Skip to content
/ Gepetto Public
forked from JusticeRage/Gepetto

IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering

License

GPL-3.0 license
0 stars 262 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

super6wenzi/Gepetto

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
gepetto-locales
gepetto-locales
 
 
readme
readme
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
gepetto.py
gepetto.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Gepetto

Gepetto is a Python script which uses OpenAI's gpt-3.5-turbo model to provide meaning to functions decompiled by IDA Pro. At the moment, it can ask gpt-3.5-turbo to explain what a function does, and to automatically rename its variables. Here is a simple example of what results it can provide in mere seconds:

Setup

Simply drop this script (as well as the gepetto-locales folder) into your IDA plugins folder ($IDAUSR/plugins). By default, on Windows, this should be %AppData%\Hex-Rays\IDA Pro\plugins (you may need to create the folder).

You will need to add the required packages to IDA's Python installation for the script to work. Find which interpreter IDA is using by checking the following registry key: Computer\HKEY_CURRENT_USER\Software\Hex-Rays\IDA (default on Windows: %LOCALAPPDATA%\Programs\Python\Python39). Finally, with the corresponding interpreter, simply run:

[/path/to/python] -m pip install -r requirements.txt

⚠️ You will also need to edit the script and add your own API key, which can be found on this page. Please note that gpt-3.5-turbo queries are not free (although not very expensive) and you will need to set up a payment method.

⚠️ Warning ⚠️ Gepetto is now using OpenAI's latest gpt-3.5-turbo model. If you upgraded recently, make sure you're using a recent version of the openai Python package. The requirements.txt file has been upgraded accordingly.

Usage

Once the plugin is installed properly, you should be able to invoke it from the context menu of IDA's pseudocode window, as shown in the screenshot below:

You can also use the following hotkeys:

  • Ask gpt-3.5-turbo to explain the function: Ctrl + Alt + H
  • Request better names for the function's variables: Ctrl + Alt + R

Initial testing shows that asking for better names works better if you ask for an explanation of the function first – I assume because gpt-3.5-turbo then uses its own comment to make more accurate suggestions. There is an element of randomness to the AI's replies. If for some reason the initial response you get doesn't suit you, you can always run the command again.

Limitations

  • The plugin requires access to the HexRays decompiler to function.
  • gpt-3.5-turbo is a general-purpose language model and may very well get things wrong! Always be critical of results returned!

Translations

You can change Gepetto's language by editing the script's locale in the first lines. For instance, to use the plugin in French, you would simply add:

language = "fr_FR"

The chosen locale must match the folder names in the `gepetto-locales folder. If the desired language isn't available, you can contribute to the project by adding it yourself! The translation portal to get involved is on Transifex.

Acknowledgements

  • OpenAI, for making this incredible chatbot, obviously
  • Hex Rays, the makers of IDA for their lightning fast support
  • Kaspersky, for funding all my research

About

IDA plugin which queries OpenAI's gpt-3.5-turbo language model to speed up reverse-engineering

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Python 100.0%