YaCo: Collaborative Reverse-Engineering for IDA
YaCo – Collaborative Reverse-Engineering for IDA
YaCo is a Hex-Rays IDA plugin enabling collaborative reverse-engineering on IDA databases for multiple users. Incremental database changes are stored & synchronized through Git distributed version control system. Both offline & online work is supported.
Motivation
IDA does not allow multiple users to work on the same binary. During large malware analysis, we had to use a team of reversers and manual synchronization is a tedious and error-prone process.
YaCo goals are:
- Support all IDA events
- Be fast, users must not wait for synchronisation events
- Prevent conflicts between users
- Be user-friendly & easy to install
YaDiff
YaDiff is a standalone command-line tool allowing symbol, comment, enum & struct propagation between distinct IDA databases.
Motivation
There are two major use cases for YaDiff
- Merging previously-analyzed binary symbols into an updated binary
- Merging debug symbols from an external library into another stripped binary
How it works
YaCo uses a Git server to synchronize changes between users.
In the local repository, YaCo stores the original IDB and incremental changes as xml files & commits.
Note that the database is not modified anymore unless you force a synchronisation. When saving the database, we fetch remote changes, rebase local changes on top of those, import this new state into IDA and push this state to the remote Git server.
Any Git server should work, for example, github, gitlab or gitea instances. Note that some Git hosts have a file size limit, which can be an issue for large IDB files. See #13.
Currently, YaCo only supports SSH authentication. To keep the plugin user-friendly, there is no mechanism asking for passwords & passphrases on every Git operation. Instead, it is recommended to use an ssh-agent, like pageant under windows or ssh-agent under Linux.
Copyright (C) 2017 bamiaux
