Integration with MCRIT for MinHash-based code similarity analysis in IDA Pro.
MCRIT (MinHash-based Code Relationship & Investigation Toolkit) simplifies MinHash-based code similarity detection. This plugin seamlessly integrates MCRIT servers with IDA Pro for malware analysis and function identification.
- Code Similarity - Compare functions/blocks against MCRIT.
- Function Matching - Identify similar functions across binaries.
- Label Management - Sync function labels with the server.
- Interactive Widgets - Dedicated views for blocks, functions, and overview.
- Integrated Settings - Native configuration via
ida-settings. - HCLI Support - Easy installation and updates.
The recommended way to install is using HCLI.
hcli plugin install mcrit-idaThis automatically handles dependencies (including smda and mcrit client) and configuration.
When using HCLI is not an option, you can also simply check out the repository or grab a source bundle from the releases.
In this case, you need to ensure presence of the dependencies manually:
python -m pip install smdaand optionally
python -m pip install ida-settings>=3.3.0If your installation of IDA Pro is situated in an offline Windows VM, there are dependency packages available to facilitate the setup (covering Python 3.10-3.13).
After unpacking the wheelhouse, navigate to the folder and install them using:
python -m pip install --no-index --find-links=. -r requirements.txtConfiguration is managed via ida-settings.
- GUI (Recommended): Install
ida-settings-editor(hcli plugin install ida-settings-editor) and configure via Edit → Plugins → Plugin Settings Manager. - Interactive: HCLI prompts for config values during installation.
- Manual: Edit
$IDAUSR/ida-config.json,config.pyor better, derive aconfig_override.json(discouraged)
Configure the plugin to connect to your MCRIT instance:
| Setting | Description | Example |
|---|---|---|
mcrit_server |
Server URL | https://mcrit.example.com/api/ |
mcritweb_api_token |
API Token (for MCRITweb) | eyJ0eXAi... |
mcritweb_username |
Username (optional) | analyst |
Note: For MCRITweb, the username is inferred automatically by setting the API token.
- Open Binary: Load a file in IDA Pro.
- Open Widgets: View → Open subviews → MCRIT widgets.
- Analyze: Right-click a function → MCRIT → Query function.
- Matches: Review results in the Function Scope Widget.
mcrit-plugin/
├── ida-plugin.json # Plugin metadata
├── ida_mcrit.py # Entry point
├── config.py # Settings management
├── helpers/ # Utilities (incl. vendored pyperclip and pylev)
├── widgets/ # UI components
└── icons/ # Resources
To install a development version from source:
# 1. Clone
git clone https://github.com/danielplohmann/mcrit-plugins.git
cd mcrit-plugins
# 2. Package
zip -r ../mcrit-ida.zip .
# 3. Install
hcli plugin install ../mcrit-ida.zip- added Github action to build dependency packages to facilitate installation in offline environments.
- Removed the mcrit package dependency by internalizing McritClient and required DTOs.
- Restored plugin hotkey handler and added a close action to the graph context menu.
- Improved resilience for missing or empty match data and guarded SMDA import paths.
- Hardened UI flows around function labels and form handling.
- Dev/CI: Added Ruff config + GitHub Action and reformatted the codebase.
- Significantly improved usablity of FunctionOverviewWidget by being able to deconflict multiple candidate labels.
- Optionally use SMDA as backend analysis engine (consistency towards MCRIT server), even when in IDA Pro.
- Now coloring results in BlockMatch (by frequency) and FunctionMatch (by score) widgets
- Can now display offsets of matched functions in FunctionMatchWidget
- Full HCLI Plugin Manager support.
- Migrated configuration to
ida-settings. - Code quality improvements.
- Strict HCLI compliance.
- Initial standalone release.
- IDA 9.2 (PySide6) compatibility.
GPL-3.0. See LICENSE for details.
Daniel Plohmann (@danielplohmann)