elastic
diff --git a/‎HexForge.py
Lines changed: 115 additions & 0 deletions b/‎HexForge.py
Lines changed: 115 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 29 additions & 0 deletions b/‎README.md
Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,115 @@
+import idaapi
+import inspect
+
+from hexforge_modules import crypto, encoding, misc
+
+
+CRYPTO_MODULE_PATH = "HexForge/crypto/"
+ENCODING_MODULE_PATH = "HexForge/encoding/"
+MISC_MODULE_PATH = "HexForge/misc/"
+
+g_crypto_modules = [cls() for _, cls in inspect.getmembers(crypto, inspect.isclass)]
+g_encoding_modules = [cls() for _, cls in inspect.getmembers(encoding, inspect.isclass)]
+g_misc_modules = [cls() for _, cls in inspect.getmembers(misc, inspect.isclass)]
+
+
+class hexforge_plugin_t(idaapi.plugin_t):
+    flags = idaapi.PLUGIN_KEEP
+    comment = ""
+    help = ""
+    wanted_name = "HexForge"
+
+    def init(self):
+        idaapi.msg("init() called!\n")
+        self._init_actions()
+        self._init_hooks()
+        return idaapi.PLUGIN_KEEP
+
+    def run(self, arg):
+        idaapi.msg("run() called with %d!\n" % arg)
+
+    def term(self):
+        self._del_action()
+        idaapi.msg("term() called!\n")
+
+    # --------------------------------------------------------------------------
+    # Initializations
+    # --------------------------------------------------------------------------
+
+    def _init_actions(self) -> None:
+        for module in g_crypto_modules + g_encoding_modules + g_misc_modules:
+            module.init_action()
+
+    def _del_action(self) -> None:
+        for module in g_crypto_modules + g_encoding_modules + g_misc_modules:
+            module.del_action()
+
+    # --------------------------------------------------------------------------
+    # Initialize Hooks
+    # --------------------------------------------------------------------------
+
+    def _init_hooks(self) -> None:
+        """
+        Install plugin hooks into IDA.
+        """
+        self._hooks = Hooks()
+        self._hooks.hook()
+
+
+# Plugin Hooks
+
+
+class Hooks(idaapi.UI_Hooks):
+    def finish_populating_widget_popup(self, widget, popup):
+        """
+        A right click menu is about to be shown. (IDA 7)
+        """
+        inject_actions(widget, popup, idaapi.get_widget_type(widget))
+        return 0
+
+
+# Prefix Wrappers
+
+
+def inject_actions(form, popup, form_type) -> int:
+    """
+    Inject actions to popup menu(s) based on context.
+    """
+
+    if (form_type == idaapi.BWN_DISASMS) or (form_type == idaapi.BWN_DUMP):
+        for module in g_crypto_modules:
+            idaapi.attach_action_to_popup(
+                form,
+                popup,
+                module.ACTION_NAME,
+                CRYPTO_MODULE_PATH,
+                idaapi.SETMENU_APP,
+            )
+
+        for module in g_misc_modules:
+            idaapi.attach_action_to_popup(
+                form,
+                popup,
+                module.ACTION_NAME,
+                MISC_MODULE_PATH,
+                idaapi.SETMENU_APP,
+            )
+
+        for module in g_encoding_modules:
+            idaapi.attach_action_to_popup(
+                form,
+                popup,
+                module.ACTION_NAME,
+                ENCODING_MODULE_PATH,
+                idaapi.SETMENU_APP,
+            )
+
+    return 0
+
+
+# Register IDA plugin
+def PLUGIN_ENTRY() -> hexforge_plugin_t:
+    return hexforge_plugin_t()
+
+
+PLUGIN_ENTRY()
@@ -0,0 +1,29 @@
+## HexForge IDA plugin
+This IDA plugin extends the functionality of the assembly and hex view. With this plugin, you can conveniently decode/decrypt/alter data directly from the IDA Pro interface. The following actions include:
+- Copying raw hex from IDA's disassembly or hex view
+- Patching or nopping bytes from memory or statically
+- Quickly use popular crypto/encoding algorithms for decryption
+  - AES
+  - ChaCha20
+  - RC4
+  - XOR
+  - Base64
+
+
+## How to use
+Select the data in IDA hex view or disassembly view and right click to get the menu
+
+![image](https://github.com/user-attachments/assets/fb597d92-a12e-4755-b305-506197724014)
+
+
+### How to add a module
+This section will help you understand how to add new modules to the `hexforge_modules` package. By following these steps, you can create custom modules that integrate seamlessly with the Hexforge framework.
+
+- Start by creating a new Python class inside the hexforge_modules package. This class will represent your module. The class should be named appropriately to reflect its purpose.
+- Your class must inherit from the `helper.ModuleTemplate` class.
+- The `_action` method is where you define the main logic of your module. This could be encryption, decryption, compression, or any other action your module is designed to perform.
+- If your module requires user input, you should create a GUI interface using the InputFormT class. This form will be presented to the user when your module is invoked.
+
+You can follow the example provided below for XOR decryption:
+
+https://github.com/elastic/HexForge/blob/984c40d24a8a2fa3ccb52264961bdeb679e0ff69/hexforge_modules/crypto.py#L202