Binary Ninja

Last updated
Binary Ninja
Original author(s) Jordan Wiens, Rusty Wagner, Peter LaFosse
Developer(s) Vector 35 Inc [1]
Initial releaseJuly 31, 2016;8 years ago (2016-07-31) [2]
Stable release
4.2.6455 / November 20, 2024;21 days ago (2024-11-20) [2]
Written in C++, C, Python, Rust
Operating system Microsoft Windows, Mac OS X, and Linux
Available in English
Type Reverse Engineering, Disassembler, Decompiler
License Proprietary
Website https://binary.ninja

Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. [1] It allows users to disassemble a binary file and visualize the disassembly in both linear and graph-based views. The software performs automated, in-depth code analysis, generating information that helps to analyze a binary. It lifts assembly instructions into intermediate languages, generating decompiled code.

Contents

Binary Ninja supports various CPU architectures and binary executable formats, and runs on Windows, macOS, and Linux. It also offers a free-to-use cloud version and a native commercial version. [3]

History

Originally developed as an internal tool for a CTF team, [4] the developers later formed Vector 35 Inc. to turn Binary Ninja into a commercial product. Development began in 2015, and the first public version was released in July 2016.

The commercial version was developed from scratch and does not share code with the original internal tool. [4] The latter one is now open-sourced under the GPLv2 license. [5]

Features and usage

User interface

Binary Ninja's user interface is, built using Qt, comprises several components such as a symbol list, a cross-reference window, and disassembly views (both linear and graph-based), a mini-graph, and a feature map. It also includes tools like a hex editor, strings listing, and a triage view.

Binary Ninja generates extensive annotations in the UI to assist binary analysis and also supports user-defined themes for customization. [6]

API and plugins

Binary Ninja offers an API that can be accessed via Python, C++, or Rust. [7] The API is open-sourced under the MIT License. [8] It can interact with most of Binary Ninja's functionality, including the user interface, analysis tools, and intermediate languages (see below). It can be used to add support for new architectures or to automate tasks,

Plugins [9] can be developed using the API to enhance Binary Ninja. Vector35 maintains a collection of official plugins, [10] while the community has created numerous additional plugins. [11]

Some notable plugins include the debugger, [12] and the signature kit. [13]

Binary Ninja Intermediate Languages (BNIL)

Binary Ninja offers three intermediate languages (ILs).

Core analysis

Binary Ninja automatically performs various analyses on the binary. Some examples are:

Binary editing and patching, shellcode compiler (SCC)

Binary Ninja offers binary patching and editing features. It can assemble an instruction at the current line, flip a conditional jump, etc. Edits and updated analysis are immediately reflected in the UI.

Binary Ninja can be used as a general binary editor. It supports several commonly-used transformations and encryption algorithms.

The shellcode compiler allows the user to compile and insert code via C syntax.

Supported architectures and executable file formats

Architectures

Binary Ninja supports the following CPU architectures officially:

The support for these architectures vary and details can be found in the official FAQ. [16]

Community-authored plugins add support for various other architectures. [17]

Executable file formats

Binary Ninja supports the following executable file formats officially:

See also

Related Research Articles

A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. The output of disassembly is typically formatted for human-readability rather than for input to an assembler, making disassemblers primarily a reverse-engineering tool. Common uses include analyzing the output of high-level programming language compilers and their optimizations, recovering source code when the original is lost, performing malware analysis, modifying software, and software cracking.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

<span class="mw-page-title-main">ActionScript</span> Object-oriented programming language created for the Flash multimedia platform

ActionScript is an object-oriented programming language originally developed by Macromedia Inc.. It is influenced by HyperTalk, the scripting language for HyperCard. It is now an implementation of ECMAScript, though it originally arose as a sibling, both being influenced by HyperTalk. ActionScript code is usually converted to bytecode format by a compiler.

<span class="mw-page-title-main">GStreamer</span> Multimedia framework

GStreamer is a pipeline-based multimedia framework that links together a wide variety of media processing systems to complete complex workflows. For instance, GStreamer can be used to build a system that reads files in one format, processes them, and exports them in another. The formats and processes can be changed in a plug and play fashion.

<span class="mw-page-title-main">Interactive Disassembler</span> Software reverse engineering tool

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.

Netscape Plugin Application Programming Interface (NPAPI) is a deprecated application programming interface (API) for web browser plugins, initially developed for Netscape Navigator 2.0 in 1995 and subsequently adopted by other browsers.

A GIS software program is a computer program to support the use of a geographic information system, providing the ability to create, store, manage, query, analyze, and visualize geographic data, that is, data representing phenomena for which location is important. The GIS software industry encompasses a broad range of commercial and open-source products that provide some or all of these capabilities within various information technology architectures.

<span class="mw-page-title-main">.NET Reflector</span> Computer program by Lutz Roeder

.NET Reflector is a class browser, decompiler and static analyzer for software created with .NET Framework, originally written by Lutz Roeder. MSDN Magazine named it as one of the Ten Must-Have utilities for developers, and Scott Hanselman listed it as part of his "Big Ten Life and Work-Changing Utilities".

<span class="mw-page-title-main">CKEditor</span> WYSIWYG rich text editor

CKEditor is a WYSIWYG rich text editor which enables writing content directly inside of web pages or online applications. Its core code is written in JavaScript and it is developed by CKSource. CKEditor is available under open source and commercial licenses.

OllyDbg was an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a user friendly interface, and its functionality can be extended by third-party plugins. Version 1.10 is the final 1.x release. Version 2.0 was released in June 2010, and OllyDbg has been rewritten from the ground up in this release. Although the current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors, a 64-bit version of the debugger has been promised. As of April 2022 the development of the project has been frozen and an incomplete 64-bit version can be downloaded from the website.

<span class="mw-page-title-main">QGIS</span> Open-source desktop GIS software

QGIS is a geographic information system (GIS) software that is free and open-source. QGIS supports Windows, macOS, and Linux. It supports viewing, editing, printing, and analysis of geospatial data in a range of data formats. QGIS was previously also known as Quantum GIS.

Google Developers is Google's site for software development tools and platforms, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.

<span class="mw-page-title-main">Ghidra</span> Free reverse engineering tool developed by the National Security Agency

Ghidra is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. Ghidra is seen by many security researchers as a competitor to IDA Pro. The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.

The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook.

This is a comparison of web frameworks for front-end web development that are heavily reliant on JavaScript code for their behavior.

A decompiler is a computer program that translates an executable file to high-level source code. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level language. While disassemblers translate an executable into assembly language, decompilers go a step further and translate the code into a higher level language such as C or Java, requiring more sophisticated techniques. Decompilers are usually unable to perfectly reconstruct the original source code, thus will frequently produce obfuscated code. Nonetheless, they remain an important tool in the reverse engineering of computer software.

An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation.

<span class="mw-page-title-main">JEB decompiler</span> Reverse engineering software

JEB is a disassembler and decompiler software for Android applications and native machine code. It decompiles Dalvik bytecode to Java source code, and x86, ARM, MIPS, RISC-V machine code to C source code. The assembly and source outputs are interactive and can be refactored. Users can also write their own scripts and plugins to extend JEB functionality.

<span class="mw-page-title-main">Radare2</span> Free framework for reverse-engineering software

Radare2 is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

Visual Expert is a static code analysis tool, extracting design and technical information from software source code by reverse-engineering, used by programmers for software maintenance, modernization or optimization.

References

  1. 1 2 "Vector 35 > home". vector35.com. Retrieved 2020-07-26.
  2. 1 2 Vector 35 Inc. "Binary Ninja > Binary Ninja > changelog". binary.ninja. Retrieved 2020-07-26.
  3. "Try Binary Ninja". binary.ninja. Retrieved 2024-03-02.
  4. 1 2 "Binary Ninja > Frequently Asked Questions". faq.binary.ninja. Retrieved 2020-07-26.
  5. Vector35/deprecated-binaryninja-python, VECTOR 35, 2020-07-12, retrieved 2020-07-26
  6. Vector35/community-themes, VECTOR 35, 2020-07-09, retrieved 2020-07-26
  7. "Using the Binary Ninja API - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2023-03-17.
  8. Vector35/binaryninja-api, VECTOR 35, 2020-07-22, retrieved 2020-07-26
  9. "Using and Writing Plugins - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  10. Vector35/official-plugins, VECTOR 35, 2020-07-16, retrieved 2020-07-26
  11. "Using and Writing Plugins - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  12. Vector35/debugger, VECTOR 35, 2020-07-25, retrieved 2020-07-26
  13. Vector35/sigkit, VECTOR 35, 2020-07-14, retrieved 2020-07-26
  14. "BNIL Guide: LLIL - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  15. "BNIL Guide: MLIL - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  16. "Binary Ninja > Frequently Asked Questions". binary.ninja. Retrieved 2024-07-25.
  17. Vector35/community-plugins, VECTOR 35, 2020-07-22, retrieved 2020-07-26
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.