Lumen

Lumen is an alternative Lumina server for IDA Pro. Lumen was developed as a side project for fun. The current public server is available for anybody to use. Lumen supports IDA 7.2+, no plugins required!

The server is open source, and can be found here.

Joining Lumen

IDA >= 8.0

Starting with IDA 8.0 it is no longer possible to override IDA’s CA and Lumina’s configuration is no longer in ida.cfg. Until a plugin is developed to patch the CA, you can use the following workaround:

  1. Start a socat server that encapsulates lumina over TLS. Download hexrays.crt, and execute the following command:

    1

    socat -s -dd tcp4-listen:1234,fork,reuseaddr openssl:lumen.abda.nl:1235,cafile=hexrays.crt

  2. Configure IDA to use the local server for Lumina using environment variables:

    1
2
3

    export LUMINA_TLS=false
export LUNINA_HOST=localhost
export LUMINA_PORT=1234

Update ida.cfg (IDA < 8.0)

Note
The original certificate to lumen.abda.nl had expired on October 2, 2021. Therefore, a new certificate was issued with a 5 year validity and the port had changed from 1234 to 1235.

You will need to tell IDA to connect to our server. To do this, simply open $IDA_INSTALL_DIR$\cfg\ida.cfg with your favorite editor, locate the commented “LUMINA_HOST” and “LUMINA_PORT” fields and set them to lumen.abda.nl and 1235 accordingly.

1
2

LUMINA_HOST = "lumen.abda.nl"; // This semicolon is important!
LUMINA_PORT = 1235

Get the certificate

IDA uses a self signed CA to connect to Lumina, you can replace the default CA with Lumen’s by downloading hexrays.crt and saving it to $IDA_INSTALL_DIR$\hexrays.crt.

Restart IDA

IDA doesn’t auto-reload it’s configurations. You should restart IDA to load the new configurations, and that’s it - you’re done.

Contibuting

Running the Lumen server isn’t free. Please consider donating in order to keep lumen.abda.nl online.

Privacy Concerns

I have seen that some people1 online are concerned about the data collected by my server (lumen.abda.nl). While I understand the concern, there isn’t much I can do - I didn’t write the Lumina protocol. I can only say that I don’t intend to use the information I get for malicious purposes.

The following information that I would consider personal is sent by IDA to Lumina servers:

  • All connections
    • IDA Pro’s license.key file, which includes:
      • email address
      • license id(s)
  • When pushing function metadata:
    • Absolute idb path (eg. C:\Research\firefox\firefox.idb64)
    • Absolute original file path (eg. C:\Research\firefox\firefox.exe)
    • File MD5
    • Hostname (eg. DESKTOP-ENT7IB9)

For more information about the Lumina protocol, please read my research.

Follow me on Twitter!

  1. https://www.synacktiv.com/en/publications/investigating-ida-lumina-feature.html; See “Privacy Considerations” ↩︎