Binary Ninja Blog

Sidekick 3.0

Today, we are excited to announce Sidekick 3.0! In addition to a number of bug fixes, UX improvements, and updated models, this release extends Sidekick’s analysis capabilities and with tighter Binary Ninja integration. In particular, our new query language, expanded editing capabilities, custom tool system, and the re-designed Assistant (now called the Analysis Console) stand out. These features and more continue to make Sidekick the best AI-powered tool for binary analysis on the market.

Exploring Relationships, Finding Answers

As a reverse engineer, building relationships between code and data is foundational for understanding a binary. An AI assistant also needs to be able to navigate those same relationships and gather relevant information before it can properly analyze and understand what’s going on.

With Sidekick 3.0, we are introducing a new query language called the Binary Ninja Query Language (BNQL), which has been designed specifically for use by AI models to navigate code and data relationships with ease. As an example, this means that Sidekick will now search with cross-references to find and substantiate answers to your questions.

Analysis Console Figure 1: Sidekick’s Analysis Console uses BNQL to collect more information from the binary for deeper analysis.

Editing Binaries Like a Ninja

As reverse engineers, we don’t just stare at a bunch of bytes and magically come up with the answer to a specific question. To reach our goals, we shape an analysis database to reflect our findings along the way: naming functions, defining and applying types, adding comments and tags, and building custom views for the things we care about most. We wanted Sidekick 3.0 to have the same power.

To that end, we’ve designed an AI-friendly format for editing binaries, letting Sidekick manipulate the database with ninja-like precision. It can add, remove, or tweak anything: functions, data variables, symbols, sections, and even raw bytes! This mirrors the full control over analysis that you’d expect from a seasoned pro.

Analysis Console Figure 2: Sidekick’s Analysis Console directly applies edits to the binary to create structure definitions, rename functions, and rename variables.

But, it doesn’t stop there! Sidekick can also create and curate custom analysis indexes using BNQL queries, quickly gathering points of interest so you can focus on what matters most to you.

Analysis Console Figure 3: Sidekick’s Analysis Console creates Analysis Indexes and adds entries using BNQL.

Extending Deep Analysis with a Custom Toolkit

Reverse engineering relies on tools that search binaries, compute precise results, or automate repetitive tasks. When these tools are reusable and tailored to specific needs, they improve efficiency across projects. Sidekick 3.0 extends its deep analysis capabilities by creating a growing set of custom tools designed for reuse.

Analysis Console Figure 4: Sidekick’s Analysis Console manages and uses set of active tools that can be extended to add new or existing tools to accomplish a given task.

In this release, Sidekick thoughtfully generates parameterized scripts, drawing on Binary Ninja’s API and our AI-driven program analysis (LLMOperator) from the prior release. These scripts form a toolkit that can be applied to recurring tasks—like finding specific function patterns or tagging cross-references—without needing constant rework. As the toolkit expands with each project, both you and Sidekick become more efficient, leveraging past analysis to streamline future efforts.

Automation Workbench Figure 5: Scripts are tools that can define parameters in order to accept inputs at runtime.

Analysis Console

The new Sidekick Analysis Console is your home base for deep analysis. This feature, formerly known as the Sidekick Assistant, has been completely revamped so you and Sidekick can collaborate more effectively. In the Analysis Console, the assistant can:

  • Interpret and analyze both the code and the content of your conversation (Figure 1)
  • Search for items in the binary using BNQL (Figures 1 & 3)
  • Store and retrieve analysis results using Analysis Indexes (Figure 3)
  • Search, create, register, and run tools that perform tasks to assist in completing your request (Figure 4)
  • Edit the binary (e.g. rename functions and variables, add comments, etc.) (Figure 2)

The Analysis Console maintains a collection of sessions (formerly called pages) that capture the history of your interactions with the assistant. New in this release is the ability to search for content across all sessions and yield results that allow you to navigate to their location within a session.

Analysis Console Figure 6: Analysis Console yields search results from across all sessions.

To get more familiar with the new Analysis Console, check out our documentation.

Other Changes

Automation Workbench

Formerly known as the Analysis Workbench, the Automation Workbench provides two key features that let you write smarter, more capable scripts:

  • LLMs can be leveraged for program analysis tasks directly from within your script. This is done using the LLMOperator construct. For each LLMOperator, you can select the model it uses from among a catalog of available models or even one that you provide.
  • The Scripting Assistant (formerly called the Coding Assistant) works with you to write both your script and also the prompts for the LLMs used by the LLMOperators of your script.

New in this release for the Automation Workbench are the following:

  • Scripts now support parameters, allowing you to create reusable scripts that can be run with different inputs. (Figure 5)
  • Scripts are now tools that can be executed by the Analysis Console, providing input parameters when needed.
  • A script and the LLMOperators that it uses are now combined into a single unit, generated together by the Scripting Assistant.
  • You can now manually add LLMOperators to a script and reference them by name.

Migrating Existing Scripts

Starting in Sidekick 3.0, LLMOperators accept a single input argument during construction. This argument is the name of the LLMOperator specification that the LLMOperator should use. If you have existing scripts that use LLMOperators, you will need to update them to use the new format. The easiest way to do this is to use the Scripting Assistant to generate the new code for you. However, if you wish to do this yourself, then you will need to assign a name to each defined LLMOperator specification and then pass that name as the only argument to the LLMOperator constructor.

Analysis Indexes

The assistant in the Analysis Console has full access to the Analysis Indexes, which it can even use as a scratchpad for intermediate analysis results. In addition, we added the ability for you to use BNQL queries to quickly add items to an index without ever writing a script. Of course, you can still write your own scripts to populate the indexes.

Analysis Console Figure 7: Add entries to an Analysis Index using a BNQL query.

Decompilation Suggestions

The newly renamed Decompilation Suggestions sidebar received a few minor changes as well (besides the name change):

  • Removed Dead Store Elimination suggestions due to their low utility, noisy generation, and incorrectness (in some cases)
  • Slightly improved the presentation of suggestions to make them more intuitive

Decompilation Suggestions Figure 7: Name suggestions use a more intuitive double-lined arrow.

Investigations

The Investigations sidebar has been removed and replaced by the more capable Analysis Console. Previously, Investigations explored a fixed number of topics and could only examine a single function. Now, the Analysis Console can perform multi-step investigations of any topic, exploring potentially the entire binary.

Minimum Requirements

To take advantage of all the awesome improvements to Binary Ninja, Sidekick 3.0 now requires a minimum version of Binary Ninja 4.2.6455.

Sidekick in Action

Check out these blog posts to see Sidekick 3.0 solving analysis tasks with ease!

What’s Next

We have several efforts on the horizon for Sidekick, aimed at enhancing performance, usability, and integration. Here’s a broad look at our product roadmap:

  • Sidekick On-Premises: Enable private, local deployment so users can run Sidekick within their own infrastructure.
  • Tuning of models: Optimize and refine our machine learning models for improved performance.
  • Longer unassisted analysis (auto-chat): Enable the Analysis Console to perform longer, more complex analysis without user intervention.
  • Assistant Operator: Enable scripts to directly call the Analysis Assistant to perform a task, similar to LLMOperators.
  • Guidance (Next Steps): Offer clear, actionable recommendations to help users determine the most effective next steps for analysis.
  • Multi-binary analysis: Expand Sidekick’s scope to perform analysis across multiple binary files.
  • Improvements to Decompilation Suggestions: Enhance the suggestion engine with better rationale explanations, increased confidence scores, and improved structure recovery.
  • Improved integration with Binary Ninja: Strengthen integration with Binary Ninja, potentially through Workflows, to streamline tasks overall.

In the meantime, sign up for Sidekick! If you’re already a subscriber, update your plugin now.