ida -plugin

IDA Pro MCP Server exposes a remote API to interact with IDA Pro from AI assistants via the Model Context Protocol (MCP). This plugin lets an AI assistant perform binary analysis tasks by querying bytes, disassembly, decompiled pseudocode, function information, segments, imports/exports, strings, and more, directly against a loaded binary in IDA Pro. It unlocks capabilities such as reading memory at addresses, listing functions, defining or undefining functions, and retrieving data types like dwords or qwords, enabling automated analysis workflows from tools like Claude or VSCode integrations. The server runs locally and communicates over HTTP/SSE, allowing you to connect your assistant to the running IDA Pro instance and issue structured MCP requests to drive the analysis pipeline.

To use it, first open a binary in IDA Pro with the plugin installed. The MCP server starts locally (port 3000). In your AI tooling configuration (e.g., Claude or VSCode), point the MCP client to http://127.0.0.1:3000/sse and choose the sse type when connecting. Once connected, you can invoke the available analysis tools such as get_bytes, get_disasm, get_decompiled_func, get_function_name, get_segments, get_functions, get_xrefs_to, get_imports, get_exports, get_entry_point, make_function, undefine_function, and various get_<type>_at calls to retrieve data from the loaded binary. This enables automated, prompt-driven binary analysis and reverse engineering workflows.

The plugin exposes a comprehensive set of analysis tools that cover data extraction, code navigation, and function management, making it suitable for automated malware analysis, vulnerability research, and educational use cases where an AI assistant aids in data collection and hypothesis testing against a live IDA Pro session.

Prerequisites:

• IDA Pro 9.0+ installed and licensed
• Python 3.x installed and available on PATH
• Access to the plugin folder for IDA Pro

Installation steps:

1. Prepare the environment

• Ensure Python and pip are installed:
  • macOS/Linux: python3 --version; python3 -m ensurepip
  • Windows: python --version

2. Install Python dependencies (from the plugin directory):

pip install -r requirements.txt

3. Place the MCP server script in the IDA Pro plugins directory

• Windows: %ProgramFiles%\IDA Pro 9.0\plugins\
• Linux: ~/.idapro/plugins/
• macOS: ~/Library/Application Support/IDA Pro/plugins/

Copy ida-mcp-server.py into that plugins directory so IDA Pro can load or access it as the MCP server entry point. 4) Start IDA Pro and load a binary

• Open IDA Pro, load the target binary, and ensure the plugin is loaded on startup. The MCP server should start locally on port 3000 as described in the plugin docs.

5. Verify the server is running

• Open a browser or use curl to check http://127.0.0.1:3000/sse (or follow your client’s configuration).

Optional: If you run into port conflicts, adjust the port in the config or environment as needed (PORT variable).

Tips and caveats:

• The MCP server starts when IDA Pro loads the plugin and a binary is opened. If the server does not respond, verify that IDA Pro is allowed to access the network and that the port 3000 is not blocked by a firewall.
• The available tools cover a broad range of binary analysis tasks. Use get_bytes, get_disasm, and get_decompiled_func to inspect code paths; use get_strings and get_string_list to collect textual data for triage.
• When defining functions (make_function) or undefining them (undefine_function), ensure you specify a valid address within the current loaded binary to avoid API errors.
• If you update ida-mcp-server.py or its dependencies, restart IDA Pro to reload the plugin. Check the IDA Pro log/output for any import or runtime errors.
• For production use, consider securing access to the MCP server or restricting it to localhost to prevent unintended external access.