With FLIRT Signature Bundle, designed to be used with IDA Feeds (aka FLIRT Signature Manager), you can analyze thousands of signatures and bulk apply them to your binary.
The bundle contains signatures for modern languages like Golang and Rust, as well as updates for classic compilers. The latest version of the FLIRT Signature Bundle can be downloaded from My Hex-Rays portal under SDK and utilities.
Flirt Signature Bundles will be regularly updated and released independently whenever there is a new compiler, language, or library release.
Golang
Versions: stable versions from 1.10.0 to 1.23
Operating Systems: Linux, Windows, MacOS
Architectures: arm64 (Windows, Linux, MacOS), arm (Windows, Linux, MacOS), x86 (Windows, Linux) , x86-64 (Windows, Linux)
C/C++
Windows (MSVC):
Architectures: arm, arm64, i386, amd64
Packages: ATL, CTL, MFC, Windows SDK 10, Windows SDK 11
Distribution: Ubuntu & Debian
Architectures: i386, amd64, arm64, armhf, armel, arm, s390x, mips64el, mipsel, mips, ppc64el
Packages: libc6, libselinux1, libpcre2, libidn2, libssl, zlib1g, lib32z1, libunistring, libcurl4-gnutls, libcurl4-nss, libcurl4-openssl, libnghttp2, libidn2, librtmp, libssh, libssh-gcrypt, libpsl, libldap, libzstd, libbrotli, libgnutls28, nettle, libgmp, comerr, libsasl2, libbrotli, libtasn1-6, libkeyutils, libffi, uuid, libprotobuf, heimdal-multidev, musl, libplib, libsdl1.2-bundle (libsdl-console, libsdl-sge, libsdl1.2, libsdl-ocaml, libsdl-image1.2, libsdl-kitchensink, libsdl-mixer1.2, libsdl-net1.2, libsdl-sound1.2, libsdl-ttf2.0, libsdl1.2-compat, libsdl-gfx1.2, libsdl-pango), libsdl2-bundle (libsdl2, libsdl2-gfx, libsdl2-image, libsdl2-mixer, libsdl2-net, libsdl2-ttf) Rust
Versions 1.77 to 1.81
Architectures: arm64, arm, x86, x86-64
Operating Systems: Linux, Windows, MacOS
Compilers: GCC, LLVM, MSVC
Ida Feeds helps you identify which signatures to apply when analyzing binary files, especially when you don't know which static libraries were linked to them. Rather than manually applying signatures, IDA Feeds automatically scans and applies many signatures in seconds. Just open the signature folder, allow IDA to scan and find the possible matches, and then bulk apply the suggested signatures.
IDA Feeds uses the FLIRT Signature Bundles, which are going to be regularly updated and released to keep you up to date with the newest recognizable signatures.
The proper configuration of the plugin is required to start using IDA Feeds and make it visible in the plugins list under Edit -> Plugins submenu.
idalib configured properly (check idalib installation and activation steps)
Downloaded the latest IDA FLIRT Signature Bundle. You can get it from our Download Center in My Hex-Rays portal under SDK and utilities.
We recommend using IDA Feeds from within your Python virtual environment (venv). To do so, ensure you have created and activated your virtual environment before proceeding.
Create a Python virtual environment at your preferred location
Replace ~/.idapro/venv with your path.
Activate your virtual environment
Create a Python virtual environment at your preferred location
Replace .idapro\venv with your path.
Activate your virtual environment
Install requirements for Python modules from within your virtual environment.
Navigate to the plugin/ida_feeds folder within the IDA Pro installation directory and install the requirements.
Create symbolic link (optional)
Linux & OSX
Windows
After successfully performing these steps, IDA Feeds plugin should be visible in the Edit -> Plugins submenu and ready to try.
To use IDA Feeds, you need to configure the plugin first.
Go to the Edit -> Plugins -> IDA Feeds. IDA Feeds will open in a new Signature Tools subview.
In the Signature Tools window, click Open signatures folder and select the folder with the downloaded FLIRT signature bundle (1), or leave the preloaded signatures already provided with your IDA instance.
Select all or chosen signature files, and then click Run multi-core analysis (2).
Check the results and click Apply signatures to bulk apply (3) correct matches.
`python -m venv ~/.idapro/venv`source ~/.idapro/venv/bin/activatepython -m venv %YOURPROFILE%\.idapro\venv
%YOURPROFILE%\.idapro\venv\Scripts\activate
python3 -m pip install -r requirements.txtln -s $(pwd) $HOME/.idapro/plugins/ida_feedsmklink /D "%APPDATA%\Hex-Rays\IDA Pro\plugins\ida_feeds" "%cd%"