
Binary Ninja – A new kind of reversing platform - Philipp__
http://binary.ninja
======
psifertex
One of the developers here, been planning on doing some coordinated posts
about it, just been super busy at DEF CON this week. Happy to answer questions
though.

If you do happen to be at DEF CON we're actually having a meet up this
evening:
[https://twitter.com/vector_35/status/762050462195396608](https://twitter.com/vector_35/status/762050462195396608)

~~~
baby
does the binja team at the CTF have any relation with your tool?

~~~
psifertex
Nope, just an unfortunate name collision. We've been using binary ninja as the
name of the tool for many years now, but it was a private tool that nobody
knew we had it for the first few years for CTFs (this is the python version we
open sourced before we started rewriting it) so they just happened to start
using a similar team name some time after that.

The domain name time stamps should show that if it matters, though I don't
think it really does.

------
qwertyuiop924
Okay. But aside from the really nice UX/UI, what does this do that Radare2
doesn't?

No, I'm not trying to be snarky, I genuinely don't know.

~~~
eugeneionesco
It's actually usable.

~~~
qwertyuiop924
Good answer. Okay, what does it do that Radare doesn't?

~~~
StavrosK
I don't know what Radare does, but after I read your comment I installed
Radare2 (because binja didn't let me save my file). I didn't get anywhere
because Radare2 looks like it has a super steep learning curve, whereas with
binja I just right-clicked the jump that looked like it'd do what I want and
selected "Patch -> Never jump".

I'm not sure why you're dismissing usability, but it's a very big feature in a
tool, one of the most important ones.

~~~
qwertyuiop924
It's important, but the market share of Vim is roughly inverse porportional to
how important it is.

Anyways, yeah, Radare isn't super usable. I'd guess I only understand 10% of
it. And Radare2 is in active development, and wasn't totally ready for prime
time, which is what I thought the usability comment was about.

------
borski
Been using this for quite some time - psifertex and crew have really done an
incredible job in a pretty short period of time. Highly recommend checking it
out, especially if you're sick of the shittiness of IDA. Only thing it's
missing is some solid decompilers.

------
pedalpete
Sorry to seem a bit daft, but I'm looking for a definition of 'reversing
platform' and I'm not getting much. What is this for and what does it do? Who
would use it?

On the other hand, Binary Ninja is the first result, so in some ways, you've
got the SEO right :)

~~~
GrumpyYoungMan
"reversing" in this sense is shorthand for "reverse engineering" or the
analysis and reconstruction of the code for a executable binary at the
assembly language level without the benefit of the original source code or
debug symbols. The most common legitimate use is for analyzing malware and
viruses. The best known product in this field is IDA Pro. (It would have been
nice for the site to provide a comparison between the two, since such a
comparison is inevitable anyway.)

------
cmrx64
Poking around the demo this feels really polished, which is a welcome change
from most tools in this space, as they tend to be awkward at best. I look
forward to future features.

------
fileoffset
I just installed this and had a quick play.

Basic feature support:

disassembly, renaming, code graph, strings, function/imports list, x-ref, hex
editor, undo

Some questions:

\- Why do you copy IDA and have a 32bit only demo? I can't actually evaluate
this properly as everything I care about reversing these days is x64

\- Doesn't seem to be any python/API plugin support? I hope you are thinking
about how you will support plugins from the start, and not tack it on later
(usually this results in hell for dev and users - see IDA's shitty plugin
architecture)

\- In the non-callgraph disassembly mode, it's difficult to follow. I think
there is an overload of colour/styles

TLDR; Nice interface, clean gui, but lacking many features of IDA. The
features it does have seem to work well though. I will be keeping an eye on
this in future.

------
eugenekolo2
Nice looking, but it's just IDA w/ Undo, and less features.

There has to be a shift in use case design more than making it prettier.

~~~
eugeneionesco
Give them a break man, it's the first release...

~~~
eugenekolo2
Don't take it the wrong way. It looks like a nice start. I just wish for
better reversing tooling, and am merely giving a critique that if this was to
replace IDA for me, it'd have to provide something that IDA does not.

~~~
psifertex
There's plenty of things IDA does that we don't do, but the list of things we
do they don't is growing.

To start with, we have undo, which is a simple feature but it underlies some
design decisions that are going to show up in other features in the near
future as well.

Because we have the ability to separate user interactions from our internal
analysis we can not only undo, but also better support collaborative editing
and upgrading of older saved databases.

In terms of features we already have, we have a static data flow
implementation that allows you to query register values at addresses which
greatly simplifies a lot of analysis plugins. Here's an example:

[http://arm.ninja/2016/03/08/intro-to-binary-ninja-
api/](http://arm.ninja/2016/03/08/intro-to-binary-ninja-api/)

(The domain name is a coincidence, Q was just a beta tester, not officially
affiliated with us)

Notice how much more robust and simpler the final implementation of that
plugin using our data flow is:

[https://github.com/Vector35/binaryninja-
api/blob/dev/python/...](https://github.com/Vector35/binaryninja-
api/blob/dev/python/examples/arm-syscall.py)

~~~
tropo
I see that you have faithfully replicated at least some of IDA's insane graph
view glitches.

Do you have the one where a line goes to one side by more than a screen's
width, goes down a tad, and then goes back sideways to nearly where it
started?

------
StavrosK
Does "no saving of databases" include "no saving of binaries"? I patched a
binary in the view to test but can't save it.

~~~
strictfp
Maybe patch binary ninja to allow it? ;)

~~~
StavrosK
I can't patch stuff unless Binary Ninja works, and I can't get it to work
unless I can patch stuff! :(

I'm afraid I'm not knowledgeable enough to do it by hand. I can make a jump
always fail by setting the instructions to NOPs, but I can't recalculate
offsets and things required to turn a jne into a jmp...

------
pmorici
I see the demo is 32-bit x86 only but what is the full version does it do ARM
as well as x86?

edit: never mind found it in the FAQ, x86, ARM, MIPS, 6502

~~~
psifertex
PowerPC is close to being done (also, the armv8 support is quite solid but the
v7 needs work and thumb isn't integrated but is mostly complete).

A few of our early users are also working on some other architecture plugins
so I think MSP430 or AVR might exist soon.

------
empressplay
$399? ouch.

~~~
moyix
Their main competitor is IDA Pro, which goes for $1129 for its "standard"
edition. There is a version of IDA Pro that's only $589, but it supports only
32-bit code.

~~~
tptacek
It is very easy to make an argument that IDA Pro is so fantastically
underpriced that it has killed the market for these kinds of tools by setting
a bad price point.

I'm sure there are tons of random people on HN that would love to learn more
about RE by tinkering with tools like this, or maybe even that have $50 worth
of work to throw at it. But in the real world, most of the market for IDA Pro
is made by consultants and in-house security teams, all of whom realize
something far closer to $100,000 in value from IDA, annually, than $3999.

Meanwhile, if you want to sell a reversing tool that integrates with IDA ---
something like BinNavi or BinDiff --- you have to cope with IDA's $3999 price
point. Whatever you sell will inevitably have to be cheaper than that. Result:
most of the product talent in this space goes to appliances that sell for
$50,000 a pop and only to companies that will buy 6+ boxes in a pilot.

Binary Ninja is cheap. But it's also a labor of love.

~~~
statictype
Trying to understand as someone who's not a security professional:

Is IDA like Visual Studio or XCode - you basically need this to do your work -
or is it more like Sublime Text or Text Mate or Github - boosts productivity
but many people get by without it?

~~~
tptacek
It's more like Visual Studio than Sublime Text.

------
ComodoHacker
Is the GUI Electron-based?

~~~
makerofthings
Seems to be QT.

~~~
psifertex
Yup! QT. Electron might be fast enough for graph view, I don't know, we'd have
to test it. The good news is that the core is completely separable from the
interface so we could re-architect the GUI if needed.

