Gepetto - IDA Pro Python Plugin Leveraging Large Language Models

Introduction to Gepetto

Gepetto is a groundbreaking Python plugin designed to enhance the functionality of IDA Pro, a popular software used by reverse engineers. The magic behind Gepetto lies in its ability to harness the power of large language models (LLMs) to extract meaning from decompiled functions. With Gepetto, users can gain insights into what a particular function does and, as a bonus, rename the function's variables intelligently. Imagine receiving a concise explanation and improved variable names for complex code in just seconds; Gepetto delivers exactly that.

Setting Up Gepetto

Getting started with Gepetto is straightforward. Users need to place the main script (gepetto.py) and the accompanying folder (gepetto/) into the plugins directory of their IDA Pro installation. On Windows, this typically resides at %AppData%\Hex-Rays\IDA Pro\plugins, though users may need to create this directory manually.

Additionally, installing required packages is essential for Gepetto to function. By checking a specific registry key under HKEY_CURRENT_USER, users can identify which Python interpreter IDA is using. With this interpreter, the necessary packages can be installed using:

[path/to/python] -m pip install -r requirements.txt

Another vital step involves updating the configuration file (gepetto/config.ini) with users' API keys. These keys, especially for providers like OpenAI, are obtainable from the respective provider's website. A gentle reminder: while API requests incur some costs, they remain relatively affordable.

Supported Models

Gepetto supports a robust range of models from various AI platforms:

OpenAI Models: Includes options like gpt-3.5-turbo-0125 and gpt-4-turbo. New users might find gpt-4o a great starting point.
Groq Models: Offers models such as llama3-70b-8192.
Together Models: Includes the mistralai/Mixtral-8x22B-Instruct-v0.1, but note it doesn’t support variable renaming.
Ollama Models: Any local model made available via Ollama can integrate seamlessly.

Users exploring other model providers, which expose OpenAI-like APIs, can extend Gepetto's capabilities even further. Assistance is available for those encountering challenges.

How to Use Gepetto

Once installed, Gepetto is accessible via IDA's pseudocode window. Users can switch between different supported models through the Edit > Gepetto menu, offering flexibility in interface usage.

Additionally, Gepetto provides a command-line interface within IDA, allowing direct questions to the language models. Selecting Gepetto in the input bar brings this functionality to life.

Handy Hotkeys

To simplify user interactions, Gepetto includes a few hotkeys:

Ctrl + Alt + H instructs the LLM to explain a function.
Ctrl + Alt + R requests improved names for function variables.

It's often beneficial to request a function explanation first since this primes the model to offer more insightful variable-renaming suggestions. Users should remember that AI can exhibit unpredictability, and repeating a command might yield better results if the initial output is less satisfactory.

Acknowledged Limitations

Gepetto performs effortlessly with IDA Pro but necessitates the use of the HexRays decompiler. Also, since the LLMs are general-purpose, they might occasionally deliver errors, so users should always review the results critically.

Language Customization

Gepetto doesn't constrain users to a single language. By modifying the locale in the configuration file, users can operate the plugin in their preferred language. Should the desired language be unavailable, users are encouraged to contribute by adding new translations to the project.

Acknowledgements

Gepetto benefits from the collaboration and support of multiple contributors and backers:

OpenAI for developing exceptional LLMs.
Hex Rays, the developers of IDA Pro, for their consistent support.
Kaspersky and HarfangLab for their financial support, which makes continuous development possible.
Contributors like @vanhauser-thc for enriching the project with ideas and improvements.
All individuals involved in translation contributions, enhancing Gepetto's usability worldwide.

With Gepetto, code comprehension and analysis in IDA Pro have never been simpler or more effective!