Binary Ninja Blog

We’re excited to announce the launch of our new developer portal within the Binary Ninja Portal. This new feature provides a centralized hub for viewing extensions, gives extension developers the ability to manage their extensions, and provides extension authors insights into their user base.

While our customers with active support on the development branch have access to these changes and more, we occasionally release updated stable releases just to include a few fixes that we either did not identify during stable release testing or those for whom a fix was scheduled after the original stable release.

This 5.0 Release 2 build improves on our recent 5.0 release with a few small stability improvements and fixes.

Reverse engineering often requires quickly finding a proverbial needle in a haystack. Whether hunting for specific byte signatures, cryptographic constants, or matching instruction patterns, the ability to efficiently locate precise byte sequences within binaries is essential. This post introduces the Advanced Binary Search (ABS) search mode in Binary Ninja (BN), designed to streamline the most common reverse engineering search tasks.

Not enough time to reverse engineer everything you want? The Time Lords are here to help in Binary Ninja 5.0 Gallifrey! With major features across the board from huge analysis improvements, fantastic iOS support, many new firmware-specific features, and more, this major version has something for everyone.

• iOS
  • DYLD Shared Cache
  • Kernel Cache
• Firmware
  • Firmware Ninja (Ultimate Only)
  • IHEX/TI-TXT/SREC Loader
  • SVD Loader
• Analysis
  • Array and Structure Detection and Propagation
  • Union Type Support
  • Itanium RTTI
• Debugger
• Shellcode Compiler Open Sourced
• New Architectures
• Enterprise Browser Improvements
• Other Notables
  • Updated URL Handler
  • Line Wrapping
  • Render Layers
  • Customer Portal
• Open Source Contributions
• Everything Else

Today, let’s talk about Firmware Ninja, functionality included in Binary Ninja Ultimate Edition that speeds up firmware analysis by offering specialized capabilities tailored to the complexities of embedded reverse engineering.

The battle for the default browser on Windows has always been heated. You might have heard of how Microsoft leveraged its UCPD (User Choice Protection Driver) to prevent third-party browsers from setting themselves as the default one. However, in this post, I will show my journey into uncovering how various browsers try to bypass the restriction, and how UCPD gets updated to defeat their attempts.

Note: this is an extended version of my lightning talk at RE//verse. Please also check out the video and slides.

We’re excited to share some significant news about Binary Ninja’s role in improving medical device security. Through a collaborative effort with STR and Aarno Labs under the ARPA-H DIGIHEALS program, our platform has helped identify critical vulnerabilities in widely-used hospital patient monitoring systems.

Today, we are excited to announce Sidekick 3.0! In addition to a number of bug fixes, UX improvements, and updated models, this release extends Sidekick’s analysis capabilities and with tighter Binary Ninja integration. In particular, our new query language, expanded editing capabilities, custom tool system, and the re-designed Assistant (now called the Analysis Console) stand out. These features and more continue to make Sidekick the best AI-powered tool for binary analysis on the market.

Hello, and welcome to another exciting episode of “Sidekick in Action”! Today, we will be applying Sidekick to a variety of common vulnerability discovery tasks while looking at the popular network utility dnsmasq.

In this post, we’ll explore how we used Sidekick to analyze complex malware samples. We’ll use LockBit 3.0 as our target, walking through the process of identifying and understanding key functions, deobfuscating strings, and mapping the sample’s behavior.