Quokka: A Fast and Accurate Binary Exporter
Project description
Quokka
image generated by DALL-E
Table of Contents
Introduction
Quokka is a binary exporter: from the disassembly of a program, it generates an export file that can be used without the disassembler.
The main objective of Quokka is to enable to completely manipulate the binary without ever opening a disassembler after the initial step. Moreover, it abstracts the disassembler's API to expose a clean interface to the users.
Quokka is heavily inspired by BinExport, the binary exporter used by BinDiff.
Installation
Python plugin
The plugin is built in the CI and available in the registry.
It should be possible to install directly from PIP using this kind of commmand:
$ pip install quokka-project
IDA Plugin
Note: The IDA plugin is not needed to read a Quokka generated file. It is
only used to generate them.
Quokka is currently compatible with IDA 7.3+
The plugin is built on the CI and available in the Release tab.
To download the plugin, get the file named quokka_plugin**.so.
Usage
Export a file
!!! note
This requires a working IDA installation.
- Either using command line:
$ idat64 -OQuokkaAuto:true -A /path/to/hello.i64
Note: We are using idat64 and not ida64 to increase the export speed
because we don't need the graphical interface.
- Using the plugin shortcut inside IDA: (by default) Alt+A
Export a file in batch
One can write its own bash script run multiple idat64 in parallel. However,
Quokka provides an utility tool to automatically export all executable files
of a given directory in parallel. An example to automate the export using 8 threads:
$ quokka-cli -t 8 dir/
Load an export file
import quokka
# Directly from the binary (requires the IDA plugin to be installed)
ls = quokka.Program.from_binary("/bin/ls")
# From the exported file
ls = quokka.Program("ls.quokka", # the exported file
"/bin/ls") # the original binary
Building
Build
user@host:~/quokka$ cmake -B build \ # Where to build
-S . \ # Where are the sources
-DIdaSdk_ROOT_DIR:STRING=path/to/ida_sdk \ # Path to IDA SDK
-DCMAKE_BUILD_TYPE:STRING=Release \ # Build Type
user@host:~/quokka$ cmake --build build --target quokka_plugin -- -j
To install the plugin:
user@host:~/quokka$ cmake --install build
In any case, the plugin will also be in build/quokka-install. You can
copy it to IDA's user plugin directory.
user@host:~/quokka$ cp build/quokka-install/quokka*64.so $HOME/.idapro/plugins/
For more detailed information about building, see Building
Documentation
Documentation is available online at documentation
FAQ
You can see a list of questions here FAQ
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file quokka-project-0.5.7.tar.gz.
File metadata
- Download URL: quokka-project-0.5.7.tar.gz
- Upload date:
- Size: 47.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f64af258f1c1c07f4a40e4664a2507ab5f87326d1c7bb374b8d4d03a2556facb |
|
| MD5 | 0ba0f5e070a075b268c21052c8622458 |
|
| BLAKE2b-256 | 63871d90bc23027a41d7b300a121b358505ae46b20504a484fa326820f7ed6b9 |
File details
Details for the file quokka_project-0.5.7-py3-none-any.whl.
File metadata
- Download URL: quokka_project-0.5.7-py3-none-any.whl
- Upload date:
- Size: 63.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b9eff4efb137805f5147bf342a7471fe9969a279909c23203d6d5942944f125b |
|
| MD5 | b4179f16b939f4c8b7ab216df8928c46 |
|
| BLAKE2b-256 | 72085c599f0e76f6892ed7712c585a055cabcf5fe8a8e8e45082a0fd359f3e7c |
