Binary Ninja Blog

With a slew of decompilation improvements, Binary Ninja 3.5 (Coruscant) has completed its jump from hyperspace dev with even more improvements to the decompilation quality and many other quality of life improvements across the UI, API, documentation, debugger, and more! Here’s a list of the biggest changes, but don’t forget to check out the full list of changes with even more fixes and features.

• MOD/DIV Deoptimization
• Automatic Variable Naming
• UEFI Support
• Heuristic Pointer Analysis
• Dead Code Elimination Improvements
• Type Library Deserialization
• TTD Debugging
• MH_FILESET graduated
• Leaks-Be-Gone
• Experimental Features
  • Components UI
  • DWARF Import
  • DWARF Export
• Many More

To find out why our mascot for this release has a pitchfork and more on nerdy naming, read below the fold. For the summary of Braize’s (3.4) major new features (including one surprise feature that appeared mid-roadmap), here’s the highlights:

• Inherited Types (C++ Support)
• Automatic Outlining
• Sparse Switch Recovery
• Import from BNDB
• Enterprise Improvements
• Debugger Improvements
• Experimental Features
  • Components UI
  • MH_FILESET
• Many More

You’ll notice the theme of this release has been major improvements in decompilation, we’re really excited with the quality of improvements for the first three major features described above and they’re joined by several other important improvements as well.

First and foremost, when we originally implemented UI plugins, the following was not the use-case we had in mind. That said, UI Plugins are extremely powerful, and allow you to customize Binary Ninja’s interface to your heart’s content, for fun and for profit!

New year, new Binary Ninja version, new survey and sweepstakes. Take the survey to help shape the future of reverse engineering tools and have a chance to win some great prizes! The survey starts today, January 26, 2023 and will end on February 8, 2023 at 12pm EST.

The future is now; Binary Ninja 3.3 (Arrakis) is available. You may have noticed that we’ve renamed our milestones based on an alphabetical list of famous Sci-Fi/Fantasy planets, and the first release in this theme is named after the famous desert planet from Dune - Arrakis. The bytes must flow!

So what spicy goodies are in this release?

• Decompiler Improvements
  • Parameter Rejection
  • Improved Objective-C
  • Automatic Outlining
• Debugger
• Type Interactions
  • Create Array Dialog
  • Import / Export Header Files
  • Enumeration Dialog
• More Windows Improvements
  • SEH Prolog/Epilog Inlining
  • Type Libraries and Signatures
• Enterprise Improvements
  • Named Snapshots
  • SAML Support
• Many More

After 4 long months of development, Binary Ninja 3.2 is finally here with a huge list of major changes and an even bigger list of minor ones:

• Enhanced Windows Experience
  • Improved Enumeration Support
  • Next-Generation PDB Support
  • CFG Call Handling
  • MS Demangler Improvements
• Decompiler Improvements
  • Variable Merging/Splitting
  • Offset Pointers
  • Split Loads and Stores
• Objective-C Support
• Segments and Sections Editing UI
• Default to Clang Type Parser
• Named and Computer Licenses for Enterprise
• Many More

While we have some additional Windows improvements coming in future releases, the majority of our short-term Windows roadmap has been completed for this release and should represent a major improvement for all Binary Ninja users working with PE binaries.

In this blog post, I will explain how I reverse engineered a Cobalt Strike dropper and obtained its payload. The payload is a custom executable file format based on DLL. The dropper decrypts, loads, and executes the payload. Initially, I thought this must not be a PE executable at all, but I gradually realized it was. Much of the effort was spent on fixing the file so it could be loaded by Binary Ninja for further analysis.

Today, we’re releasing a little side project a few of our developers have been working with the community on: the Decompiler Explorer! This new (free, open source) web service lets you compare the output of different decompilers on small executables. In other words: It’s basically the same thing as Matt Godbolt’s awesome Compiler Explorer, but in reverse.

Not everything in a function is equally important. Sometimes, especially with large functions, you want a way to hide all that extra conditional cruft so you can focus on just the execution path that matters to you. Enter Tantō: a brand-new official plugin for Binary Ninja that splits functions into smaller chunks (or “slices”) to help you understand functions faster.

Are you ready for the next stable Binary Ninja release? 3.1 is live today and contains many major improvements:

• Better Performance
• Non-Commercial Multithreading
• Clang Type Parser
• New Windows Types
• Native Debugger
• Logging System
• Enterprise API

If you were expecting 3.1 to be the “Windows” update, we were too as that was the original plan! However, given the scope of major new features, we split the original release plan into two halves. While many Windows improvements are indeed coming in 3.1, others are now planned for 3.2, the new “Windows” release.