A quick overview of what makes IDA cool for those unfamiliar with it:<p>* It has one of the best decompilers available<p>* It supports a ridiculous number of platforms<p>* I trust its disassembler (especially for mainstream languages) more than almost any other disassembler<p>* Demangling of Swift names is a nice quality of life improvement, Swift moves fast and is hard to keep up with<p>* Still the best disassembler and machine code reversing tool out there<p>If you can't afford IDA, it is very expensive, there are a lot of great alternatives:<p>* Hopper (mac only). Its disassembler, is not so great, it gets confused and fails to find code in Swift apps pretty often. It is still generally good and with some encouragement you can get it to do a competent job.<p>* radare2. Works on a lot of more esoteric processors. Great for when working on small firmwares from less common processors. Not so great at big files. Slow. Very powerful regardless. Open source.<p>* ImmunityDbg still works for Win<p>* Other tools, just search.<p>The more time you spend looking at disassembled machine code the more valuable IDA gets. But you really have to do a lot of RCE. Most people first getting into RCE really think they need IDA when they haven't even cracked the docs for their target environment yet or lack fundamental knowledge about how CPUs work, which holds them back far more than a second class disassembler ever has.
I feel like they kind of lose money on IDA by not marketing some sort of hobby version. I offered the guy $100 to purchase a legit version of IDA for personal educational use and he declined (go figure). I am just a university student.
A couple of years back I learned how to use IDA in a binary and malware analysis class. If you happen to study in The Netherlands, the VU University Amsterdam is where that class is at!<p>I'm fuzzy on my memory, but man! This was so much cooler and better than disassembling stuff on the commandline! The cool thing about IDA that I found out are:<p>- its scripting language (we used Python)<p>- its ability to show loops and branches by drawing arrows to other pieces of assembly (it's a special view you can use)<p>- really good search and code labeling features: if you change on register name somewhere, then that's propagated to where that register is used in the rest of the relevant code<p>- the ability to patch programs: you can overwrite processor instructions, mostly I used instruction 90 which is the nop instruction (meaning: no operation).<p>These features are not unique to IDA, but from a beginner perspective: I thought they were awesome! We used some kind of demo version for IDA.
Has anyone with IDA Pro had luck with mcsema (or anything similar)?<p>The idea of taking arbitrary x86/amd64 binaries and converting them to LLVM IR is a concept that fascinates me and I've always been curious what the optimization paths would be -- if you took a go binary output, converted it to LLVM IR, and then compiled with an optimizing LLVM pass how does the result compare, for instance.