Binary Ninja Blog

With the 5.1 Helion release, we introduced a new capability for architecture plugins that enables function-level basic block analysis by overriding the default implementation. This feature provides powerful new flexibility for performing control-flow recovery on architectures where instruction-level or even basic block-level analysis alone is inadequate for building an accurate control flow graph (CFG). In this post, we demonstrate how this mechanism can be leveraged to resolve zero-overhead hardware loops and accurately identify branch targets in parallel instruction pipelines.

Global pointer usage is an important yet often overlooked concept in reverse engineering. This article explains what it is, how it interacts with Binary Ninja’s analysis and the relevant APIs and settings. This can hopefully help you master it in your day-to-day reverse engineering!

We’re excited to announce Sidekick 5.0 - our latest vision for AI-assisted reverse engineering with Binary Ninja. In this release, Sidekick comes with a new capability to proactively work on tasks that complement your efforts without requiring your supervision. Sidekick also captures and maintains insights from this analysis in a new, fully editable knowledge store called the Notebook. Additionally, we’ve made many important changes and improvements to ensure that Sidekick continues to make reverse engineering faster and easier than ever.

Binary Ninja 5.1 might not help you see in the dark like Riddick (our 5.1 Helion release is named after a system from the Riddick universe), but it WILL help you reverse engineer better! With a bunch of quality of life improvements, bug-fixes, and even a few new features, we’re continually working to improve your reversing experience. We’re introducing WARP, our new static function matching system, which will be helping not only Binary Ninja users in the future, but the entire reverse engineering community. Also, we’re shipping the BinExport plugin pre-built for all platforms, for easy integration with BinDiff. Finally, we’ve added a ton of improvements to the readability and presentation of decompilation, better tooling for re-writing IL with scripts, and a ton of architecture improvements.

• WARP
• Pseudo Objective-C
• BinExport / BinDiff
• Analysis / Decompilation Improvements
  • Customizable Control Flow
  • String Wrapping
  • Ternary Operator
  • Guided Analysis Mode
  • String Clamping
• IL Rewriting
• Architecture / Platforms
  • x86-64 x32 ABI
  • Custom Basic Block Analysis
  • MIPS R5900
  • PPC-VLE
  • Native EFI Resolver Workflow
• UI Improvements
  • Sidebar Hiding
  • Quick Settings
• Open Source Contributions
• Everything Else

We’re excited to announce the launch of our new developer portal within the Binary Ninja Portal. This new feature provides a centralized hub for viewing extensions, gives extension developers the ability to manage their extensions, and provides extension authors insights into their user base.

While our customers with active support on the development branch have access to these changes and more, we occasionally release updated stable releases just to include a few fixes that we either did not identify during stable release testing or those for whom a fix was scheduled after the original stable release.

This 5.0 Release 2 build improves on our recent 5.0 release with a few small stability improvements and fixes.

Reverse engineering often requires quickly finding a proverbial needle in a haystack. Whether hunting for specific byte signatures, cryptographic constants, or matching instruction patterns, the ability to efficiently locate precise byte sequences within binaries is essential. This post introduces the Advanced Binary Search (ABS) search mode in Binary Ninja (BN), designed to streamline the most common reverse engineering search tasks.

Not enough time to reverse engineer everything you want? The Time Lords are here to help in Binary Ninja 5.0 Gallifrey! With major features across the board from huge analysis improvements, fantastic iOS support, many new firmware-specific features, and more, this major version has something for everyone.

• iOS
  • DYLD Shared Cache
  • Kernel Cache
• Firmware
  • Firmware Ninja (Ultimate Only)
  • IHEX/TI-TXT/SREC Loader
  • SVD Loader
• Analysis
  • Array and Structure Detection and Propagation
  • Union Type Support
  • Itanium RTTI
• Debugger
• Shellcode Compiler Open Sourced
• New Architectures
• Enterprise Browser Improvements
• Other Notables
  • Updated URL Handler
  • Line Wrapping
  • Render Layers
  • Customer Portal
• Open Source Contributions
• Everything Else

Today, let’s talk about Firmware Ninja, functionality included in Binary Ninja Ultimate Edition that speeds up firmware analysis by offering specialized capabilities tailored to the complexities of embedded reverse engineering.

The battle for the default browser on Windows has always been heated. You might have heard of how Microsoft leveraged its UCPD (User Choice Protection Driver) to prevent third-party browsers from setting themselves as the default one. However, in this post, I will show my journey into uncovering how various browsers try to bypass the restriction, and how UCPD gets updated to defeat their attempts.

Note: this is an extended version of my lightning talk at RE//verse. Please also check out the video and slides.