One of the developers here, been planning on doing some coordinated posts about it, just been super busy at DEF CON this week. Happy to answer questions though.
Nope, just an unfortunate name collision. We've been using binary ninja as the name of the tool for many years now, but it was a private tool that nobody knew we had it for the first few years for CTFs (this is the python version we open sourced before we started rewriting it) so they just happened to start using a similar team name some time after that.
The domain name time stamps should show that if it matters, though I don't think it really does.
Been using this for quite some time - psifertex and crew have really done an incredible job in a pretty short period of time. Highly recommend checking it out, especially if you're sick of the shittiness of IDA. Only thing it's missing is some solid decompilers.
Sorry to seem a bit daft, but I'm looking for a definition of 'reversing platform' and I'm not getting much. What is this for and what does it do? Who would use it?
On the other hand, Binary Ninja is the first result, so in some ways, you've got the SEO right :)
"reversing" in this sense is shorthand for "reverse engineering" or the analysis and reconstruction of the code for a executable binary at the assembly language level without the benefit of the original source code or debug symbols. The most common legitimate use is for analyzing malware and viruses. The best known product in this field is IDA Pro. (It would have been nice for the site to provide a comparison between the two, since such a comparison is inevitable anyway.)
Poking around the demo this feels really polished, which is a welcome change from most tools in this space, as they tend to be awkward at best. I look forward to future features.
- Why do you copy IDA and have a 32bit only demo? I can't actually evaluate this properly as everything I care about reversing these days is x64
- Doesn't seem to be any python/API plugin support? I hope you are thinking about how you will support plugins from the start, and not tack it on later (usually this results in hell for dev and users - see IDA's shitty plugin architecture)
- In the non-callgraph disassembly mode, it's difficult to follow. I think there is an overload of colour/styles
TLDR; Nice interface, clean gui, but lacking many features of IDA. The features it does have seem to work well though. I will be keeping an eye on this in future.
IDA is typically too expensive for hobbyist reverse engineers, not to mention has a pretty steep learning curve for it. If this helps introduce new people into reverse engineering I'm all for it.
Don't take it the wrong way. It looks like a nice start. I just wish for better reversing tooling, and am merely giving a critique that if this was to replace IDA for me, it'd have to provide something that IDA does not.
I can't patch stuff unless Binary Ninja works, and I can't get it to work unless I can patch stuff! :(
I'm afraid I'm not knowledgeable enough to do it by hand. I can make a jump always fail by setting the instructions to NOPs, but I can't recalculate offsets and things required to turn a jne into a jmp...
Their main competitor is IDA Pro, which goes for $1129 for its "standard" edition. There is a version of IDA Pro that's only $589, but it supports only 32-bit code.
It is very easy to make an argument that IDA Pro is so fantastically underpriced that it has killed the market for these kinds of tools by setting a bad price point.
I'm sure there are tons of random people on HN that would love to learn more about RE by tinkering with tools like this, or maybe even that have $50 worth of work to throw at it. But in the real world, most of the market for IDA Pro is made by consultants and in-house security teams, all of whom realize something far closer to $100,000 in value from IDA, annually, than $3999.
Meanwhile, if you want to sell a reversing tool that integrates with IDA --- something like BinNavi or BinDiff --- you have to cope with IDA's $3999 price point. Whatever you sell will inevitably have to be cheaper than that. Result: most of the product talent in this space goes to appliances that sell for $50,000 a pop and only to companies that will buy 6+ boxes in a pilot.
Binary Ninja is cheap. But it's also a labor of love.
Cost of IDA is nothing. Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
Yup! QT. Electron might be fast enough for graph view, I don't know, we'd have to test it. The good news is that the core is completely separable from the interface so we could re-architect the GUI if needed.
One of the developers here, been planning on doing some coordinated posts about it, just been super busy at DEF CON this week. Happy to answer questions though.
If you do happen to be at DEF CON we're actually having a meet up this evening: https://twitter.com/vector_35/status/762050462195396608
does the binja team at the CTF have any relation with your tool?
Nope, just an unfortunate name collision. We've been using binary ninja as the name of the tool for many years now, but it was a private tool that nobody knew we had it for the first few years for CTFs (this is the python version we open sourced before we started rewriting it) so they just happened to start using a similar team name some time after that.
The domain name time stamps should show that if it matters, though I don't think it really does.
Okay. But aside from the really nice UX/UI, what does this do that Radare2 doesn't?
No, I'm not trying to be snarky, I genuinely don't know.
It's actually usable.
Good answer. Okay, what does it do that Radare doesn't?
3 replies →
Been using this for quite some time - psifertex and crew have really done an incredible job in a pretty short period of time. Highly recommend checking it out, especially if you're sick of the shittiness of IDA. Only thing it's missing is some solid decompilers.
Sorry to seem a bit daft, but I'm looking for a definition of 'reversing platform' and I'm not getting much. What is this for and what does it do? Who would use it?
On the other hand, Binary Ninja is the first result, so in some ways, you've got the SEO right :)
"reversing" in this sense is shorthand for "reverse engineering" or the analysis and reconstruction of the code for a executable binary at the assembly language level without the benefit of the original source code or debug symbols. The most common legitimate use is for analyzing malware and viruses. The best known product in this field is IDA Pro. (It would have been nice for the site to provide a comparison between the two, since such a comparison is inevitable anyway.)
Poking around the demo this feels really polished, which is a welcome change from most tools in this space, as they tend to be awkward at best. I look forward to future features.
I just installed this and had a quick play.
Basic feature support:
disassembly, renaming, code graph, strings, function/imports list, x-ref, hex editor, undo
Some questions:
- Why do you copy IDA and have a 32bit only demo? I can't actually evaluate this properly as everything I care about reversing these days is x64
- Doesn't seem to be any python/API plugin support? I hope you are thinking about how you will support plugins from the start, and not tack it on later (usually this results in hell for dev and users - see IDA's shitty plugin architecture)
- In the non-callgraph disassembly mode, it's difficult to follow. I think there is an overload of colour/styles
TLDR; Nice interface, clean gui, but lacking many features of IDA. The features it does have seem to work well though. I will be keeping an eye on this in future.
Nice looking, but it's just IDA w/ Undo, and less features.
There has to be a shift in use case design more than making it prettier.
IDA is typically too expensive for hobbyist reverse engineers, not to mention has a pretty steep learning curve for it. If this helps introduce new people into reverse engineering I'm all for it.
Give them a break man, it's the first release...
Don't take it the wrong way. It looks like a nice start. I just wish for better reversing tooling, and am merely giving a critique that if this was to replace IDA for me, it'd have to provide something that IDA does not.
2 replies →
To me it is just IDA at a price a hobbyist can afford, with a nicer UI as a bonus
Does "no saving of databases" include "no saving of binaries"? I patched a binary in the view to test but can't save it.
Not right now -- we might change that in the future though.
Maybe patch binary ninja to allow it? ;)
I can't patch stuff unless Binary Ninja works, and I can't get it to work unless I can patch stuff! :(
I'm afraid I'm not knowledgeable enough to do it by hand. I can make a jump always fail by setting the instructions to NOPs, but I can't recalculate offsets and things required to turn a jne into a jmp...
I see the demo is 32-bit x86 only but what is the full version does it do ARM as well as x86?
edit: never mind found it in the FAQ, x86, ARM, MIPS, 6502
PowerPC is close to being done (also, the armv8 support is quite solid but the v7 needs work and thumb isn't integrated but is mostly complete).
A few of our early users are also working on some other architecture plugins so I think MSP430 or AVR might exist soon.
$399? ouch.
Their main competitor is IDA Pro, which goes for $1129 for its "standard" edition. There is a version of IDA Pro that's only $589, but it supports only 32-bit code.
It is very easy to make an argument that IDA Pro is so fantastically underpriced that it has killed the market for these kinds of tools by setting a bad price point.
I'm sure there are tons of random people on HN that would love to learn more about RE by tinkering with tools like this, or maybe even that have $50 worth of work to throw at it. But in the real world, most of the market for IDA Pro is made by consultants and in-house security teams, all of whom realize something far closer to $100,000 in value from IDA, annually, than $3999.
Meanwhile, if you want to sell a reversing tool that integrates with IDA --- something like BinNavi or BinDiff --- you have to cope with IDA's $3999 price point. Whatever you sell will inevitably have to be cheaper than that. Result: most of the product talent in this space goes to appliances that sell for $50,000 a pop and only to companies that will buy 6+ boxes in a pilot.
Binary Ninja is cheap. But it's also a labor of love.
5 replies →
Cost of IDA is nothing. Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
6 replies →
Only if they're on feature parity with IDA Pro though.
There's also hopper that starts at 89€ https://www.hopperapp.com
$99 for Non-commercial use.
You can't buy that version yet, though.
6 replies →
How does one use a binary reverser commercially?
3 replies →
Is the GUI Electron-based?
Seems to be QT.
Yup! QT. Electron might be fast enough for graph view, I don't know, we'd have to test it. The good news is that the core is completely separable from the interface so we could re-architect the GUI if needed.