Binary Ninja Blog

For Binary Ninja 5.3, we’re bringing features and fixes across a number of areas. For improved interoperability, we’ve added Ghidra Export to the existing Ghidra Import code and have improved our IDB Import capability. For new architectures and platforms, we’ve added NDS32 to Ultimate, a new ILP32 ABI for AArch64, and a new set of APIs for “weird” architectures. And of course, we’ve made a number of improvements to the UI including a new Universal Mach-O loader UI, usability improvements to the container browser, and a new “super” command palette! Plus, changes to the debugger, enterprise features, new opt-in crash reporting to help us squash bugs faster, and so much more!

Firmware analysis, malware triage, and embedded systems reverse engineering often require extracting files from nested container formats: TAR archives inside GZIP files, encrypted firmware wrapped in multiple compression layers, or password-protected ZIPs containing “infected” malware.

Manually peeling each layer with separate tools gets old fast.

Binary Ninja’s Container Transform system automates this workflow, handling detection, extraction, password management, and multi-layer nesting while preserving the structure and provenance of each stage.

Adding platform support to an architecture plugin is one of the best ways to improve decompilation. While disassembling and lifting give us good results, they are limited in scope and cannot fill in details about the operating system. With platform support, we can add rich annotations to the analysis and get better results. Let’s look through the many systems Binary Ninja includes for implementing platform support in a plugin of your own.

Lifting is the critical step to unlocking Binary Ninja’s powerful analysis and decompilation. Often the “left as an exercise to the reader” of Binary Ninja custom architecture tutorials, it is both a lengthy process and one with a lot of subtlety. From simple instructions to flags and intrinsics, the lifting process describes the behavior of every instruction. Let’s write a lifter for Quark!

From the beginning, the most important feature of Binary Ninja has been our API. The goal is simple: your plugins should be capable of producing the same high-quality decompilation as our official architectures. In this three-part series, we will implement a complete architecture and platform using some lesser-known features in Binary Ninja. From disassembly and lifting, to calling conventions, Type Libraries, and function signatures, we will explore the many steps involved in getting and refining decompilation results. The series is intended to be used both as a roadmap for how to build your own architecture plugin and as ideas for how to improve an existing one you might already have.

The Command Palette is one of the primary interfaces for interacting with Binary Ninja, and has been for almost as long as Binary Ninja has existed. Now, in the upcoming Jotunheim release, the Command Palette is getting more powerful! Beyond just searching menu items, you will be able to search Functions, Types, Strings, and more!

Binary Ninja Enterprise 2.0 is here, and it’s a free upgrade for all active customers! While we plan on supporting the current Enterprise 1.2.x branch for our next few Binary Ninja releases to give customers time to migrate, Enterprise 2.0 already comes with a significant upside: An on-premises version of our new WARP service. To get started, customers with active support can find the server installers in the customer portal, or have them sent via email using the license recovery system. (Note: A v1.x manage_server will not update itself directly to v2.0. We wanted to make sure your current servers wouldn’t update unexpectedly.)

• Highlights
• WARP: On-Prem
• Server Deployment
  • Client Installers
• Upgrade Path
• Get Started Today!

In this blog post, we will take a close look at a Linux binary loaded with various anti-reverse-engineering techniques. The binary is the final boss from the book Programming Linux Anti-Reversing Techniques by Jacob Baines. I will also take this opportunity to show off some Binary Ninja tricks that can speed up your daily analysis!

In this walkthrough, you will learn how to:

• Handle malformed ELF headers and segment tricks
• Work with encrypted and obfuscated code (XOR and RC4)
• Navigate Binary Ninja’s segment and section editing capabilities
• Use powerful selection and transformation features
• Understand the design decisions behind Binary Ninja’s analysis heuristics
• Apply practical workflows for analyzing real-world malware and CTF challenges

For customers who prefer to operate on stable branches, we have released an “R2”, or second release of the Io, 5.2 release. It includes multiple small stability improvements, crash fixes, update fixes for Linux ARM builds, and fixes to WARP, DWARF, and Ghidra Import.

As always, customers with active support on the development branch have access to these changes and more.

For the last few months, we’ve been hard at work on today’s release, Binary Ninja 5.2 (Io)! This release delivers some of our most impactful and highly requested features yet, including bitwise data-structure support (second most requested), container support (fifth most requested), full Hexagon architecture support for disassembly and decompilation, and much more. Under-the-hood, 5.2 also contains some other improvements that will help us chart a course toward even bigger improvements in the future.

Update: A second release (R2) with stability improvements and bug fixes is now available.

Let’s dig in!