List of plugins/scripts for IDA Pro (both RE malware, vulnerabilities and exploits)


A great list of plugins /scripts for IDA Pro (both RE malware, vulnerabilities and exploits):

  • 3DSX Loader

    IDA PRO Loader for 3DSX files

  • Adobe Flash disassembler

    The 2 plugins present in this archive will enable IDA to parse SWF files, load all SWF tags as segments for fast search and retrieval, parse all tags that can potentially contain ActionScript2 code, discover all such code(a dedicated processor module has been written for it) and even name the event functions acording to event handled in it (eg. OnInitialize). Download

  • Android Debugging

    This version have both support for native arm debugging via usb and sdk ADV manager.

  • Android Scripts Collection

    Collection of Android reverse engineering scripts that make my life easier

  • BinClone

    BinClone: detecting code clones in malware [SERE 2014]

  • BinNavi

    BinNavi is a binary analysis IDE – an environment that allows users to inspect, navigate, edit, and annotate control-flow-graphs of disassembled code, do the same for the callgraph of the executable, collect and combine execution traces, and generally keep track of analysis results among a group of analysts.

  • Bin Sourcerer

    BinSourcerer (a.k.a RE-Source Online) is an assembly to source code matching framework for binary auditing and malware analysis.

  • Bootroom Analysis Library

    IBAL is the IDA Pro Bootrom Analysis Library, which contains a number of useful functions for analyzing embedded ROMs.

  • Bosch ME7

    Siemens Bosch ME7.x Disassembler Helper for IDA Pro

  • collabREate

    collabREate is a plugin for IDA Pro that is designed to provide a collaborative reverse engineering capability for multiple IDA users working on the same binary file.

  • Class Informer

    Scans an MSVC 32bit target IDB for vftables with C++ RTTI, and MFC RTCI type data. Places structure defs, names, labels, and comments to make more sense of class vftables (“Virtual Function Table”) and make them read easier as an aid to reverse engineering. Creates a list window with found vftables for browsing.

  • Crowd Detox

    The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations.

  • Dalvik Header

    This is a simple Dalvik header plugin for IDA Pro

  • Data Xref Counter

    Enumerates all of the the x-references in a specific segment and counts the frequency of usage. The plugin displays the data in QtTableWidget and lets the user filter and sort the references. You can also export the data to a CSV file.

  • Diaphora

    Diaphora (διαφορά, Greek for ‘difference’) is a program diffing plugin for IDA Pro, similar to Zynamics Bindiff or the FOSS counterparts DarunGrim, TurboDiff, etc… It was released during SyScan 2015.

  • DOXBox Debugger

    Eric Fry’s IDA/DOSBox debugger plugin

  • DWARF Plugin

    IDADWARF is an IDA plugin that imports DWARF debugging symbols into an IDA database.Download

  • Dynamic IDA Enrichment

    DIE is an IDA python plugin designed to enrich IDA`s static analysis with dynamic data. This is done using the IDA Debugger API, by placing breakpoints in key locations and saving the current system context once those breakpoints are hit.

  • EFI Scripts

    Some IDA scripts and tools to assist with reverse engineering EFI executables.

  • EtherAnnotate

    Parses the specialized instruction trace files that are generated using the EtherAnnotate Xen modification ( From the instruction trace, register values and code coverage of the run-time information are visualized in IDA Pro through instruction comments and line colorations.

  • Extract Macho-O

    This is a very simple IDA plugin to extract all Mach-O binaries contained anywhere in the disassembly.

  • Flare Plugins

    Shellcode Hashes, Struct Typer, StackStrings, MSDN Annotations, ApplyCalleType

  • FLS Loader

    IDA Pro loader module for IFX iPhone baseband firmwares. Based on a universal scatter loader script by roxfan.

  • Frida

    This is plugin for ida pro thar uses the Frida api. Mainly trace functions.

  • Funcap

    This script records function calls (and returns) across an executable using IDA debugger API, along with all the arguments passed. It dumps the info to a text file, and also inserts it into IDA’s inline comments. This way, static analysis that usually follows the behavioral runtime analysis when analyzing malware, can be directly fed with runtime info such as decrypted strings returned in function’s arguments.

  • Function Tagger

    This IDAPython script tags subroutines according to their use of imported functions

  • Gamecube Extension

    This is a Gekko CPU Paired Single extension instructions plug-in for IDA Pro 5.2

  • Gamecube DSP

    This project adds support for the DSP present in the Gamecube and the Wii to IDA, the Interactive Disassembler [1]. This allows easy analyze of a DSP ucode, handling cross-references, control flow, and so on.

  • Graph Slick

    Automated detection of inlined functions. It highlights similar groups of nodes and allows you to group them, simplifying complex functions. The authors provide an accompanying presentation which explains the algorithms behind the plugin and shows sample use cases.

  • HexRays CodeXplorer

    The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm …

  • HexRays Tools

    • Assist in creation of new structure definitions / virtual calls detection
    • Jump directly to virtual function or structure member definition
    • Gives list of structures with given size, with given offset
    • Finds structures with same “shape” as is used.
    • convert function to __usercall or __userpurge
    • and more….

    As the name implies this plugin can be used to export information from IDA databases to SQL databases. This allows for further analysis of the collected data: statstical analysis, building graphs, finding similarities between programs, etc.

  • IDA C#

    Scripting IDA with C#

  • IDA Compare

    IDA disassembly level diffing tool, find patches and modifications between malware variants. See mydoom A/B sample database and video trainer for usage.

  • IDA Eye

    Plugin that enables you to perform different operations at the mnemonic level, independent of any particular processor type. These operations are facilitated through a parameterized template, which include the capabilities to de/highlight instructions, gather statistical information about the frequency of each instruction, and search for sequences of mnemonics, among other features.

  • IDA Extrapass

    An IDA Pro Win32 target clean up plug-in by Sirmabus. It does essentially four cleaning/fixing steps: Convert stray code section values to “unknown”, fix missing “align” blocks, fix missing code bytes, and locate and fix missing/undefined functions.

  • IDA Patchwork

    Stitching against malware families with IDA Pro (tool for the talk at Spring9, In essence, I use a somewhat fixed / refurbished version of PyEmu along IDA to demonstrate deobfuscation of the different patterns found in the malware family Nymaim.

  • IDA Rest

    A simple REST-like API for basic interoperability with IDA Pro.

  • IDA Scope

    IDAscope is an IDA Pro extension with the goal to ease the task of (malware) reverse engineering with a current focus on x86 Windows. It consists of multiple tabs, containing functionality to achieve different goals such as fast identification of semantically interesting locations in the analysis target, seamless access to MSDN documentation of Windows API, and finding of potential crypto/compression algorithms.

  • IDA Signature Matching Tool

    Tool for searching signatures inside files, extremely useful as help in reversing jobs like figuring or having an initial idea of what encryption/compression algorithm is used for a proprietary protocol or file. It can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it’s all based on a text signature file read at run-time and easy to modify.

  • IDA Sploiter

    IDA Sploiter is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s capabilities as an exploit development and vulnerability research tool. Some of the plugin’s features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others.

  • IDA Stealth

    IDAStealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process.

  • IDA Toolbag

    The IDA Toolbag plugin provides many handy features, such as:

    • A ‘History’ view, that displays functions in the disassembly that you have decided are important, and the relationships between them.
    • A code path-searching tool, that lets you find what functions (or blocks) are forming a path between two locations.
    • Manage and run your IDC/Python scripts
    • Something that’s also of considerable importance is that the IDA Toolbag lets you collaborate with other IDA users: one can publish his ‘History’, or import another user’s history & even merge them!
    • See the official documentation for an extensive feature list.
  • IDA Xtensa

    This is a processor plugin for IDA, to support the Xtensa core found in Espressif ESP8266. It does not support other configurations of the Xtensa architecture, but that is probably (hopefully) easy to implement.

  • idb2pat

    IDB to Pat.

  • MSDN Helper

    This tool will help you to get to Offline MSDN help while using IDA Pro.

  • MyNav

    MyNav is a plugin for IDA Pro to help reverse engineers in the most typical task like discovering what functions are responsible of some specifical tasks, finding paths between “interesting” functions and data entry points.

  • NES Loader

    Nintendo Entertainment System (NES) ROM loader module for IDA Pro.

  • Optimice

    This plugin enables you to remove some common obfuscations and rewrite code to a new segment. Currently supported optimizations are: Dead code removal, JMP merging, JCC opaque predicate removal, Pattern based deobfuscations

  • Patcher

    IDA Patcher is a plugin for Hex-Ray’s IDA Pro disassembler designed to enhance IDA’s ability to patch binary files and memory.

  • Plus22

    Plus22 transforms x86_64 executables to be processed with 32-bit version of Hex-Rays Decompiler.

  • Plympton

    A gem to read program disassembly from a YAML dump. The YAML dump is generated from an IDA Pro python script. This script is included along with this Gem (

  • Pomidor

    IDA Pomidor is a plugin for Hex-Ray’s IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions.

  • Qualcomm Loader

    IDA loader plugin for Qualcomm Bootloader Stages

  • qb-sync

    qb-sync is an open source tool to add some helpful glue between IDA Pro and Windbg. Its core feature is to dynamically synchronize IDA’s graph windows with Windbg’s position.

  • Recompiler

    IDA recompiler

  • REProgram

    A way of making almost-arbitrary changes to an executable when run under a debugger — even changes that don’t fit.

  • REtypedef

    REtypedef is an IDA PRO plugin that allows defining custom substitutions for function names. It comes with a default ruleset providing substitutions for many common STL types.

  • Samsung S4 Rom Loader

    IDA Pro Loader Plugin for Samsung Galaxy S4 ROMs

  • Sark

    Sark, (named after the notorious Tron villain,) is an object-oriented scripting layer written on top of IDAPython. Sark is easy to use and provides tools for writing advanced scripts and plugins.

  • Sega Genesis/Megadrive Tools

    Special IDA Pro tools for the Sega Genesis/Megadrive romhackers. Tested work on v5.2, v6.6. Should work on other versions.

  • Sig Maker

    Can create sigs automatically and has a wide variety of functions (might be unstable on IDA 6.2).

  • Snippt Detector

    Snippet Detector is an IDA Python scripts project used to detect snippets from 32bit disassembled files. snippet is the word used to identify a generic sequence of instructions (at the moment a snippet is indeed a defined function). The aim of the tool is to collect many disassembled snippets inside a database for the detection process.

  • Snowman Decompiler

    Snowman is a native code to C/C++ decompiler. Standalone and IDA Plugin. Source Code

  • Splode

    Augmenting Static Reverse Engineering with Dynamic Analysis and Instrumentation

  • spu3dbg

    Ida Pro debugger module for the anergistic SPU emulator.

  • Synergy

    A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By

  • Tarkus

    Tarkus is a plugin manager for IDA Pro, modelled after Python’s pip.

  • VirusBattle

    The plugin is an integration of Virus Battle API to the well known IDA Disassembler. Virusbattle is a web service that analyses malware and other binaries with a variety of advanced static and dynamic analyses.

  • Win32 LST to Inline Assembly

    Python script which extracts procedures from IDA Win32 LST files and converts them to correctly dynamically linked compilable Visual C++ inline assembly.

  • WinIOCtlDecoder

    An IDA Pro plugin which decodes a Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.

  • Xex Loader for IDA 6.6

    This adds the ability to load xex files into IDA directly without having to first process them in any way. It processes the xex file as much as possible while loading to minimise the work required by the user to get it to a state fit for reversing.

  • X86Emu

    Its purpose is to allow a reverse engineer the chance to step through x86 code while reverse engineering a binary. The plugin can help you step through any x86 binary from any platform. For Windows binaries, many common library calls are trapped and emulated by the emulator, allowing for a higher fidelity emulation. I find it particularly useful for stepping through obfuscated code as it automatically reorganizes an IDA disassembly based on actual code paths.

Como executar um binário do Windows/DOS no Linux (Continuação do Post anterior sobre compilar binário de Windows, dentro do Linux)

Continuação do post:

Para testar seu binário de Windows, no próprio Linux, com se fosse um Windows…rss:) (Wine tá bugado na VM de testes).

[test@localhost sampler]$ wine cmd
fixme:winediag:start_process Wine Staging 1.7.49 is a testing version containing experimental patches.
fixme:winediag:start_process Please report bugs at (instead of
Microsoft Windows 5.2.3790 (1.7.49)

Z:\home\test\sampler>fixme:ole:RemUnknown_QueryInterface No interface for iid {00000019-0000-0000-c000-000000000046}
Volume in drive Z has no label.
Volume Serial Number is 0000-0000

Directory of Z:\home\test\sampler

8/31/2015 1:49 PM <DIR> .
8/31/2015 1:45 PM <DIR> ..
8/31/2015 1:15 PM 103 HelloWorld.c
8/31/2015 1:27 PM 67,385 HelloWorld.exe
8/31/2015 10:19 AM 717 HelloWorldCPL.c
8/31/2015 1:35 PM 67,385 HelloWorldCPL01
8/31/2015 1:15 PM 103 HelloWorldCPL01.c
8/31/2015 1:35 PM 67,385 HelloWorldCPL01.cpl
6 files 203,078 bytes
2 directories 95,160,651,776 bytes free
Sampler Test!

Não adiantar usar comandos de Linux, agora você estará no Windows

Can’t recognize ‘clear’ as an internal or external command, or batch script.

[test@localhost sampler]$ clear

Espero ter ajudado!


Cross-Compiling de Arquivo em Linguagem C (Compilando em Linux, Executando em Windows)

Estava fazendo um PoC (Proof of Concept) e precisava criar um sampler para testes, mas não queria criar uma VM com Windows, instalar GCC ou VS, só para criar um PE32 (Executável para Windows 32bits, arquitetura x86), então fui pesquisar sobre MinGW.

O problema é que a máquina de testes do Lab está usando um Fedora 22 e quando você procura no terminal por “MinGW”, não aparece nada rapidamente.

Buscando nesta wiki, achei o MinGW versão Fedora, que está com outra nomeclatura no package: (x86_64-w64-mingw32-gcc)

[root@localhost sampler]# x86_64-w64-mingw32-gcc HelloWorld.c -o HelloWorld


[root@localhost sampler]# file HelloWorld
HelloWorld: PE32+ executable (console) x86-64, for MS Windows

Agora sim!:)

Espero ter ajudado alguém!:)



Running nmap via golang

Hi. Another post about golang ;)

I was developing a small source code in golang to automate the use of nmap , based on these examples:

But it was not succeed until I developed it and it worked :

[root@localhost golang]# vim go-nmap.go

// Mauro Risonho de Paula Assumpção aka firebits
// example os/exec nmap
// 24.07.2015 15:04:23
// fedora 22 x86-64
// go version go1.4.2 linux/amd64
// go build

package main

import “syscall”
import “os”
import “os/exec”

func main() {

// For our example we’ll exec `ls`. Go requires an
// absolute path to the binary we want to execute, so
// we’ll use `exec.LookPath` to find it (probably
// `/bin/nmap`).

binary, lookErr := exec.LookPath(“/usr/bin/nmap”)
if lookErr != nil {

// `Exec` requires arguments in slice form (as
// apposed to one big string). We’ll give `ls` a few
// common arguments. Note that the first argument should
// be the program name.
// args := []string{“nmap”, “-A”, “-O”, “”}
args := []string{“nmap”, “-A”, “”}

// `Exec` also needs a set of [environment variables](environment-variables)
// to use. Here we just provide our current
// environment.
env := os.Environ()

// Here’s the actual `syscall.Exec` call. If this call is
// successful, the execution of our process will end
// here and be replaced by the `/bin/ls -a -l -h`
// process. If there is an error we’ll get a return
// value.
execErr := syscall.Exec(binary, args, env)
if execErr != nil {

I installed a vm with Fedora 22 x86_64 and CUPS server and did a spot scanning in localhost

[root@localhost golang]# go build go-nmap.go
[root@localhost golang]# ./go-nmap

Starting Nmap 6.47 ( ) at 2015-07-24 15:06 BRT
Nmap scan report for localhost.localdomain (
Host is up (0.00015s latency).
Not shown: 999 closed ports
631/tcp open ipp CUPS 2.0
| http-methods: Potentially risky methods: PUT
| http-robots.txt: 1 disallowed entry
|_http-title: Home – CUPS 2.0.3
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 – 3.15
Network Distance: 0 hops

OS and Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 8.06 seconds

So it works!


April 2nd, 2015 – OpenVAS-8 released: Charts, Quality of Detection and PostgreSQL-Support –

Following the annual release cycle, the new generation of OpenVAS [1] has been released. The new version of the open framework for vulnerability scanning and management, OpenVAS-8, introduces a comprehensively extended and improved feature set. Advances and improvements were achieved in virtually all areas.

Highlights of this new release are the chart module for a variety of graphical representation, the Quality of Detection (QoD) concept and the optional support of PostgreSQL as database backend. Major advances were also achieved for the access control management: more roles, group admins and super-admin to name just a few. Notable as well is the introduction of the optional multi-scanner support via the new protocol OSP (OpenVAS Scanner Protocol) for which a growing number of servers is expected for the future. Last but not least, the OpenVAS Scanner now requires less ressources and uses redis[2] for the inter-process communication.

All in all OpenVAS-8 ships 28 new and improved features, accompanied with countless smaller changes. The systematic improvements and reliable release of one major update every twelve months once again underlines the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [3] develops and uses OpenVAS as a base for its appliance product family for vulnerability scanning and management. Together with the company SecPod [4] and the growing community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [5] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework.

Vulnerability Management:

Access Control:
The access control features were comprehensively extended.
Roles can now be dynamically configured.
New default roles “Monitor”, “Guest” and “Super Admin”.
New Permissions “Super” that allows for example to define an administrator for a group.
Results are now an explicit part of the scan management.
The new section “Results” under menu “Scan Management” offers an object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
Solution Type:
NVTs are now associated with a solution type like for example “VendorFix”. This allows to group or identify NVTs or results where for example a simple solution exists or no solution is currently available.
The Feed content is updated over time to add a solution type for all of the NVTs. At the time of writing, 3.6% of the NVTs own a Solution Type.
Quality of Detection (QoD):
The QoD is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection.
One of the main reasons to introduce this concept was to handle the challenge of potential vulnerabilities properly. The goal was to keep such in the results database but only visible on demand.
While the QoD range allows to express the quality pretty refined, in fact most of the test routines use a standard methodology. Therefore the QoD Types were introduced of which each is associated with a QoD value.
The Feed content is updated over time to add a QoD for all NVTs. Any NVT not explicitly assigned will apply 75% and therefore visible by default in order to not change the default behavior compared to OpenVAS-7. However, meanwhile any NVTs formerly requiring the “paranoid” setting in the scan configuration is now reporting always but stay invisible in the database until the user decides to view results with a lower quality of detection.
At the time of writing, 2.7% of the NVTs own a QoD Type.
New SecInfo object type “CERT-Bund” introduced: These are advisories published by the German federal CERT.
Vulnerability Scanning:

The public key of SSH credentials is not required anymore because it is extracted from the private key.
Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With OpenVAS-7 the scanner immediately stopped activity and did not return so far collected host details. With OpenVAS-8 this is now transferred to the the database.
Dropped support for pausing of tasks entirely (was removed from GUI before, now removed from OMP level).
OpenVAS Scanning Protocol (OSP):
This new protocol allows to control a vulnerability scanner. The main elements are to set parameters, start a scan and retrieve results. OSP is designed in the same way as OMP, therefore it is a non-permanent request-response connection based on XML.
It is possible to configure and control OSP-compliant Scanner via the user interface.
OpenVAS-8 offers some pilot OSP scanners in order to provide examples for this technology. Users and developers are encouraged to wrap more vulnerability scanner with OSP and provide feedback on missing features in the OSP protocol.
The OpenVAS Scanner itself is still OTP-based and the integration with OpenVAS Manager works like before with the slight difference that it is now possible to define more than one OpenVAS Scanner to be controlled by OpenVAS Manager.
This new concepts introduces various changes in the user interface but defaults are set to keep the same behavior as in OpenVAS-7 if user decides not to deal with OSP. In other words: OSP is entirely optional.
Graphical User Interface:

Dynamic charts are introduced, using the Javascript library “d3”. The first chart types (bar, donut, bubbles, line) are used for the SecInfo section in order to demonstrate some of the capabilities.
The chart objects allow to download the data as CSV table or SVG graphics. Also, a HTML table can be opened and some of the charts are interactive.
The underlying data aggregation technology is generically integrated into the protocol OMP. This allows to add more charts during the lifecycle of the OpenVAS release because no API changes are required.
For the SecInfo Management, a first dashboard is integrated which assembles four of the charts and can be configured individually.
The charting feature is entirely optional: Without enabling Javascript support in the browser no core functionality is lost. Also, the chart view can be collapsed so that only the traditional table view is shown.
Bulk actions are introduced. For example this allows to remove or download many objects within a single action.
The powerfilter was simplified to carry only the essential filter elements. The standard ones are displayed below and of course it is possible to apply any of them in the text entry field.
The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up-to OpenVAS-7, a second session always invalidated the previous one regardless of which browser is used.
For any web interface page, the duration of the backend operation will be shown at the bottom.
The filenames for downloads can now be configured via “My Settings”.
New wizard for modifying a task.

OMP now in version 6.0
The new OSP for controlling arbitrary scanners is at version 1.0.
The OTP protocol was further reduced. It is not recommended to use it to communicate with the OpenVAS Scanner because it will eventually be dropped in favor of OSP. For the time being OMP should be used to control a OpenVAS Scanner.

redis (mandatory):
The OpenVAS Scanner now uses a redis backend to share the knwoledge base among the scanning processes.
PostgreSQL (optional):
OpenVAS Manager now allows to use PostgreSQL as an alternative for the file-based SQLite. Everything should work, but this new database backend has seen little testing so far.
The OpenVAS development team is prepared to fix any issues promptly as it is desired to make this database eventually the new default backend.
openvas-smb (optional):
The new module “openvas-smb” is used for WMI support. This is the former externally maintained wmi client library. Since it was actually not maintained anymore, the module was cut down to the essentials and furnished with a “cmake” build environment.
OSP (optional):
For the new OSP, a base module “OSPd” written in Python is made available. The actual wrappers for vulnerability scanners are collected as “osp-scanners” and the name of the modules is prefixed with “OSPd-“. “OSPd” is a mandatory requirement for each OSP scanner module.
All sample OSP scanners are writtin in Python. Currently the C-library API only supports OSP client functionality, not server functionality.
The memory consumption of the OpenVAS Scanner was reduced by about 50%.

[1] OpenVAS:
[2] redis:
[3] Greenbone:
[4] SecPod:
[5] BSI: