.) #### (1) Clone this project ```bash git clone https://github.com/namename333/idapromcp_333.git cd ida-pro-mcp-main ``` #### (2) Install Dependencies ```bash pip install -r requirements.txt # or use pyproject.toml/uv ``` #### (3) One-click Installation of MCP Server and IDA Plugin ```bash python -m ida_pro_mcp.server --install ``` - Supports Windows/Mac/Linux, automatically detects and configures various mainstream LLM clients (Cursor, Cline, Roo Code, Windsurf, LM Studio, etc.) - The plugin will be automatically copied to the IDA Pro plugin directory without manual operation. #### (4) Start MCP Service - Launch IDA Pro and load the target binary file - In the IDA menu bar, select `Edit -> Plugins -> MCP (Ctrl-Alt-M)` to start the service - Or run from the command line: ```bash python -m ida_pro_mcp.server ``` #### (5) Configure/Select MCP Server in LLM Client - Refer to the automatically generated configuration files (such as `.cursor/mcp.json`, `cline_mcp_settings.json`, etc.) - Manual configuration is also possible, see "Advanced Usage" below ## 🚩 Quick Start 1. **Enter natural language instructions in LLM clients that support MCP (such as Cursor, Cline, Roo Code)** to automatically drive all analysis processes. 2. **Generate report.md with one click** to quickly deliver high-quality analysis reports. 3. **Supports automated operations such as batch renaming, batch commenting, automatic type fixing, and script generation and execution.** ## 🔥 Typical Workflow 1. Launch IDA Pro, load the target binary, and start the MCP plugin. 2. Input analysis commands in the LLM client (such as "analyze main flow", "detect obfuscation", "batch rename functions", etc.). 3. Automatically complete analysis, annotation, renaming, type fixing, script generation, and more. 4. One-click export of structured analysis reports (in Markdown format, including main flow diagrams, key functions, anti-debugging points, etc.). 5. Support for incremental change tracking and automatic backtracking. ## 📋 Prompt Template ### 1. Function Analysis Template ```text Please analyze the function {function_name}, including: 1. Input parameters and return value analysis 2. Main control flow description 3. Identification of key algorithms (such as encryption/decryption, hashing, compression, etc.) 4. Potential vulnerability points or anti-debugging techniques 5. Generate readable pseudocode ``` ### 2. Code Comment Template ```text Generate detailed comments for the following assembly code: {assembly_code} Comment requirements: 1. Explanation of the function of each instruction 2. Description of the purpose of registers 3. Analysis of data structures 4. Explanation of program flow ``` ### 3. Batch Rename Template ```text Batch rename the following functions: {function_list} Naming rules: 1. Name based on functionality (e.g., encrypt_data, parse_header) 2. Use snake_case naming convention 3. Avoid excessive length (keep it under 30 characters) ``` ### 4. Human Language ```text Attempted to add some deobfuscation, along with existing scripts, to determine encryption, generate documentation, etc. Will continue to update if there are opportunities in the future. ``` ## ⚙️ Advanced Usage - **Command Line Arguments**: - `--install` / `--uninstall`: One-click installation/uninstallation of the MCP Server and plugins - `--transport stdio|http://host:port`: Specify the communication protocol - `--unsafe`: Enable unsafe functions (such as debugger operations, use with caution) - `--config`: Generate MCP configuration JSON - **Automatically Generated Configuration Files**: Supports multi-client automatic configuration, see `src/ida_pro_mcp/server.py` for details - **Custom Development/Secondary Development**: The code is fully commented in Chinese, with a clear structure for easy expansion --- ## 🤝 Contribution and Communication - Issues, PRs, and discussions are welcome for new feature suggestions, bug feedback, and sharing automation scripts. - This project is actively maintained, feel free to star & fork! - Let's make reverse analysis more efficient, smarter, and more automated! --- ## 📝 Open Source License and Acknowledgments - This project is a secondary development based on [mrexodia/ida-pro-mcp](https://github.com/mrexodia/ida-pro-mcp) and follows the MIT License. - Special thanks to the original author Duncan Ogilvie and community contributors. - For citations, secondary development, commercial use, etc., please adhere to the terms outlined in the LICENSE file. --- If you need more detailed feature demonstrations, API documentation, usage tutorials, etc., feel free to let us know in the issue/discussion section!