This year again, we have examined the plugins of 9 contestants, and once again the scope, and focus of the plugins we examined is very broad. Almost all of the plugins were written Python, which seems to be a solid trend. Here is our pick for the winners:  

今年，我们再次检查了9位参赛者的插件，并且再次检查了插件的范围和重点。 几乎所有插件都是用Python编写的，这似乎是一个趋势。 这是我们为获奖者选择的：

一等奖：karta，作者：艾亚尔·伊特金（Eyal Itkin）

二等奖：deReferencing，作者：丹尼尔·加西亚·古铁雷斯（Daniel Garcia Gutierrez）

三等奖：idapkg，作者jinmo123

Congratulations to the winners! Below is the full list of submissions:

恭喜获奖者！ 以下是提交的完整列表：

1.BRUTAL IDA by Tamir Bahar

BRUTAL IDA restores your original workflow by blocking the undo and redo keyboard shortcuts.

BRUTAL IDA通过阻止撤消和重做键盘快捷键来恢复原始工作流程。

2.CFG Inquisitor by Brenda So 

[…] checks the validity entry and exit blocks of control flow graphs (CFGs)

[…]检查控制流程图（CFG）的有效性入口和出口块

CFG Inquisitor essentially restricts what can be considered a valid entry-, or exit-point of a function. This is a fairly small plugin, with what appears to be somewhat specific heuristics. It’s unclear whether it would be reasonable to extend these to all binaries that IDA can analyze. The plugin is still under active development, and doesn’t seem to support x86_64 at this point.  

CFG查询器实质上限制了可以被视为功能的有效入口点或出口点的范围。 这是一个很小的插件，似乎有些特定的启发式方法。 目前尚不清楚将这些扩展到IDA可以分析的所有二进制文件是否合理。 该插件仍在积极开发中，目前似乎不支持x86_64。

3.deREferencing by Daniel Garcia Gutierrez [二等奖]

IDA Pro plugin that implements more user-friendly register and stack views

IDA Pro插件，实现了更加用户友好的寄存器和堆栈视图

code:https://github.com/danigargu/deREferencing 

4.findrpc by Lucas Georges 

Idapython script to carve binary for internal RPC structures

Idapython脚本为内部RPC结构雕刻二进制文件

Our comments: findrpc.py is a single-file script which tries to find Windows RPC server and client descriptions in PE binaries. The target audience is somewhat small but apparently RPC is an underexplored part of Windows so it’s a promising area for finding previously unknown vulnerabilities. The declared feature list is quite impressive:

• View in a glance which RPC clients and servers are embedded in the binary
• Locate dispatch tables for RPC servers
• Quicky rename every RPC proc handlers found
• (On Windows) Generate decompiled IDL from RPC declarations

Unfortunately in our tests it only worked reliably on some binaries and it was difficult to diagnose why exactly it failed on others, so there is definitely room for improvement. For displaying results, the authors opted out for native Qt widgets as opposed to IDA’s standard choosers so, for example, copying the text from the result list did not work as it was not implemented IDL decompilation feature uses a separate Windows binary without source code which is not always convenient. That said, when it did work, the results were nice and useful for finding hidden interfaces in Windows binaries  

IDA作者的评论：findrpc.py是一个单文件脚本，试图在PE二进制文件中查找Windows RPC服务器和客户端描述。目标受众虽然人数不多，但是RPC显然是Windows尚未充分开发的部分，因此对于发现以前未知的漏洞而言，这是一个很有希望的领域。声明的功能列表非常令人印象深刻：一目了然，哪些RPC客户端和服务器嵌入在RPC服务器的binaryLocate分配表中快速重命名找到的每个RPC proc处理程序（在Windows上）从RPC声明生成反编译的IDL不幸的是，在我们的测试中它仅能正常工作可靠地在某些二进制文件上运行，并且很难诊断为什么它在其他二进制文件上完全失败，因此肯定有改进的空间。为了显示结果，作者选择了本机Qt小部件，而不是IDA的标准选择器，因此，例如，从结果列表复制文本不起作用，因为未实现IDL反编译功能使用了单独的Windows二进制文件而没有源代码，并不总是很方便。就是说，当它确实起作用时，结果对于在Windows二进制文件中查找隐藏的界面非常有用。 

5.ifred by jinmo123 

IDA command palette & more

6.idapkg by jinmo123    [三等奖]

Packages for IDA Pro

Our comments: Idapkg tackles the problem of installing IDA plugins and managing their dependencies. Based on an online repository, it will let you search for packages and install or uninstall them. This is still a proof of concept, but is an interesting step towards an easy and standard way of installing IDA plugins.  

IDA作者评论：Idapkg解决了安装IDA插件和管理其依赖项的问题。 基于在线存储库，它将使您搜索软件包并安装或卸载它们。 这仍然是概念上的证明，但这是朝着安装IDA插件的简单而标准的方式迈出的有趣的一步。 

code:https://github.com/Jinmo/idapkg 

7.Karta by Eyal Itkin   [一等奖]

an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance.

一个IDA Python插件，用于识别和匹配给定二进制文件中的开源库。 该插件使用独特的技术，使其能够支持巨大的二进制文件（> 200,000个功能），而对整体性能几乎没有影响。

 Karta really is a composite of a few things: Karta实际上是由几件事组成的：

• the ThumbsUp plugin, which helps recovering functions in ARM binaries, where IDA falls short
• ThumbsUp插件，可帮助恢复ARM二进制文件中的功能弥补IDA不足，
• the identifier that identifies what open source libraries were compiled in, and with what version (e.g., from identifier strings)
• 标识符可标识编译了哪些开源库，以及匹配器的版本（例如，来自标识符字符串）。
• the matcher, which will match functions coming from the previously-identified libraries
• 它可以匹配来自先前确定的库的功能

Thumbs Up in and of itself is a rather significant achievement since it uses machine learning to recover what appears to be functions, that IDA didn’t spot, and it appear to be doing a very good job with ARM binaries. For the rest of its work, Karta will use an approach that differs from FLIRT (and other tools) in quite a few aspects: 

Thumbs Up本身就是一个相当重要的成就，因为它使用机器学习来恢复IDA没发现的似乎是功能的东西，并且似乎正在做一个ARM二进制文件非常出色。在接下来的工作中，Karta将使用在很多方面与FLIRT（和其他工具）不同的方法：

• it will only try to match functions from a library if the identifier identified that the library is be present in the file,
• 仅当标识符标识该文件中存在该库时，它才会尝试匹配库中的函数。
• it will use many heuristics to determine the “likeliness” of function presence, based on where they are in the file
• 它将根据它们在文件中的位置使用许多启发式方法来确定函数存在的“可能性”。

Running the plugin can take a significant amount of time (it’s written in Python), but the results can be very satisfying. For the record, Karta has quite a few dependencies, so be sure those are installed, and reachable through sys.path: 

运行插件可能会花费大量时间（用Python编写），但结果可能会非常令人满意。作为记录，Karta有很多依赖项，因此请确保已安装并可以通过sys.path访问：

• awesomelib
• Cute
• decorator
• elementals
• hexdump.py
• networkx (use version 2.2: newer versions require Python3.)
• Sark
• sklearn

code:https://github.com/CheckPointSW/Karta 

8.SMS-IDA by Edward Larson 

The plugin allows IDA API commands to be run from your phone, anywhere! (Provided you have cell service).

该插件允许IDA API命令在任何地方从您的手机运行！ （前提是您有电池服务）。

We have hard time imagining someone controlling his IDA with SMS messages but if there are any desperate souls that need such a functionality, this plugin is right for you. A bit of set up that includes installing some python packages, registering on an online web site that handles SMS messages, and punching a hole in your firewall, and you are ready to go. Just be informed any person who happens to know where to send SMS messages to will be able to participate, for example, like this:  

我们很难想象有人通过SMS消息控制其IDA，但是如果有任何迫切需要此功能的人，那么此插件非常适合您。 进行一些设置，包括安装一些python软件包，在处理SMS消息的在线网站上注册以及在防火墙上打一个洞，您就可以开始使用。 只需通知任何碰巧知道向何处发送SMS消息的人就可以参加，例如：

9.Virtuailtor by Gal Zaban 

an IDAPython tool for C++ vtables reconstruction on runtime.

一个IDAPython工具，用于在运行时重建C ++ vtable。

The script does not require any installation, so to use it, just press Alt-F7 and select the Main.pyfile. It will add tons of breakpoints to your database and then once you run the target application using a debugger backend of your choice, it will create C++ virtual tables. Naturally, the application will execute slower than usual because of the breakpoints. Besides of creating virtual tables the script also adds cross references to the called functions. It supports x86, x64, and Aarch64. We like the idea, it has a great potential. Hopefully the author will continue to improve the script.  

该脚本不需要任何安装，因此要使用它，只需按Alt-F7并选择Main.py文件。 它将在数据库中添加大量断点，然后使用您选择的调试器后端运行目标应用程序后，它将创建C ++虚拟表。 自然，由于断点，应用程序的执行速度将比平时慢。 除了创建虚拟表之外，该脚本还为调用的函数添加了交叉引用。 它支持x86，x64和Aarch64。 我们喜欢这个主意，它有很大的潜力。 希望作者会继续改进脚本。

Final notes As always, many thanks to all the participants for their useful and interesting submissions. We are looking forward to the next contest! The usual disclaimer Please be aware that all files come from third parties. While we did our best to verify them, we cannot guarantee that they work as advertised, so use them at your own risk. For the plugin support questions, please contact the authors. Date: September 23rd, 2019

结束语：一如既往，非常感谢所有参与者的有用和有趣的意见。 我们期待下一场比赛！ 通常的免责声明请注意，所有文件均来自第三方。 虽然我们会尽力验证它们，但我们不能保证它们能像广告中所宣传的那样使用，因此，后果自负。 有关插件支持的问题，请联系作者。 日期：2019年9月23日