Install Xcode

Open up AppStore app, login with your Apple credentials, search for xcode and install $ sudo mkdir -p /Developer/SDKs $ sudo ln -s /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk /Developer/SDKs/MacOSX.sdk

Install brew and a few more packages:

$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" $ brew install libiconv (mine was https://homebrew.bintray.com/bottles/libiconv-1.15.high_sierra.bottle.tar.gz) $ pip install ida-settings idalink

Confirm that LLVM and command line tools have been installed:

$ gcc --version $ xcode-select --install

Confirm that SDK has been installed

$ xcrun --sdk macosx --show-sdk-path

Install IDA Pro

Download IDA Pro from the links you received in your email after purchasing IDA Pro. Double click .app file to install IDA Pro and follow the onscreen instructions; installation path on MacOSX (/Applications/IDA Pro 7.0/ida.app)

Install BinDiff

Download and install BinDiff from https://www.zynamics.com/software.html

Prepare IDA SDK

We use IDA SDK in order to write/compile: – processor modules – input file loader modules – plugin modules $ cd ~/Documents $ unzip idasdk70.zip

$ cp /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/libida.dylibc ~/Documents/idasdk70/lib/x86_mac_gcc_32/

$ cp /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/libida64.dylib ~/Documents/idasdk70/lib/x64_mac_gcc_64/ (old libida64.dylib was 109344 bytes, new copied file is 6097712 bytes)

$ ls -al ~/Documents/idasdk70/lib/x86_mac_gcc_32 $ ls -al ~/Documents/idasdk70/lib/x64_mac_gcc_64 //you will notice that libiconv.2.2.0.dylib already exists for both architectures

$ locate libiconv $ cp /usr/lib/libiconv.2.4.0.dylib ~/Documents/idasdk70/lib/x86_mac_gcc_32/libiconv.2.2.0.dylib

$ cp /usr/lib/libiconv.2.4.0.dylib ~/Documents/idasdk70/lib/x64_mac_gcc_64/libiconv.2.2.0.dylib (old libiconv.2.2.0.dylib was 11144 bytes, new copied file is 2104288 bytes)

$ cp -r /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins/hexrays_sdk/include/ ~/Documents/idasdk70/include/ $ cp -r /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins/hexrays_sdk/plugins/ ~/Documents/idasdk70/plugins/ $ vi ~/Documents/idasdk70/plugins/makefile //remove qwindow (there is only one instance, line 41)

$ vi ~/Documents/idasdk70/plugins/makefile //add vds1 vds2 vds3 vds4 vds5 vds6 vds7 in line 36

MacOSX Version Support

$ export PATH=~/Documents/idasdk70/bin:$PATH $ cd ~/Documents/idasdk70 $ vi allmake.unx change lines 116 ifneq ($(wildcard $(SDKDIR)/MacOSX10.12.sdk/*),) 117 MACSDK=$(SDKDIR)/MacOSX10.12.sdk 118 MACSDKVER=1012

to

116 ifneq ($(wildcard $(SDKDIR)/MacOSX10.13.sdk/),) 117 MACSDK=$(SDKDIR)/MacOSX10.13.sdk 118 MACSDKVER=1013 119 else ifneq ($(wildcard $(SDKDIR)/MacOSX10.12.sdk/),) 120 MACSDK=$(SDKDIR)/MacOSX10.12.sdk 121 MACSDKVER=1012

Compiling IDA SDK Shipped Plugins

$ cd ~/Documents/idasdk70 $ export MAC=1 $ ./bin/idamake.pl $ cd ~/Documents/idasdk70 $ export EA64=0 $ make $ cd ~/Documents/idasdk70/bin/plugins

All the compiled x64 plugins must have been created and stored in that folder

Copy your compiled plugins to the plugins folder (if they are not already there) /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins

Hex-Rays Decompiler Plugins Installation Extract your purchased decompilers’ plugins (eg x64_hexarmm.zip and x64_hexx86m.zip) $ cp x64_hexarmm/hexarm.dylib /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins/. $ cp x64_hexx86m/hexrays.dylib /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins/. $ cp x64_hexx86m/hexrays.cfg /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/plugins/.

In IDA open a file of the architecture that you previously installed the decompiler for, then in IDAView-A select a code block and Fn+F5 (on Mac, or just F5 on Windows/Linux); you should see the decompiled output of the selected snippet in a new window.

TILIB Installation (utility to create type libraries for IDA)

$ unzip tilib70.zip $ cp tilib70/mac/* /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/.

User parselib to generate pattern files and sigmake to create the signature files (using the pattern files as input).

$ cd /Applications/IDA Pro 7.0/ida.app/Contents/MacOS] $ ./plb $ ./sigmake

FLAIR (Fast Library Identification and Recognition Technology) Installation

$ unzip flair70.zip $ cp flair70/bin/mac/* /Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/.