 So why collaborate? Okay started out because I couldn't spell and I thought that's pretty cool There's this ER in collaborate and if I turn that around that's RE and RE is fun And then Tim reminded me that it's collab or eight OR and so now we're stuck with it and That's the that's the historical reasons for the bad name But the goal is it's basically a very much inspired by Pedro Mamini's I just think tool if anybody's ever heard of it and or tried to use it and Found it on the fact that reverse engineering binaries can be a very complex time-consuming task and Working in large groups It's nice to get a lot of eyes on the same binary and share the information that people are deriving As they work their way through the binary in the past prior to Ida sync That was basically you could either share databases in a serial fashion. I do some work I give it to you you do some work things quickly diverge and We can get together with our laptops next to one another and bring comments over or devise interesting ways to export portions of the database using various scripting techniques But Pedram took a great step forward when he he came up with the notion of well, let's build a server Let's see if we can't hack some asynchronous networking code into Ida via its plug-in architecture and Let's let's push some of the commands and the updates that people are making in the database out to that server Where they can be cached and shared among? several reverse engineers working on the same binary another problem that we Were interested in the overcoming was the fact that we deal with people using various different versions of Ida So it becomes much more difficult to share databases in that case I have many starving students Working for me who are very much tied to an appreciative of the freeware version of Ida And that is not always capable of opening all databases Newer versions of Ida have a database format that's not backwards compatible So anything I create that I can't just push out to share with my students And as we went along the way we Considered ways that we'd like to improve on Ida sync And basically it's a ground-up Implementation of Ida sync like ideas that doesn't borrow an Ida sync code too much So the overall goals of the project are to provide a way to capture state changes that people make to their databases and It's not to bring everybody on to one machine working on one database. So the state changes are captured in in one version of our server In a sequel database stored according to project that you happen to be working on which is very much tied to the input file via md5 some matching and These updates are tagged Based on user login credentials, so we can track updates to users And then anybody else who joins the project Can automatically receive all the updates that have been made more or less bringing their database very much a separate database Into a state that nearly mirrors hopefully fully mirrors the state of The original database or all of the databases that are sharing on the project We wanted to be able to allow people to you know migrate in and out of the project that will And not be tied to sort of one mass reversing session. Let's descend on a table. Let's all jack in Let's fire up the server share share share ready ready break, and then everybody goes and has their databases diverge wildly in format so Again, the idea is you can you can walk away come back and get everything you missed you can walk or you can you can join in 10 days 10 weeks 10 months later and pick up all the changes that have made since the creation of the initial project We also figured There are many times in reversing where you're you're working your way down a path in a binary Maybe you need to manipulate the binary in some way transform it somehow and you Kind of that makes you pause and wonder well, I could really screw this up So I may like a way to either back out of my changes to have some sort of safe point and the idea here was that we wanted to Leverage the capabilities of the collaborate server to Take a step towards safe pointing checkpointing Projects so the idea with a simple checkpoint is just a bookmark into the current database That we're maintaining of changes and you can come back discard All your previous changes connect to a project and accept databases up to your last save point So it's it was not a rollback It's kind of a replay to current state right now We don't have a way to capture sufficient amount of information to do true undue capability But we hope that at some point as the Ida API evolves in the SDK that so we can capture more state information And be able to do kind of incremental undues Leveraging the information that's been stored on the server Along with the checkpoint notion was well How about forking a project so you decide you'd like to go down two different paths perhaps and We wanted the capability to just have a group go off on and work on one path Creating an entirely separate project while some to some may choose to stay in an original project So there's a forking capability which actually creates an entirely separate project that are parallel to a point But then are allowed to diverge down different paths So you could come in and rejoin it up to any of the fork points follow any of the four points and so on So the basic idea to get this implemented First of all if you're not familiar with Ida sync the way they chose to implement that was to add a variety of hotkeys Via Ida's plug-in architecture and the hotkeys would be additional ways to Perform some Ida actions for example a new hotkey sequence was added to add a Ida sync specific style of comment And if you chose to insert an Ida sync style comment, then the plug-in would push that comment out to the server but it was very much a notion of I have extra hotkeys to learn now and I have to remember to use those hotkeys in order to share my changes So if I insert a normal comment, then everybody doesn't see it. I have to remember people are complaining. I don't see it So yeah, okay. I just think comment alternate hotkey sequence in a way. It goes So you're limited in the number of actions that you could share based on the number of implemented hotkey sequences and associated actions and You are it the installation was somewhat more complex because it required you to come in and tailor your Ida plug-ins Configuration file to actually map all the new hotkey sequences into the Ida sync plug-in There are some other we actually looked on with you know a great desire of using their networking code and as we started Using some of their networking code. We realized that the number of changes that we were pushing Far outstripped the capability of that bit of networking code So we basically wrote the networking the asynchronous networking piece from scratch And I think we've come up with a pretty robust solution that is easily stripped out of Ida sync or I think collaborate And I did not rip it out of Ida sync entirely easily stripped out of collaborate and Taken into any other project that you may wish to do asynchronous communications with the users I'm familiar with Ida may know that may not know that I does pretty much single threaded You don't start separate threads of execution in Ida because Ida performs no Locking mechanisms around its internal database accesses And because it's single threaded in addition to a locking problem. You don't want to perform any blocking operations In your plugins. Otherwise, Ida just kind sits in waits for stuff to happen until your plug-in is completed and returned Control back to Ida So the asynchronous communications are pretty much essential if you just don't want to stare at a frozen screen So our implementation instead leverages the capabilities of Ida's a Software development kit and the API architecture which allows you to register your interest in various Ida events that are generated or fired off in response to user actions, so these events are triggered automatically in Association with user actions such as adding comments or renaming functions or undefining bytes or reformatting portions of the database and This would seem like a much more natural way to capture what was going on as a database was manipulated by the user So we decided we were registered for virtually everything Take the information that was forwarded to us with each notification and push sufficient amount of that information over to a server where Users tied to the same project could receive them via the server's kind of mirroring publishing architecture Which so that's how the server behaves In fact, it just mirrors all received packets out to any connected users while caching packets or datagrams as we call them For anybody who may connect to the project in the future Asynchronous comms. I guess I kind of get out of order and it's the nature of my talks. I apologize And so this pretty much summarizes stuff that I've already said the limitations that we're dealing with are primarily forced on us by the manner in which Ida being a Primarily gooey application on the windows architecture Runs his windows product message processing loop So we've basically got to get tied into that loop And the way to do that in this case is through the use of Windows asynchronous sockets Which advertised various network events in the form of windows messages received through the message queue So some of the things that we dealt with as we developed this and worked our way through the Ida API Were and especially as we thought about the undue capability or there there are no Pre-notifications Ida certainly knows it's about to rename an address But it doesn't tell you that it's about to rename an address You are notified only that the address has been renamed So if we had pre-notification events we could Capture the the current name of an address And capture the new name of an address and then we would actually be capturing sufficient information to start Providing a rollback capability Since we're we're notified after the fact of all changes. It's very difficult to Know exactly what we were rollback to we've thought about some techniques for leveraging a second kind of dummy copy of Ida on the on a given project and that copy of Ida would generate no updates because there's no user associated with it, but receiving all updates would choose to capture its current state Prior to applying an update and we could use that copy of Ida to Generate a sufficient amount of information to provide for some sort of rollback capability So again in addition to that limitation we ran across the occasional bug here and there and the occasional mission feature here and there Received I can't thank him enough Tremendous support from Ilfak For those who've ever dealt with the Ida support. It's pretty instantaneous turnaround on Most reasonable requests so he actually made changes to the API and fix some bugs in near instantaneous time Which allowed us to make you know continued forward projects on the progress on the project So the user interface to this thing is we tried to keep it pretty slim We didn't want to keep popping dialogue boxes all the time because that's clearly pretty annoying So we created we just went ahead and built our own dialogue boxes outside of Ida even though Ida provides some limited capability of building basically format string based GUI components we didn't have the quite the flexibility we wanted so we use custom windows dialogue boxes If you've ever considered doing that in Ida plugins or never and not done it Then perhaps this code will serve as an example to help you customize your plugins in that direction The biggest reason that drove us to that was Ida's text fields don't offer password hiding So for that reason alone, we wanted to use native windows controls and be able to obscure passwords as they were being entered Okay This just kind of sums up a lot of the stuff that we just came to our minds as we were developing the plug-in As we started caching these things on a database Every updates tied to both a project and a user and then it occurred to us that maybe we want to be able to manage these databases somehow which is Interesting ways as we can now turn this into a sequel kind of manipulation problem with all the changes that are sitting there stored on the server Project forking was one of the early things that came up checkpoints said hey That's pretty cool We can just add a table and point at the last update to give it a pseudo name and have a very lightweight project if you will We are very interested in in fact, it's it's just about off the off the table Looking at migrating projects from one server to another so as a quick sequel dump export from one Server import to another server So we've tried to build in the mechanisms to allow you to do that and de-conflict your projects from one server to another And leave them with some sort of global identification capability across various servers In that way again instead of shipping your databases and worrying about what versions of Ida folks may have or may not have You can say well fire up collaborate do a project dump capture all the changes that you've already done and just Join the project okay bring your version of 5.0 up to date with the stuff that we generated on 5.3 Or what have you One we keep kicking back and forth, and we're just not sure where to go with this is The ability to work offline sort of okay. I'm tied to a project and I'm going to be traveling what not and away from the Network connection for a while Well, am I limited can I make any changes or do I really need to wait till I'm tied back to that server? So this was a tough one Because we're not trying to be CVS. Okay, we're not trying to to generate all kind of you know Conflict resolutions on merges and things like that. It's very much of a Last update wins kind of thing So if we're patching bites on top of one another whoever makes the last update kind of wins And for the time being we're of the mind that if you're away from the project and not seeing updates that that some folks are making Then you may not be influenced by their changes. They may not be influenced by your changes So you don't get to make changes Actually, you can make changes Being joined to a project doesn't prevent you from just disconnecting from the project and just going down your own path You just probably don't want to rejoin the project as you've you've made a lot of changes that won't be shared If you think you you want to rejoin at some point You can always set a save point before you walk away And then you'll be able to roll right back up to where everybody happens to be But they won't get your changes at the present time And then we thought about well, okay I'm a teacher I work with lots of students and I'd love to do this So I can kind of drive their Ida displays As I'm working my way through a database and say we go down here and reformat code here We'll throw in some comments here and while I'm doing all this, please don't bork my database Okay, so I really don't necessarily want them publishing changes out to me So I want to make them perhaps read only Subscribers in this environment or prohibit them from making some of the more dangerous types of updates So we started looking at what can we categorize the types of permissions? types of updates that are being made and Split them out into various publish and subscribe permissions. So we tried to offer a granular Sort of subscription capability you can subscribe to comments only or you can subscribe and publish comments and name changes There's a variety of categories That's we're not going to run down through them, but you'll see various slides that point to that Talked a little bit about why undo is difficult. So I'm going to kind of blow through this slide Basically, we're just not getting enough information Pushed out of the database. It's generating the the change event to be ordered in order to be able to roll back to its previous state and More on why working offline is difficult again What we don't want to be doing is pop in conflict a resolution dialog box is all over the place And and making you work it out because it just it hinders your progress through the database To be dealing with pop-up dialogues all the time Okay, how are we doing so basically the plug-in again lots of Repeat here, but the plug-in just registers itself for all interesting notifications We prefer to trigger the plug-in after it is initial auto analysis phase because it is making massive changes to its database Generating a massive number of updates during that auto analysis phase We had played around with disabling auto analysis having everybody fire up with nothing analyzed and then having a master Database perhaps the latest and greatest version of IDA with super plugins for analysis do all of the analysis and That got kind of hairy So we just decided that well Whatever version of IDA you're in the initial auto analysis that you get from that version of IDA is kind of close enough So we highly recommend you join after that's done We tried to minimize the amount of state being saved in the plug-in Things we do save are kind of your just your last server that you might have been connected to We save a global project ID so that we can streamline reconnection once you've joined a project And so on and then the plug-ins job only job is to capture your events and package them up and ship them off to a server And then process incoming events that it may receive from other users So the operation we do introduce one new hotkey that triggers the plug-in and that's pretty much the extent of our intrusion into your IDA experience So you can take the the binary plug-in drop it into your IDA plug-ins directory At the current time I recommend not renaming it from what it names its name by default that actually breaks the plug-in for Reasons that we could probably fix but haven't And then it's just capturing all actions you you you trigger the plug-in it asks you to join a project And then it's kind of hands-off. So there's no OPS. I forgot to push an update. It's just done for you You get various notifications if you drop your network connection You drop your connection to the server you do get a pop-up that warns you hey We've lost your connection to the server consider reconnecting before you generate any more changes Otherwise beware that you're diverging from the rest of the project So we try to be useful to all users of IDA Versions are available and the plug-in compiles easily for versions of IDA from 4.9 up to 5.3 The slides came out before 5.3 did And it also compiles or if you have an SDK for freeware But we provide a binary for the freeware version as well Build scripts are made available for g++ and Visual Studio You have to build a plug-in for your specific version of IDA. We do some Very version specific things as the versions become more capable So there are some header files in there that have actually checked through and determined exactly which version of IDA you happen to be Using and we we try to use the right features for your particular version Again as the SDKs evolved more notification messages are being generated by IDA So newer versions of IDA and their corresponding versions of the plug-in are capable of generating more types of events Capturing more of the changes that you make to the database Older versions of IDA like 4.9 5.0 Actually are not nearly as capable in regards to publishing but every version of the plug-in can receive and process every type of update So while as a 4.9 user your changes may not be pushed To everybody as often as you like But you will receive every type of update that I'd say a 5.3 user makes even though you cannot make those same updates yourself This is a breakdown. It probably looks better on the slide deck of capabilities by version And you can see it's kind of split up into publishing subscribe sides and The publish capabilities improve as you improve IDA versions, but the subscribe capabilities are consistent across all versions of IDA And so This is Tim slide Just another quick reminder for everybody that came in later has been moving around If you want to participate in the demo the information is over here on the left hand screen It's not going the same time So there's like a connection information for the local wireless the auth information and the server to connect you and To be able to see both simultaneously during the demo you might want to migrate towards the middle Which is why the middle is more dense All right So this slide talks a little bit about the Collaborate protocol on the network which shows to do a binary protocol instead of like an ASCII or an XML based protocol per se Because a lot of the messages that are generated have binary content We don't want to have to waste a lot of time Unpackaging and converting to XML and sending across network and then repackaging and how you store it And you have to do that for every plug-in and the server has to generate so whatever. Well, just leave it as binary We just had a datagram size that comes ahead tells you how much more data is coming and then we have two different types of Messages that can go one is basically destined only for the Collaborate specific software, so it's how the plug-in communicates directly with the server. So we've added those messages unique for the collaborate Software the other ones are due to the updates the notifications that Chris was talking about that I degenerate So we'll have different types of notifications that are generated when you Rename a function or add a comment or make a structure update a structure or whatever all of those things go into the other type of comment and those are Broadcast from the plug-in to the server the server mirrors them to all currently connected Clients and then if we're in a database mode for the server, it's also going to archive it in the sequel database So the server maintains all the state How do you guys know the advantages of that just by the conference that you're attending? So we want to leave all of these decisions to be up to the user So the plug-in has the auth components so that you can authenticate to the server and you connect to the server But all of the important decisions are made on the server Which potentially your you're supposed to trust more So the server can be invoked in two different modes the database mode Which is the one that we'll demo here today, and it's by far the most feature-rich version There's also a basic mode if you wanted to collaborate with some people say in an environment like this And you didn't bring a sequel database with you and you didn't want to connect out on the internet You could pull up the server quickly Using your JVM and you could all connect to the project at the same time and it will do the mirroring But it won't do any of the archiving right So a little bit more on that The server requires Java. We tested it on JDK 1.6 There's the two modes simple reflector though for the database mode we're going to need the Java connection software so that Java can talk to the database and That's going to allow for the persistent storage It's available in all different kinds of ways the plugins of course are available right now you can grab them off of the various websites or the the local Website that we have running here the server will be available starting tomorrow We didn't release it for certain reasons until just now and that'll be available in source and It'll also be available in a jar if you didn't want to have to deal with the source And it's also available as a Whatever it's called a VMware virtual appliance on the VMware site So you can literally just start start it up and connect to it So basic mode requires no database It still allows multiple projects so you can have all kinds of different teams working on various RE projects that require more than one set of eyes and They just won't be stored right no persistent storage Also kind of as a side effect that you have no authentication for these kind of things Where are the authentication come from that not storing it in the database? You have to do a flat file it gets more confusing get to diverge at the develop a lot more So really it's a very simple thing You're just quickly throw up and allow you to collaborate for a certain amount of time and then I'll lose your changes The basic mode doesn't save any information in the IDB It doesn't have to because it assumes that you're not going to have any persistent storage So you're not going to be reconnecting to a project later So all participants have to start at the same time and as you stop you're kind of you probably shouldn't come back to the project Because your updates will not be in sync with anybody else. That's doing it. So the database mode we had a Request during development to add my sequel support. So in addition to postgres it supports my sequel Postgres it's going to require a to or higher. It's probably not a big deal because a two and a three have been out for a little while That's just due to the nature of some of the ways that we have formed the sequel statements So if somebody is more interested in that we are then going and making some more functions It'll probably work with older versions is fine So this requires Authentication basic RFCs for our chap and Mac. That's good enough We assume you're probably going to be running these on some sort of internal more safe network anyway So as Chris pointed out all participants start by running the auto analysis in their plug-in or in their specific version of IDA And then launching the plug-in and connecting As Chris pointed out again the auto analysis might be a little different It might vary based on a particular version of IDA. However in practice. We've noticed that they get really close and Just fine for the type of stuff that we're doing anyway So all updates that are posted to the project from any user that's been collaborating that project or archived in the database When a new user connects they get if they join that same project they get all the updates at the point So it's really easy to bring somebody else's IDB all the way back up to speed with that. Everybody else has been working on Regardless of their version of IDA To facilitate kind of joining and disjoining or leaving a project We store a little bit of information in the IDA database. So this is not the SQL database This is the IDA file the database that stores your binary content That information facilitates quickly reconnecting back to the database remembering which project you join to so that you Automatically join the same project if we allowed you to join a different project They would most definitely be out of sync so to speak and the updates wouldn't go across correctly No offline work Right the plug-ins available now servers available tomorrow Okay, so now I'm gonna go through a quick overview of some of the some of the windows look like if you're on a XP or 2000 kind of a machine and then we're gonna get into the demo So now you guys need to make sure you have your plugins installed and you can ping the server and actually it doesn't ping does it but You can trigger the plug-in you can connect today So get that stuff ready again for the late comers There's a little bit of incentive for being the first one that makes an edit to the database that's visible on the screen to the rest of the attendees So after you open the database and auto analysis finish You want to activate the plug-in with the hotkey alt f6? You want to enter the connection information for the server either be a host or IP and then the port which defaults to 5042 Then you're gonna authenticate the Ida creates an MD5 hash of the binary that you've loaded and that's used as a unique indicator of For the project to make sure that when other people join They're going to get a list of projects that can only that are only compatible with whatever binary they've loaded in Ida Right, so that's just kind of a quick safety check that if I've loaded a binary and somebody else wants to collaborate with me If they load a different binary, they're not gonna like hammer me with the updates that don't make sense for my database So then the uners are managed by the server. You're not enter your username enter your authentication This is the box that Chris spoke of where we wanted to mask the password couldn't do that with the STK capability for Ida as far as we know so used regular windows graphics So there's two cases when you join one case is that you were already joined to a project previously and that information was stored in Your IDV in which case you're automatically reconnected to the same project and you automatically get any updates that anybody else has made To the database while you were offline If you have never had a project for this particular Ida database then you can choose to Start a new project or you can choose to join other projects if other ones have been made and the MD5 is used as the uniqueness for that All right, so here's a little example So the we have now connected and it shows that there's one project that as somebody else has previously Created we know that it's not one that we probably made because if we did we would have automatically joined to it Or this could be us using a second instance of Ida to have two computers going for whatever reason So we can use the options button to look at permissions These are the granularity of permissions that were present In what five to right the slides are a little bit dated Five threes now out which you can see that we can choose publish and subscribe permissions as we join the project So another interesting thing we can do Chris was talking about the scenario where we don't want novice users Bucking up a database But we want to drive it and we want to drive it in a manner that they can scroll up and down in their own Database and look at different areas and they can even make changes We just don't want those changes to reflect the things that we're doing up while we're instructing or whatever So there's actually three sets of permissions. We can set a permission on a particular user account It's a novice user We don't want to let them do anything so when they log in the limited on those permissions When you connect the plug-in and get this type of a graphic then you can choose what kind of permissions You'd like for that particular session and then you also set permissions on a per-project basis So all of those things are combined together to figure out whatever your effective permissions are going to be for that particular session I'll add one thing that The permissions list that you see here is actually driven on the server side The server publishes this list of permissions and then this dialog box is populated So if there's stuff you just don't ever want to do you can trim it at the server without having to have everybody rebuild their plug-ins And then you just get the tailored list of permissions published by the server Okay, then in our quest to remove hotkeys So one of the particularly annoying things about the earlier projects that attempt to do this kind of thing like Ida sync Or that you have to remember Consciously remember that there's different hotkeys to do different things So there's a thing that looks a lot like an Ida comment But it's really an Ida sync comment And you have to use a different hotkey to get that window and you have to remember to do that every time you make a comment That you want to share so if users forget then they're not sharing things anymore So all of the commands that we do just subscribe to the notifications that Ida creates You basically work as normal and all the updates are sent so we overload the activation key So we really only have one hotkey for the whole plug-in So if you hit f6 again once it's loaded you get on collaborate specific things So these are the kind of things where you're generating those messages where the plug-in is communicating directly And there's not really an Ida event notification driving those packets going across So you can see that once you're in there you can do their various things like fork a project I'm about to do something crazy I want to fork off my own and not impose my crazy changes on other people that were working on the project You can set a checkpoint which is a way to replay up to date It's kind of like a poor man's undo because we can't do undo yet And then you can manage various things and disconnect Okay Try the demo out All right, so it is demo time and this is Defcon So we realize we're taking our presentation in our own hands here and gambling so What we'll do is I'll fire up and create a project and Start making some changes Tim will then try to come along and Join the project and you can watch his database update over here Once I've created a project that project will be visible to anybody who's going to attempt to join the demo On the the conference wireless. So is there anybody who is actually going to attempt to do that? That's great. So the pool of potential book winners is pretty narrow odds are good If you're already connected you've got to disconnect and reconnect to our project And if you're created a project of your own you're actually slaved to that project So you can't like jump projects You're going to have to actually shut down your IDA database create a brand-new database You have to run the open the binary from scratch right and have it reanalyze Once your tag is being part of a project. There's no jumping projects unless you choose to fork one All right, so first things over here on the left side We have the server menu and it's just a command line little CLI thing It was just easy to throw together There's no reason this couldn't be like a web applet or I can even have a dedicated plug-in or something if you wanted to I suppose But the the actions that are required on the server very minimal another thing that we really wanted to improve upon previous collaboration Projects for IDA are that the project creation is all done from the IDA side from the client side So to speak so the only thing that we really have to do over on this side in order to start collaborating from the database is Create users so that they can authenticate to the database. So we have an ad user. We have list users We can we can show you these are not very flashy. It's all text-based I can scroll up. It doesn't even work very good at this resolution But you can see we have users where permissions and there's kind of a pseudo graphical You can see that for each column they have published and subscribe and so forth So we can list projects we can add the users the ones with the stars will actually Send specific messages out to all connected users so you can get stats on the current status of the projects So we can see who's connected from what IP's ports and then You know how many updates they send of different categories and things like that So okay, so I've got IDA up over here. I tried to jack the font up So it can be seen but not so much that we see the only three lines Basically the ground rules for trying to get the book are Once I create a project you have the information you need to join. It'll be called something like Def Con demo Is it already there Well, I haven't made Def Con demo yet, so clearly somebody made a malicious project and it's Owned the software already Okay, that's an IDA problem. That's right Okay now to obtain the book you're gonna have to base so now we have a basic wall of graffiti Over here and as you push your changes, you know, your stuff is gonna show up here And your goal is to get something that uniquely identifies you your name will do Up onto the screen. So, you know, I'm gonna judge that but I'm gonna look at my Screen here Tim's gonna look at his screen over there And you're gonna have to get something to appear It's visible here So if I'm if I'm Scrolled away from this page and you get something in an area of the database You can try to convince me to scroll back to where you tagged it or you can try to catch up to where I happen to be on the screen Okay, so it's got it. You know, we got to see it. I've got to see it I won't see it unless I'm actually a page to it Okay, no no goat seat, please And that'd be pretty good if you could if you could get that eye to comment in there somebody somebody somewhere has that I'm sure Hey, Chris, we have like five minutes left to demo. Okay. All right. So here we go Alt F6 brings it up I've been playing around so it actually cashed my server information Chris with my very secure password Okay, yeah, if you're trying to connect and you don't immediately get a login dialogue Basically, you didn't find a server Okay so there are probably lots of projects in there already and I'm going to create a new one Whose name is now to be revealed so Give me a name The demo one is Is the new project so I'm joined I'm scrolling away. Hopefully my database will live a while so that Tim and I can Scroll around okay All right, so I'll throw a comment in here can you get there Okay, that doesn't count as you getting your name on the screen because I put it there for you I give the address away. Everybody know where I am There you go Eight or four nine seven zero zero Okay, and then the idea is that we try to capture as much state as possible What's that? As Tim scrolls in you see he's already got the comment and that's that's a simple one But we can handle a lot of different types of name changes Okay, so Tim gets the function name change We can you know go crazy go nuts with undefined and whatnot We can reformat you see Tim is reformatting some operands here So it picks up was that that's much more useful that represent yeah We can we so it captures reformatting changes that we can get into the structures window and as I start to create structures Tim's already got the structure layout over there, and I can come in over here build structures And his window follows a change so it really doesn't matter what part of the database you're working in your Changes get pushed over so there's a great billboard for somebody to try to tag Something on the screen What other types of changes? so a really a kind of a nice one is that Moving away from the sort of hotkey metaphor Well, I don't have that many books for all the eyes out there So we still don't have a winner IDC and plug-ins okay when you when you generate actions in Ida using Ida's scripting language IDC or using the SDK Those those things fire event notifications as well So if one user on a project runs a script that modifies the database all the actions that that script performed get pushed out to Everybody else on the project so you can run a script run a plug-in that that modifies the database somehow and Those scripts and plugins take effect across All the rest of user I get a bunch of people frantically trying to learn how to change the name of the structure field Yeah, it's fun. See we could like chat. Okay So maybe only you and I are joined What's that Front I was here front row. I see the comment Look at what Was it I don't know is that somebody's name? Was that Rot-13 social Go back to the beginning of what? The database I should go back where I was before maybe I will Okay, there are bugs so what I don't know Clearly so structures was actually listed as one of the things that are busted on notifications It's actually in your slides. You can scroll back and see that event notifications for structures are kind of broken Okay, so this is a manifestation of that Do you want to show a script or somebody's changing plug-in names? I mean you are the the structure field names Okay, they're just choosing not to use like their name Oh, yeah, so scripts so another thing that You can do since you're not doing specific high keys You can get like by patches or whatever else an IDC script or a plug-in could do so you could actually like You know buy an expensive plug-in or whatever for one machine and then you could use that to drive several instances Okay, so Tim's gonna go to the same address that I'm at and you'll see I'm gonna bring open I does a scripting dialog box Okay, go back and grab some IDC script and run the script over The database, you know that Tim knows scripting window over there two different screens, so I run it He gets all the transformations and I can reform at it Make it a string and we find you know private keys embedded in binaries, and that's kind of cool That's that's a kenshoto binary from last year that some of you may recognize But again, so scripting actions push all your actions push This is by no mean, you know, this is early beta software. So yeah, they're bugs We're happy to hear about them. We will try to respond to them expeditiously We're happy to hear about potential users desired uses and all that kind of stuff So I'm gonna, you know make myself an open target to try to give the book away Okay, and see if Are people pushing changes at all? Yeah, you're just getting busted unicode comments or Whatever that was It's just it's really it's not showing up You see mine, but I don't see yours that's I have an atlas filter on it user permission Is anybody from the audience what did you Who was pushing on I was here for that's okay Front row left Yeah, that works. Okay. Okay. I thought it was your left What's that? I don't know is he on Who's on you're on okay? I think front row left is a winner Okay, so nice job We're gonna wrap up the loose ends on the slides real quick Okay, so again this just talks about scripted scripts and plugins boom drive it with your scripts or your plugins So you don't have to share that out. Here's my script running on your database now. They look the same Okay, pretty easy as I mentioned I like it in a learning environment because you can ask everybody to join in like a read-only mode and You can sit there kind of driving their displays to some extent from a podium or something like that Give a demonstration and they can you know stay with you And then here's some things that we are on the drawing board for future work We're hoping that the API expands to let us catch some of that pre-change notification The better permission interface is actually kind of here we're looking for the project migration Which is actually more or less here. It's just not incorporated yet and again You know if you're one of the people who studies these types of things offline change merging and Algorithms for doing that. We'll entertain it, but not sure how we're going to implement it And I think that's pretty much it. There's our contact information again We're happy to hear from you and we're taking questions from now until we're booted Thanks It's mentioned in the book Its uses are described in the book, but it's you know like Ida's SDK. It's documented in the source code The usage that your question was for usage right and the usage is actually Documented by any other book that that uses Ida So this book documents the usage of the plug-in very well because you don't have to learn special Commands to do anything as you work on Ida if you've connected to the server all of your work is going back and forth anything that your Version of Ida supports Publish capabilities for so that chart That we had earlier Yeah, all open source all we're posted all and again, we're happy to hear of all the potential uses or and so on duck GPL version 2 Any other questions? Alice No Next year all right, I think that's it enjoy the rest of the con