Binary Ninja Blog

The future is now; Binary Ninja 3.3 (Arrakis) is available. You may have noticed that we’ve renamed our milestones based on an alphabetical list of famous Sci-Fi/Fantasy planets, and the first release in this theme is named after the famous desert planet from Dune - Arrakis. The bytes must flow!

So what spicy goodies are in this release?

• Decompiler Improvements
  • Parameter Rejection
  • Improved Objective-C
  • Automatic Outlining
• Debugger
• Type Interactions
  • Create Array Dialog
  • Import / Export Header Files
  • Enumeration Dialog
• More Windows Improvements
  • SEH Prolog/Epilog Inlining
  • Type Libraries and Signatures
• Enterprise Improvements
  • Named Snapshots
  • SAML Support
• Many More

After 4 long months of development, Binary Ninja 3.2 is finally here with a huge list of major changes and an even bigger list of minor ones:

• Enhanced Windows Experience
  • Improved Enumeration Support
  • Next-Generation PDB Support
  • CFG Call Handling
  • MS Demangler Improvements
• Decompiler Improvements
  • Variable Merging/Splitting
  • Offset Pointers
  • Split Loads and Stores
• Objective-C Support
• Segments and Sections Editing UI
• Default to Clang Type Parser
• Named and Computer Licenses for Enterprise
• Many More

While we have some additional Windows improvements coming in future releases, the majority of our short-term Windows roadmap has been completed for this release and should represent a major improvement for all Binary Ninja users working with PE binaries.

In this blog post, I will explain how I reverse engineered a Cobalt Strike dropper and obtained its payload. The payload is a custom executable file format based on DLL. The dropper decrypts, loads, and executes the payload. Initially, I thought this must not be a PE executable at all, but I gradually realized it was. Much of the effort was spent on fixing the file so it could be loaded by Binary Ninja for further analysis.

Today, we’re releasing a little side project a few of our developers have been working with the community on: the Decompiler Explorer! This new (free, open source) web service lets you compare the output of different decompilers on small executables. In other words: It’s basically the same thing as Matt Godbolt’s awesome Compiler Explorer, but in reverse.

Not everything in a function is equally important. Sometimes, especially with large functions, you want a way to hide all that extra conditional cruft so you can focus on just the execution path that matters to you. Enter Tantō: a brand-new official plugin for Binary Ninja that splits functions into smaller chunks (or “slices”) to help you understand functions faster.

Are you ready for the next stable Binary Ninja release? 3.1 is live today and contains many major improvements:

• Better Performance
• Non-Commercial Multithreading
• Clang Type Parser
• New Windows Types
• Native Debugger
• Logging System
• Enterprise API

If you were expecting 3.1 to be the “Windows” update, we were too as that was the original plan! However, given the scope of major new features, we split the original release plan into two halves. While many Windows improvements are indeed coming in 3.1, others are now planned for 3.2, the new “Windows” release.

The last time we did a State of the Ninja post was slightly over 2 years ago. Coronavirus was hitting record highs, the world was in lockdown, the episode number was 13… They were trying times to be sure. It was also right before our 2.0 release that included HLIL. Pretty crazy how far we’ve come in such a short span of time, right?

Today, we’re about 3 months past our release of Binary Ninja 3.0. That version came with a huge amount of new features for everyone to play with like:

• A fresh, new UI
• Decompilation to ‘Pseudo C’
• New stack and variable views
• The preliminary release of Workflows

…and a whole bunch of other cool stuff like various API improvements, native builds for the M1 chip, and offline updates for our Enterprise customers.

But, that was 3 months ago. Today, I want to talk about what we’ve been working on since. We’re releasing 3.1 in the next month or so, but some of these features are already done and shipped in our development builds for you to try today.

We are well aware that analyzing large binaries in Binary Ninja right now can use a significant amount of memory. So, as we develop what will become our next release, 3.1, we are focusing on improving performance across the board. As a preliminary step, all Binary Ninja development builds starting from 3.0.3306-dev now include some of these memory usage and performance optimizations.

If you would like to check out these changes and help us test them, you can change your update channel in Preferences -> Update Channel… within Binary Ninja. Just set it to the “Binary Ninja development build” channel, select a version greater than or equal to 3.0.3306-dev, and click “Done”. Once Binary Ninja has downloaded the new version, click the green arrow in the bottom-left corner and Binary Ninja will restart and apply the new update.

We’re excited to announce Binary Ninja 3.0 is live today! Most of our stable releases have been quarterly, but this 3.0 release took over six months, and this list of improvements really justifies it.

So what has this wait brought you? Here’s our top eight favorite (with many more below).

• Fresh UI
• Pseudo C
• API Improvements
• Stack and Variable Views
• Workflows
• Enterprise: Offline Updates
• Function Parameter Detection
• M1 Native

In fact, this release is so chock full of good stuff that five of the top nine all-time most up-voted features are shipping in this release! (Related: go up-vote your favorites for upcoming releases.)

In the first installment of this series, we got a Z80 architecture up and running with disassembly and control graphs. In this second installment, we’ll add lifting and discuss Binary Ninja’s intermediate languages.