justicerage / gepetto Goto Github PK

IDA plugin which queries uses language models to speed up reverse-engineering

License: GNU General Public License v3.0

Python 99.36% Shell 0.64%

ida-pro reverse-engineering openai python gpt-35-turbo gpt-4-turbo

gepetto's Introduction

Gepetto

Gepetto is a Python script which uses various large language models to provide meaning to functions decompiled by IDA Pro. At the moment, it can ask them to explain what a function does, and to automatically rename its variables. Here is a simple example of what results it can provide in mere seconds:

Setup

Simply drop this script (gepetto.py, as well as the gepetto/ folder) into your IDA plugins folder ($IDAUSR/plugins). By default, on Windows, this should be %AppData%\Hex-Rays\IDA Pro\plugins (you may need to create it).

You will need to add the required packages to IDA's Python installation for the script to work. Find which interpreter IDA is using by checking the following registry key: Computer\HKEY_CURRENT_USER\Software\Hex-Rays\IDA (default on Windows: %LOCALAPPDATA%\Programs\Python\Python39). Finally, with the corresponding interpreter, simply run:

[/path/to/python] -m pip install -r requirements.txt

⚠️ You will also need to edit the configuration file (found as gepetto/config.ini) and add your own API keys. For OpenAI, it can be found on this page. Please note that API queries are usually not free (although not very expensive) and you will need to set up a payment method with the corresponding provider.

Supported models

OpenAI
- gpt-3.5-turbo-1106
- gpt-4-turbo
- gpt-4o (recommended for beginners)
Groq
- llama3-70b-8192
Together
- mistralai/Mixtral-8x22B-Instruct-v0.1 (does not support renaming variables)

Adding support for additional models shouldn't be too difficult, provided whatever provider you're considering exposes an API similar to OpenAI's. Look into the gepetto/models folder for inspiration, or open an issue if you can't figure it out. Also make sure you edit ida/ui.py to add the relevant menu entries for your addition.

Usage

Once the plugin is installed properly, you should be able to invoke it from the context menu of IDA's pseudocode window, as shown in the screenshot below:

Switch between models supported by Gepetto from the Edit > Gepetto menu:

You can also use the following hotkeys:

Ask the model to explain the function: Ctrl + Alt + H
Request better names for the function's variables: Ctrl + Alt + R

Initial testing shows that asking for better names works better if you ask for an explanation of the function first – I assume because the model then uses its own comment to make more accurate suggestions. There is an element of randomness to the AI's replies. If for some reason the initial response you get doesn't suit you, you can always run the command again.

Limitations

The plugin requires access to the HexRays decompiler to function.
All supported LLMs are general-purpose and may very well get things wrong! Always be critical of results returned!

Translations

You can change Gepetto's language by editing the locale in the configuration. For instance, to use the plugin in French, you would simply add:

[Gepetto]
LANGUAGE = "fr_FR"

The chosen locale must match the folder names in gepetto/locales. If the desired language isn't available, you can contribute to the project by adding it yourself! Create a new folder for the desired locale (ex: gepetto/locales/de_DE/LC_MESSAGES/), and open a new pull request with the updated .po file, which you can create by copying and editing gepetto/locales/gepetto.pot (replace all the lines starting with msgstr with the localized version).

Acknowledgements

OpenAI, for making these incredible models, obviously
Hex Rays, the makers of IDA for their lightning fast support
Kaspersky, for initially funding this project
HarfangLab, the current backer making this work possible
@vanhauser-thc for contributing ideas of additional models and providers to support via his fork
Everyone who contributed translations: @seifreed, @kot-igor, @ruzgarkanar, @orangetw

gepetto's People

Contributors

Stargazers

Watchers

Forkers

seahop gmh5225 patois ikpehlivan tacbliw labguy94 crackercat returnhere askyeye wolf-lc1 murraydu afwu alexsandershaw dadapa5 haoranw96 birds1338 airahc theheqiang sionthanatos llkbkh heckerstone fengjixuchui jerry-bond otoooooooone zmbcen testitok ryanfu georgejzzz y11en mrkaikai wbbxc cccccxk klinklinklin applohah seeeyouu killvxk hyabcd joe1sn pinetang splitx12 jjanguu twistedroll zach0809 meowwbox soez tolgaexploder dormzz wolfking2 gysf666 freezing111 psbazx yang-zhiyuan ctfer-stao nashid wbaby wtfcsl aroik3 xikong-mubai hmoytx another1024 burpheart wxh0000mm zjwhy binlmmhc hartl3y94 1sland99 randoruf stark1937 mrsean666 blackpjotr soliux nasa03 jyl1ang hipepper pandajoy lyrl toxicac thordekk highgerms jaedukseo yuwan-f xyxdaily cupcupray mohamed-adil-cyber cyberflamego honeypothoneypot ytrick 0xaion asura88 scriptidiot ccscaesar amerald stuxnet147 zhajingwen kernullist data-gami ximvewdew liuwangdao ciph0n albertxiao

gepetto's Issues

Nothing happen

why it just output "Request to gpt-3.5-turbo sent..." in the console, and nothing happen. I even dont know why and what happen. Can u give me some advice ?

Error json parse

How to fix? I rename variables

Can variables be renamed by quantity?

I don't now if this a new issu or not

Hi, I think I set up everything correctly but this error :/

Request to gpt-3.5-turbo-1106 sent...
gpt-3.5-turbo-1106 could not complete the request: Connection error.
Request to gpt-3.5-turbo-1106 sent...
gpt-3.5-turbo-1106 could not complete the request: Error code: 429 - {'error': {'message': 'You exceeded your current quota, please check your plan and billing details. For more information on this error, read the docs: https://platform.openai.com/docs/guides/error-codes/api-errors.', 'type': 'insufficient_quota', 'param': None, 'code': 'insufficient_quota'}}

Ollama for Local Models

Wanted to know if it's any hastle to add compatiblity to Ollama so the model can be run locally.

Haven't tried, just wondering if anyone has.

Recursive function analysis

Hi JusticeRage,

I was trying your tool, and first I found it super easy to use. Then, I got a little idea to improve a bit the analyze. When the current function calls others tiny functions without other calls inside, I think it will be great to first request analyze for the tiny one and rename it. Especially since it doesn't seem to be too wrong when it suggests a name for small functions. Then with some functions name filled, GPT-3 do a better job.

If you think the idea is good, I can make a pull request this week.

use gpt-4

Can I upgrade from GPT-3.5 to GPT-4, and how should I modify the script? Thank you very much.

Support for Claude API

https://docs.anthropic.com/en/api/getting-started

Web Agent

In some places, the network cannot access Google directly, you need to use a web proxy to access it properly.
Can this excellent plugin support system proxies or designated proxies for web requests?

Undo doesn't work

Undo does not work after variable rename.

InvalidRequestError

hey,guys,how to fix this error？my openai version = 1.24.0

`Request to davinci-003 sent...
Exception in thread Thread-1:
Traceback (most recent call last):
File "D:/sail/Program/windows Reverse/Disassemblers/ida/IDA_Pro_7.7/plugins/gepetto.py", line 211, in query_model
response = openai.Completion.create(
File "D:\sail\Program\windows Reverse\Disassemblers\ida\IDA_Pro_7.7\python38\lib\site-packages\openai\lib_old_api.py", line 39, in call
raise APIRemovedInV1(symbol=self._symbol)
openai.lib._old_api.APIRemovedInV1:

You tried to access openai.Completion, but this is no longer supported in openai>=1.0.0 - see the README at https://github.com/openai/openai-python for the API.

You can run openai migrate to automatically upgrade your codebase to use the 1.0.0 interface.

Alternatively, you can pin your installation to the old version, e.g. pip install openai==0.28

A detailed migration guide is available here: openai/openai-python#742

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "threading.py", line 932, in _bootstrap_inner
File "threading.py", line 870, in run
File "D:/sail/Program/windows Reverse/Disassemblers/ida/IDA_Pro_7.7/plugins/gepetto.py", line 222, in query_model
except openai.InvalidRequestError as e:
AttributeError: module 'openai' has no attribute 'InvalidRequestError'`

Completing the function information manually

Can you add this?

For example, replace the question by referring to openai

Replace the "davinci-003" model with the "text-davinci-002-render" model.

You can use the "text-davinci-002-render" model to replace the "davinci-003" model.
It is the model that ChatGPT is using. It is currently available for free in BETA testing.
It also has a wider token limit.

You exceeded your current quota

For some odd reasons I get this error:

Request to gpt-3.5-turbo-1106 sent...
gpt-3.5-turbo-1106 could not complete the request: Error code: 429 - {'error': {'message': 'You exceeded your current quota, please check your plan and billing details. For more information on this error, read the docs: https://platform.openai.com/docs/guides/error-codes/api-errors.', 'type': 'insufficient_quota', 'param': None, 'code': 'insufficient_quota'}}

I've tried to add credits to my account (by adding a credit card) but openai's billing system replied with "You are sending requests too quickly" (lol) so I couldn't even enter my credit card number, no idea what this is about, I don't have anything else behind this IP@, they must be slammed or something like that, I've noticed that there's a possibility (in config.ini: BASE_URL) to use your own model, could you please provide some examples of that with links to the model?

Simple enhancement of support for other languages

Simple enhancement of support for other languages：
According to the language set for gepetto (config. ini), it is required that AI interpret functions in this language instead of simply using English. Adding options allows for additional requirements to be made for AI conversations

error in term

def term(self):
should be
idaapi.detach_action_from_menu(self.explain_menu_path, self.explain_action_name)

Please make a detailed method on the setup of the DLL plugin

turkish locale

tr_TR.zip
turkish locale for gepetto

The JSON document returned is invalid. Asking the model to fix it...

Seems to happen on larger functions, and it never seems to resolve the issue.

Maybe it should stop querying after some time ?

Why using temperature as 0.6?

Wouldn't using 0 temperature be better because it would create reproducible results and get better accuracy?

idapython annotation related issues

May I ask how to explain part of the internal code of the function instead of explaining the whole, and let the comment display the specified position instead of the function head?

Groq renaming variables Error code: 400 using

the explain function works fine , however the renaming variables function throw error:

Request to llama3-70b-8192 sent...
General exception encountered while running the query: Error code: 400 - {'error': {'message': "Failed to generate JSON. Please adjust your prompt. See 'failed_generation' for more details.", 'type': 'invalid_request_error', 'code': 'json_validate_failed', 'failed_generation': '{"v1": "packetTypeClassificationResult"},\n  {"v2": "packetByte"},\n  {"v3": "subFunctionReturn"},\n  {"v4": "dword_A58260_Modified"},\n  {"v5": "word_A55020_Index"},\n  {"v6": "word_A55022_Counter"},\n  {"v7": "packetDataPointer"},\n  {"v8": "word_A55022_Counter_Copy"},\n  {"v9": "word_A55000_Pointer"},\n  {"v10": "word_A55000_Pointer_Copy"},\n  {"v11": "word_A55000_Array_Element"},\n  {"v12": "dword_A58260_Modified_Copy"},\n  {"v13": "dword_A58260_Modified_2"},\n  {"v14": "dword_A55CE8_Modified"},\n  {"v15": "dword_A58260_Modified_3"},\n  {"v16": "dword_A58260_Modified_4"},\n  {"v17": "dword_A58260_Modified_5"},\n  {"v18": "dword_A58260_Modified_6"},\n  {"v19": "packetByteCount"},\n  {"v20": "dword_A55C94_Offset"},\n  {"v21": "packetDataIndex"},\n  {"v22": "dword_A55CA8_Pointer"},\n  {"v23": "dword_A55C94_Element"},\n  {"v24": "dword_A58260_Modified_7"},\n  {"v25": "dword_A58260_Modified_8"}'}}

Content length too long

Hi,
I'm trying this on a function that is a bit large, and unfortunately it returns the error
davinci-003 could not complete the request: This model's maximum context length is 4097 tokens, however you requested 7196 tokens (5946 in your prompt; 1250 for the completion). Please reduce your prompt; or completion length..

Is there a way to get around this and still be able to use this plugin on large functions?

I can't connect to open.ai

I am getting the error mentioned in the code below, what do you think I can do?

---------------------------------------------------------------------------------------
Python 3.8.7 (tags/v3.8.7:6503f05, Dec 21 2020, 17:59:51) [MSC v.1928 64 bit (AMD64)] 
IDAPython v7.4.0 final (serial 0) (c) The IDAPython Team <[email protected]>
---------------------------------------------------------------------------------------
Request to gpt-3.5-turbo sent...
WARNING:urllib3.connectionpool:Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A874AB20>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')': /v1/chat/completions
WARNING:urllib3.connectionpool:Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A8733190>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')': /v1/chat/completions
gpt-3.5-turbo could not complete the request: Error communicating with OpenAI: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by ProxyError('Unable to connect to proxy', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A8733310>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')))
Request to gpt-3.5-turbo sent...
WARNING:urllib3.connectionpool:Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A8733E50>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')': /v1/chat/completions
WARNING:urllib3.connectionpool:Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A8737100>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')': /v1/chat/completions
gpt-3.5-turbo could not complete the request: Error communicating with OpenAI: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by ProxyError('Unable to connect to proxy', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x000002D7A8737220>: Failed to establish a new connection: [WinError 10061] Hedef makine etkin olarak reddettiğinden bağlantı kurulamadı')))

some titles are in Turkish sorry for this

Update to current openai module version

Many thanks for sharing Gepetto with the community, and many thanks for adopting GPT-4-turbo so quickly!

I am super excited with AI these days, up to the point I ended up updating openai module to realize Gepetto relies on openai<1.0 when current version is 1.2.4.

And it turns out ChatCompletion got decommissioned during release 1.0, and this change also breaks your method to load the API key at startup 😬

Would you please be so kind to consider updating the OpenAI code?

the rename button does not work

SSL Error

I have IDA 7.7.220218 Windows x64 with HexRays Decompiler.

It is using python38. In the registry it referenced python.dll.
C:\Program Files\Python38\python38.dll

I installed the contents of the requirements using the executable in the same directory
"C:\Program Files\Python38\python.exe" -m pip install -r requirements.txt

Everything installed. I moved the gepetto folder into the plugins director along with the gepetto.py. I get the gepetto as an option when I right click in IDA. When I choose rename variablesor explain functions, I get the following error:

Python 3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)] 
IDAPython 64-bit v7.4.0 final (serial 0) (c) The IDAPython Team <[email protected]>
---------------------------------------------------------------------------------------------
Request to gpt-3.5-turbo sent...
General exception encountered while running the query: Can't connect to HTTPS URL because the SSL module is not available.

I did try to install the ssl module

"C:\Program Files\Python38\python.exe" -m pip install ssl

and got this error

Collecting ssl
  Using cached ssl-1.16.tar.gz (33 kB)
  Installing build dependencies ... done
  Getting requirements to build wheel ... error
  error: subprocess-exited-with-error

  × Getting requirements to build wheel did not run successfully.
  │ exit code: 1
  ╰─> [19 lines of output]
      Traceback (most recent call last):
        File "C:\Program Files\Python38\lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py", line 353, in <module>
          main()
        File "C:\Program Files\Python38\lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py", line 335, in main
          json_out['return_val'] = hook(**hook_input['kwargs'])
        File "C:\Program Files\Python38\lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py", line 118, in get_requires_for_build_wheel
          return hook(config_settings)
        File "C:\Users\michael\AppData\Local\Temp\pip-build-env-xaob5kxc\overlay\Lib\site-packages\setuptools\build_meta.py", line 341, in get_requires_for_build_wheel
          return self._get_build_requires(config_settings, requirements=['wheel'])
        File "C:\Users\michael\AppData\Local\Temp\pip-build-env-xaob5kxc\overlay\Lib\site-packages\setuptools\build_meta.py", line 323, in _get_build_requires
          self.run_setup()
        File "C:\Users\michael\AppData\Local\Temp\pip-build-env-xaob5kxc\overlay\Lib\site-packages\setuptools\build_meta.py", line 487, in run_setup
          super(_BuildMetaLegacyBackend,
        File "C:\Users\michael\AppData\Local\Temp\pip-build-env-xaob5kxc\overlay\Lib\site-packages\setuptools\build_meta.py", line 338, in run_setup
          exec(code, locals())
        File "<string>", line 33
          print 'looking for', f
                ^
      SyntaxError: Missing parentheses in call to 'print'. Did you mean print('looking for', f)?
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with pip.