Binary Ninja

Last updated
Binary Ninja
Original author(s) Jordan Wiens, Rusty Wagner, Peter LaFosse
Developer(s) Vector 35 Inc [1]
Initial releaseJuly 31, 2016;8 years ago (2016-07-31) [2]
Stable release
4.1.5747 / July 17, 2024;55 days ago (2024-07-17) [2]
Written in C++, C, Python, Rust
Operating system Microsoft Windows, Mac OS X, and Linux
Available in English
Type Reverse Engineering, Disassembler, Decompiler
License Proprietary
Website https://binary.ninja

Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. [1] It can disassemble a binary and display the disassembly in linear or graph views. It performs automated in-depth analysis of the code, generating information that helps to analyze a binary. It lifts the instructions into intermediate languages, and eventually generates the decompiled code.

Contents

Binary Ninja supports various CPU architectures and binary executable formats. It runs on Windows, macOS, and Linux. It also has a free-to-use cloud and native version. [3]

History

Binary Ninja was originally an internal tool [4] for a CTF team. The developers later decided to form Vector 35 Inc and develop Binary Ninja into a commercial product. The development started in 2015 and the first public version was released in July 2016.

The commercial product does not share code [4] with the internal tool. The latter one is now open-sourced [5] under GPLv2.

Features and usage

User interface

Binary Ninja's UI is built using Qt. Its main UI comprises a symbol list, a cross-reference window, a linear/graph view of the disassembly, a mini-graph, as well as a feature map. It can also show a hex editor, strings listing, and a triage view.

Binary Ninja generates extensive annotations in the UI to assist binary analysis.

Binary Ninja also supports user-defined themes. [6]

API and plugins

Binary Ninja offers an API that can be accessed via Python, C++, or Rust. [7] The API is open-sourced [8] under MIT License. It can interact with most of the Binary Ninja's functionality, e.g., user interface, analysis, IL (see below), etc. It can be used to add support for new architecture or automate tasks.

Plugins [9] can be made via the API to enhance Binary Ninja. Vector35 maintains a collection of official plugins, [10] while the community has created numerous community plugins. [11]

Some notable plugins are the debugger, [12] the signature kit, [13] etc.

Binary Ninja intermediate languages (BNIL)

Binary Ninja offers three intermediate languages (ILs).

Core analysis

Binary Ninja automatically performs various analyses on the binary. Some examples are:

Binary editing and patching, shellcode compiler (SCC)

Binary Ninja offers binary patching and editing features. It can assemble an instruction at the current line, flip a conditional jump, etc. Edits and updated analysis are immediately reflected in the UI.

Binary Ninja can be used as a general binary editor. It supports several commonly-used transformations and encryption algorithms.

The shellcode compiler allows the user to compile and insert code via C syntax.

Supported architectures and executable file formats

Architectures

Binary Ninja supports the following CPU architectures officially:

The support for these architectures vary and details can be found in the official FAQ. [16]

Community-authored plugins add support for various other architectures. [17]

Executable file formats

Binary Ninja supports the following executable file formats officially:

See also

Related Research Articles

A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principally a reverse-engineering tool. Common uses of disassemblers include analyzing high-level programming language compilers output and their optimizations, recovering source code of a program whose original source was lost, malware analysis, modifying software, and software cracking.

<span class="mw-page-title-main">ActionScript</span> Object-oriented programming language created for the Flash multimedia platform

ActionScript is an object-oriented programming language originally developed by Macromedia Inc.. It is influenced by HyperTalk, the scripting language for HyperCard. It is now an implementation of ECMAScript, though it originally arose as a sibling, both being influenced by HyperTalk. ActionScript code is usually converted to byte-code format by a compiler.

<span class="mw-page-title-main">GStreamer</span> Multimedia framework

GStreamer is a pipeline-based multimedia framework that links together a wide variety of media processing systems to complete complex workflows. For instance, GStreamer can be used to build a system that reads files in one format, processes them, and exports them in another. The formats and processes can be changed in a plug and play fashion.

<span class="mw-page-title-main">Interactive Disassembler</span> Software reverse engineering tool

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.

Netscape Plugin Application Programming Interface (NPAPI) is a deprecated application programming interface (API) for web browser plugins, initially developed for Netscape Navigator 2.0 in 1995 and subsequently adopted by other browsers.

<span class="mw-page-title-main">CKEditor</span> WYSIWYG rich text editor

CKEditor is a WYSIWYG rich text editor which enables writing content directly inside of web pages or online applications. Its core code is written in JavaScript and it is developed by CKSource. CKEditor is available under open source and commercial licenses.

OllyDbg was an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a user friendly interface, and its functionality can be extended by third-party plugins. Version 1.10 is the final 1.x release. Version 2.0 was released in June 2010, and OllyDbg has been rewritten from the ground up in this release. Although the current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors, a 64-bit version of the debugger has been promised. As of April 2022 the development of the project has been frozen and an incomplete 64-bit version can be downloaded from the website.

<span class="mw-page-title-main">QGIS</span> Open-source desktop GIS software

QGIS is a geographic information system (GIS) software that is free and open-source. QGIS supports Windows, macOS, and Linux. It supports viewing, editing, printing, and analysis of geospatial data in a range of data formats. QGIS was previously also known as Quantum GIS.

<span class="mw-page-title-main">Ghidra</span> Free reverse engineering tool developed by the National Security Agency

Ghidra is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. Ghidra is seen by many security researchers as a competitor to IDA Pro. The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.

The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook.

This is a comparison of web frameworks for front-end web development that are heavily reliant on JavaScript code for their behavior.

A decompiler is a computer program that translates an executable file to high-level source code. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level language. While disassemblers translate an executable into assembly language, decompilers go a step further and translate the code into a higher level language such as C or Java, requiring more sophisticated techniques. Decompilers are usually unable to perfectly reconstruct the original source code, thus will frequently produce obfuscated code. Nonetheless, they remain an important tool in the reverse engineering of computer software.

<span class="mw-page-title-main">Google Plugin for Eclipse</span> Set of Java development tools

Google Plugin for Eclipse (GPE) was a set of development tools that enabled Java developers to design, build, optimize, and deploy cloud computing applications. developers in creating complex user interfaces, generating Ajax code using the GWT Web Toolkit, and deploying applications to Google App Engine. GPE installed into the Eclipse integrated development environment (IDE) using the extensible plugin system. GPE was available under the Eclipse Public License 1.0.

<span class="mw-page-title-main">Sencha Touch</span> JavaScript framework

Sencha Touch is a user interface (UI) JavaScript library, or web framework, specifically built for the Mobile Web. It can be used by Web developers to develop user interfaces for mobile web applications that look and feel like native applications on supported mobile devices. It is based on web standards such as HTML5, CSS3 and JavaScript. The goal of Sencha Touch is to facilitate quick and easy development of HTML5 based mobile apps which run on Android, iOS, Windows, Tizen and BlackBerry devices, simultaneously allowing a native look and feel to the apps.

Windows UI Library is a user interface API that is part of the Windows Runtime programming model that forms the backbone of Universal Windows Platform apps for the Windows 8, Windows 8.1, Windows 10 and Windows Phone 8.1 operating systems. It enables declaring user interfaces using Extensible Application Markup Language (XAML) technology.

<span class="mw-page-title-main">JEB decompiler</span> Reverse engineering software

JEB is a disassembler and decompiler software for Android applications and native machine code. It decompiles Dalvik bytecode to Java source code, and x86, ARM, MIPS, RISC-V machine code to C source code. The assembly and source outputs are interactive and can be refactored. Users can also write their own scripts and plugins to extend JEB functionality.

Thomas W. Reps is an American computer scientist known for his contributions to automatic program analysis. Dr. Reps is Professor of Computer Science in the Computer Sciences Department of the University of Wisconsin–Madison, which he joined in 1985. Reps is the author or co-author of four books and more than one hundred seventy-five papers describing his research. His work has covered a wide variety of topics, including program slicing, data-flow analysis, pointer analysis, model checking, computer security, instrumentation, language-based program-development environments, the use of program profiling in software testing, software renovation, incremental algorithms, and attribute grammars.

<span class="mw-page-title-main">Radare2</span> Free framework for reverse-engineering software

Radare2 is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

<span class="mw-page-title-main">Ionic (mobile app framework)</span> Open-source framework to develop hybrid mobile apps

Ionic is an open-source UI toolkit for building cross-platform mobile, web, and desktop applications using web technologies such as HTML, CSS, and JavaScript/TypeScript. It provides a set of pre-designed UI components and tools for building high-quality, interactive applications. Ionic was originally built as a complete open-source SDK for hybrid mobile app development created by Max Lynch, Ben Sperry, and Adam Bradley of Drifty Co. in 2013. The original version was released in 2013 and built on top of AngularJS and Apache Cordova. However, the latest release was re-built as a set of Web Components using StencilJS, allowing the user to choose any user interface framework, such as Angular, React or Vue.js. It also allows the use of Ionic components with no user interface framework at all. Ionic provides tools and services for developing hybrid mobile, desktop, and progressive web apps based on modern web development technologies and practices, using Web technologies like CSS, HTML5, and Sass. In particular, mobile apps can be built with these Web technologies and then distributed through native app stores to be installed on devices by utilizing Cordova or Capacitor.

Flutter is an open-source UI software development kit created by Google. It can be used to develop cross platform applications from a single codebase for the web, Fuchsia, Android, iOS, Linux, macOS, and Windows. First described in 2015, Flutter was released in May 2017. Flutter is used internally by Google in apps such as Google Pay and Google Earth as well as other software developers including ByteDance and Alibaba.

References

  1. 1 2 "Vector 35 > home". vector35.com. Retrieved 2020-07-26.
  2. 1 2 Inc, Vector 35. "Binary Ninja > Binary Ninja > changelog". binary.ninja. Retrieved 2020-07-26.{{cite web}}: |last= has generic name (help)CS1 maint: numeric names: authors list (link)
  3. "Try Binary Ninja". binary.ninja. Retrieved 2024-03-02.
  4. 1 2 "Binary Ninja > Frequently Asked Questions". faq.binary.ninja. Retrieved 2020-07-26.
  5. Vector35/deprecated-binaryninja-python, VECTOR 35, 2020-07-12, retrieved 2020-07-26
  6. Vector35/community-themes, VECTOR 35, 2020-07-09, retrieved 2020-07-26
  7. "Using the Binary Ninja API - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2023-03-17.
  8. Vector35/binaryninja-api, VECTOR 35, 2020-07-22, retrieved 2020-07-26
  9. "Using and Writing Plugins - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  10. Vector35/official-plugins, VECTOR 35, 2020-07-16, retrieved 2020-07-26
  11. "Using and Writing Plugins - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  12. Vector35/debugger, VECTOR 35, 2020-07-25, retrieved 2020-07-26
  13. Vector35/sigkit, VECTOR 35, 2020-07-14, retrieved 2020-07-26
  14. "BNIL Guide: LLIL - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  15. "BNIL Guide: MLIL - Binary Ninja User Documentation". docs.binary.ninja. Retrieved 2020-07-26.
  16. "Binary Ninja > Frequently Asked Questions". binary.ninja. Retrieved 2024-07-25.
  17. Vector35/community-plugins, VECTOR 35, 2020-07-22, retrieved 2020-07-26
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.