Knowledge Repository

Binary Ninja

For too long, security researchers’ choice of reverse-engineering platforms has been limited. They could either attempt to scale radare2’s sharp learning curve, or settle for IDA. It’s easier to start using IDA, but many advanced features are just as hard as radare2’s to understand and use.

Fortunately, with Binary Ninja, researchers now have a real – and easy – choice of reversing platforms. They have many reasons to choose Binary Ninja, including its rich feature set, solid API, and accessible Binary Ninja Intermediate Languages (BNIL).

We want to promote broader adoption of Binary Ninja, so we’re developing learning materials to help prospective users jump in now.

We showed how we used the Low Level IL (LLIL) and its data flow analysis to solve 2,000 CTF challenge binaries for DEFCON’s 2016 CTF qualifying round, and how we overcame the unique architecture of DEFCON’s 2017 CTF challenges with Binary Ninja’s graph view and dataflow analyses faster than if we’d relied on the limited disassembler and debugger provided by the organizers.

We presented example IL analysis plugins for automated discovery of a simple memory corruption vulnerabilities.

In a three-post series, we described the fundamentals of Binary Ninja’s LLIL, and how the Python API can be used to interact with it. Then, we demonstrated how to easily develop platform agnostic tools harnessing the power of the LLIL and its dataflow analysis. Most recently, we showed how two newer features – the Medium Level IL (MLIL) and Single Static Assignment (SSA) form – enable advanced, automated vulnerability discovery on binary code.

Binary Ninja is one of those tools that allows us to enhance our capabilities and combine mechanical efficiency with human intuition for practical use. We selectively pair it with our tools, including McSema, Manticore, and Ethersplay, in our engagements. We highly recommend you start using it today.