Binary Ninja Blog

In this post, I will explain how I analyzed the Serpentine challenge in this year’s flare-on with the help of time-travel debugging (TTD) integration in the Binary Ninja debugger.

Serpentine is the 9th challenge and is commonly considered the hardest among the ten challenges this year, or even among ALL recent years. It features self-modifying code, x64 exception handling and unwinding, and arithmetic operations masquerading as table lookups. It is a fantastic challenge and a great test of the player’s skills and their tool’s reliability. I’m glad that I was able to solve it and also complete this year’s flare-on challenge!

This evening at 17:56:47 ET on 2024-12-05, a bug in our license/update server caused a large number of license emails to be sent to users with an active license. The short summary is that this was not a security incident, no customer data was exposed, no extra purchases were triggered. We don’t actually have the ability to trigger additional purchases as we don’t store payment information, our credit card processor handles those details.

If you’d like more details into the timeline, what happened to cause the bug and what we’ve done to prevent it from happening again, read on!

Don’t panic! Binary Ninja version 4.2 Frogstar is here. It is, after all, the answer to everything. Much like a trusty towel, you’ll find that the improvements in 4.2 are applicable to many situations. This major release (despite the number increment being minor since we couldn’t skip version 4.2) includes an industry-first multiple-language decompilation, DYLD Shared Cache analysis, MSVC RTTI support, a new signature system fittingly called WARP, and so many more features.

• Language Representations
• MSVC RTTI
• WARP Signature Matching
• DYLD Shared Cache Alpha
• Workflows Feature Update
• Ultimate Edition
• New Architecture
• Smaller But Notable
  • Code Folding
  • Forward Type Propagation
  • Smart Undefine
  • Plugin Status
• Open Source Contributions
• Other Updates

We are excited to share results from our 2024 Reverse Engineering survey! This annual survey helps unpack the current state of the reverse engineering industry and gives insight into how Binary Ninja can better serve the reverse engineering community. Let’s dive into the insights.

VxWorks is a widely deployed real-time operating system (RTOS). It is used in a wide range of applications, including networking, aerospace, and industrial control systems. VxWorks is known for its reliability, performance, and scalability, making it a popular choice for embedded mission-critical systems.

We are excited to announce support for VxWorks in version 4.2 of Binary Ninja Ultimate! This post provides an introduction to VxWorks and explains how Binary Ninja can be used to reverse engineer VxWorks images.

We’ve been very hard at work improving the experience for our iOS and macOS reverse engineers. You’ll want to keep an eye out for our upcoming 4.2 feature release announcement stream which includes some even juicier bits. In the meantime, hopefully this will tide you over.

This blog is a short summary of the current state of Objective-C analysis in Binary Ninja.

EDITOR’S NOTE: This guest-post was brought to you by unknowntrojan, shedding light on one of the lesser-known plugins, coolsigmaker.

A common desire in reverse engineering is to match re-used code across multiple binaries. Whether you’re doing malware lineage tracking, identifying a statically compiled library, or any other use case about identifying similar code, there are multiple technologies that attempt to solve parts of this problem. Other tools for related problems include SigKit (Binary Ninja’s static library detection), IDA’s FLIRT/FLAIR and Lumina features, or even more advanced systems like Diaphora or BinDiff.

Related to those, you might already be familiar with the “SigMaker” style of plugins for various platforms^{[1] [2] [3]}. These plugins generate patterns from code that can be used to find said code across different binaries or find the same function reliably between application updates. This is useful for malware classification and static-library identification among other purposes.

binja_coolsigmaker is just that: a fast and reliable “SigMaker” plugin for Binary Ninja.

Today, we are releasing the newest edition of our flagship product: Binary Ninja Ultimate.

The Ultimate edition includes all of the same features you know and love from Binary Ninja Commercial, but also includes the architectures we’ve been selling separately over our past few releases. This lets us simplify our release pipeline and our pricing at the same time without raising prices for any existing customers. For the next few months, we’ll be selling this edition at a reduced, introductory price as we continue to build out additional features.

Under-the-hood, Binary Ninja Ultimate is a re-brand of our existing Binary Ninja Enterprise client builds, but now with named (instead of just floating) licenses. This means all current Enterprise customers will get Ultimate features at no extra cost and all future Ultimate customers will have the ability to add an Enterprise server at any time.

Some additional clarifications up-front for our existing customers:

• If you’re a Non-Commercial customer, nothing is changing.
• If you’re a Commercial customer happy with our existing architecture support, nothing is changing.
• If you’re an Enterprise customer, you will receive many new architectures for free with your existing licenses!
• If you had previously purchased a license to nanoMIPS or TriCore (speaking of which, make sure to catch up on our other blog post today with much more detail about our TriCore support), you will receive a free upgrade to Binary Ninja Ultimate.

TriCore firmware is important for security researchers since it is found in a wide range of car components. While we originally announced the availability of a separate paid TriCore plugin in our 4.1 release, we have since updated it and are excited to now ship TriCore to all Binary Ninja Ultimate customers! This not only makes it cheaper and enables access to other architectures, but makes getting access easier than ever. If you haven’t heard of Ultimate yet, check out our other announcement from today!

The Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of firmware used for booting computers. It contains the initial code that runs on most modern PCs and mobile devices, operating at the highest privilege levels before the operating system loads. This makes UEFI a fascinating area for reverse engineering.

Let’s delve into some firmware samples and demonstrate how Binary Ninja and our official EFI Resolver plugin can automate the analysis of UEFI binaries. The features highlighted in this blog post represent a culmination of efforts that began prior to the release of Binary Ninja 3.5. This ongoing work includes recent contributions by Zichuan, one of our summer interns!