Binary Ninja Blog

Today, let’s talk about Firmware Ninja, functionality included in Binary Ninja Ultimate Edition that speeds up firmware analysis by offering specialized capabilities tailored to the complexities of embedded reverse engineering.

The battle for the default browser on Windows has always been heated. You might have heard of how Microsoft leveraged its UCPD (User Choice Protection Driver) to prevent third-party browsers from setting themselves as the default one. However, in this post, I will show my journey into uncovering how various browsers try to bypass the restriction, and how UCPD gets updated to defeat their attempts.

Note: this is an extended version of my lightning talk at RE//verse. Please also check out the video and slides.

We’re excited to share some significant news about Binary Ninja’s role in improving medical device security. Through a collaborative effort with STR and Aarno Labs under the ARPA-H DIGIHEALS program, our platform has helped identify critical vulnerabilities in widely-used hospital patient monitoring systems.

Today, we are excited to announce Sidekick 3.0! In addition to a number of bug fixes, UX improvements, and updated models, this release extends Sidekick’s analysis capabilities and with tighter Binary Ninja integration. In particular, our new query language, expanded editing capabilities, custom tool system, and the re-designed Assistant (now called the Analysis Console) stand out. These features and more continue to make Sidekick the best AI-powered tool for binary analysis on the market.

Hello, and welcome to another exciting episode of “Sidekick in Action”! Today, we will be applying Sidekick to a variety of common vulnerability discovery tasks while looking at the popular network utility dnsmasq.

In this post, we’ll explore how we used Sidekick to analyze complex malware samples. We’ll use LockBit 3.0 as our target, walking through the process of identifying and understanding key functions, deobfuscating strings, and mapping the sample’s behavior.

If you’ve been following our social media accounts, this is no surprise, but last year we at Vector 35 launched RE//verse, a new reverse engineering conference that’s happening in Orlando, FL from Feb 27 - Mar 1 (kickoff reception 27th, talks 28th-1st, trainings 24th-27th). As we’re a month out we wanted to highlight some of the goals behind the conference, talk about what it is and what it isn’t, and remind anyone that hasn’t already signed up and booked their hotel to move fast! We still have trainings and tickets available, but the conference room rate is ending soon so don’t wait.

Happy 2025! While we could certainly go back and celebrate what a great year 2024 was for Binary Ninja (and it certainly was!), for now, we’re enjoying some holiday time and instead, we thought we’d announce a nice upcoming gift for all our customers, both current and former. Coming January 7th, we’re launching a new portal for license management.

Originally, customers could only download the latest stable version of Binary Ninja when they had active support. This was an artifact of our update infrastructure, and we’ve long promised disappointed users who let their licenses lapse that we’d resolve this when we re-worked our license recovery mechanisms. Well, we have, and we did!

In this post, I will explain how I analyzed the Serpentine challenge in this year’s flare-on with the help of time-travel debugging (TTD) integration in the Binary Ninja debugger.

Serpentine is the 9th challenge and is commonly considered the hardest among the ten challenges this year, or even among ALL recent years. It features self-modifying code, x64 exception handling and unwinding, and arithmetic operations masquerading as table lookups. It is a fantastic challenge and a great test of the player’s skills and their tool’s reliability. I’m glad that I was able to solve it and also complete this year’s flare-on challenge!

This evening at 17:56:47 ET on 2024-12-05, a bug in our license/update server caused a large number of license emails to be sent to users with an active license. The short summary is that this was not a security incident, no customer data was exposed, no extra purchases were triggered. We don’t actually have the ability to trigger additional purchases as we don’t store payment information, our credit card processor handles those details.

If you’d like more details into the timeline, what happened to cause the bug and what we’ve done to prevent it from happening again, read on!