XRefer is a Python-based IDA Pro plugin designed for reverse engineers to accelerate binary analysis. It provides an enhanced navigation interface, automatically clusters related functions, and visualizes execution paths, offering deeper insights into software behavior.

How It Works

XRefer analyzes execution paths from entry points, identifying clusters of related functions to streamline manual static analysis. It leverages external data sources like API traces and capa results to enrich analysis. A key feature is its integration with Google's Gemini model, which generates natural language descriptions of code relationships and behaviors, providing a novel way to understand complex binaries.

Quick Start & Requirements

• Install by copying the plugins directory contents into your IDA Pro plugins directory.
• Install dependencies via pip install -r requirements.txt.
• Requires Java (OpenJDK or JRE) accessible in the system PATH for the asciinet dependency.
• Usage: Restart IDA, access via Edit -> XRefer menu or context menu.
• Configuration: Edit -> XRefer -> Configure for LLM settings, paths, and exclusions.
• Analysis: Start via Edit -> XRefer -> Run Analysis -> Default Entrypoint or Custom Entrypoint.
• Further details: Usage Documentation

Highlighted Details

• Integrates with Google Gemini for natural language code descriptions.
• Supports external data ingestion (API traces, capa results, user-defined xrefs).
• Provides cluster-based function labeling for faster analysis.
• Offers path graphs for enhanced context and visualization.

Maintenance & Community

• Contributions, bug reports, and feature requests are welcome via issues or pull requests.

Licensing & Compatibility

• License: Apache License 2.0.
• Compatible with IDA Pro.

Limitations & Caveats

LLM features send analyzed data (APIs, strings, function relationships) to external servers like Google Gemini. Users analyzing sensitive data should disable LLM features to prevent external communication. Consult Google Gemini's Terms of Service before use.