Binary Ninja Blog

It’s only been five months since the release of our HLIL decompiler and we’ve been busy on lots of fronts! Note only are we in the middle of open sourcing all of our core architectures, but we’re also launching a welcome back discount for customers who have had their support expire and are thinking of coming back and seeing everything that’s changed.

And speaking of what’s changed, just in the past three months since our last release we’ve almost 800 commits across our different repositories! That’s a lot of new changes to cover, so this is definitely not an exhaustive list, but let’s dig in!

Vector 35 has a history of releasing lots of open source. We not only released the entire Binary Ninja API under the MIT license, but all API docs, and user docs as well. We continue to release high quality official plugins under open source licenses and even released the entire python prototype of Binary Ninja!

That said, we’ve long planned on doing even more and I’m pleased to announce that today we’re publishing the first of several of our internal core architectures: ARMv7/thumb2 and Arm64 (aarch64) under an Apache 2.0 license! These join our already open source PPC architecture, and will be followed up by our remaining core architectures: x86, x64, and MIPS architectures over the next few weeks.

[Editor’s Note: This blog entry is brought to you by another of our summer interns, Chinmay. You can find more about him at his personal site. Also, be aware that this feature is currently only available on the development branch of Binary Ninja and some users may need to switch branches if they are not already on dev.]

Binary Ninja now implements User-Informed DataFlow (UIDF) to improve the static reverse engineering experience of our users. This feature allows users to set the value of a variable at the Medium-level IL layer and have the internal dataflow engine propagate it through the control-flow graph of the function. Besides constant values, Binary Ninja supports various PossibleValueSet states as containers to help inform complex variable values.

[Editor’s Note: This blog entry is being brought to you by one of our summer-interns, Xusheng. You can find more of his writeups over on his github page.]

The last week’s challenge was created by Dennis Yurichev. It is also hosted on crackmes.one. The challenge is compiled by a modified Tiny C Compiler (TCC) which obfuscates the generated code during compilation. We will cover the major techniques to deobfuscate the binary, followed by a quick analysis of the algorithm itself.

While many of our users are already happily using it on the dev channel, we’re pleased to announce the release date for our decompiler/HLIL on the stable channel is May 20th, 2020.

That’s right, the long awaited Binary Ninja 2.0 is arriving in only 10 days.

With the 2.0 release comes several important changes. First, we’re including the decompiler for all current customers at no cost. All users, both commercial and non-commercial with active support will be able to download the stable update (and indeed they can all try it now just by switching to the dev channel). Second, we’re raising the base price of all versions. This reflects the increased value provided by the decompiler as well as helps us build new features at an even faster rate. See below the fold for more details.

It’s been over a month since we announced the Binary Ninja Debugger Plugin (BNDP) in beta, and as it begins to near the time it can shed its “BETA” tag, we wanted to show off the current state of the features and capabilities. Note that the debugger is being implemented as an open source plugin and feedback and code are always welcome.

Whew, what a crazy time it’s been lately. The world is in lock-down due to coronavirus but thankfully V35 has been able to keep working safely with everyone at home. Well, as long as you consider work-from-home with kids “safe” for some of us. We miss the office conversations and collaboration, and we’ve had to make do with fragging each other in online games and occasional video chats.

In the meantime, we’ve been able to make a ton of progress in the last several months and we’re nearing the release of our first 2.0 dev release which includes our decompiler and HLIL!

Because we’re going to have a lot of blog posts and updates coming out over the next few weeks, we wanted to make sure we got a State of the Ninja out of the way beforehand to get everyone up to date on what has happened lately.

Binary Ninja’s signature system automatically matches and renames copies of known functions based on their function signature. The signature system is designed to aid in analyzing statically-linked binaries without symbols available.

While a few signature libraries are bundled with Binary Ninja, you can now create your own signature libraries! These tools are available as the Signature Kit Plugin. If you’re on the dev branch, you can install it in the plugin manager now.

This post marks the official release of the signature system, and also serves as documentation for how it works and how to most effectively use it.

Thankfully the wait from 1.2 to 1.3 was much less than last time. Our goal is to aim for quarter releases as often as possible, and yet we still managed to pack in a large number of fixes and features into just a few months.

As always, another good reference for what has changed is our list of closed issues.

Binary Ninja is built to be as extensible as possible and that includes adding and extending new architectures. While we’ve published example architectures before, this blog post is meant to serve as a more detailed introduction to what goes into adding an architecture. Specifically, this series of blog posts will get you started from zero plugin writing experience to a fully functional architecture with easy to verify checkpoints along the way in a short amount of time.

This first post in the series is meant to get you going with a very fast architecture disassembler in an afternoon by leveraging an existing disassembler and wrapping it into the appropriate APIs. In the second part of the series, I’ll introduce more of the concepts behind Binary Ninja’s IL and how that forms the basis for its advanced analysis.

[EDITOR’S NOTE: This post was lost in the shuffle during some website maintenance and is being re-posted in a corrected form. Sorry about that!]