Their main competitor is IDA Pro, which goes for $1129 for its "standard" edition. There is a version of IDA Pro that's only $589, but it supports only 32-bit code.
It is very easy to make an argument that IDA Pro is so fantastically underpriced that it has killed the market for these kinds of tools by setting a bad price point.
I'm sure there are tons of random people on HN that would love to learn more about RE by tinkering with tools like this, or maybe even that have $50 worth of work to throw at it. But in the real world, most of the market for IDA Pro is made by consultants and in-house security teams, all of whom realize something far closer to $100,000 in value from IDA, annually, than $3999.
Meanwhile, if you want to sell a reversing tool that integrates with IDA --- something like BinNavi or BinDiff --- you have to cope with IDA's $3999 price point. Whatever you sell will inevitably have to be cheaper than that. Result: most of the product talent in this space goes to appliances that sell for $50,000 a pop and only to companies that will buy 6+ boxes in a pilot.
Binary Ninja is cheap. But it's also a labor of love.
Seconded. I have a reverse engineering practice with my consultancy. Investing ~$5000 into IDA tooling has returned over $100k for me this year. Granted, it helps that this investment is tax deductible for me.
People who say that IDA Pro is expensive are not HexRays' primary market, or they have not been professionally reversing software for very long. The product is just phenomenally cheap from a value-added perspective. Open source alternatives are pretty good, and if you're focusing on iOS applications Hopper is nice, but for a one-stop shop on all platforms with excellent support and superlative features, IDA easily kills the competition.
My reverse engineering practice routinely returns more than my AppSec practice on fewer engagements. That's also just for reverse engineering, not for specialties involving reverse engineering (such as blackbox cryptanalysis, malware analysis, blackbox binary auditing, exploit development, etc).
Trying to understand as someone who's not a security professional:
Is IDA like Visual Studio or XCode - you basically need this to do your work - or is it more like Sublime Text or Text Mate or Github - boosts productivity but many people get by without it?
Cost of IDA is nothing. Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
>>Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
This is patently false. You can buy all HexRays products online.[1] I've done it myself. I'm confused as to why you're claiming this.
Should be out in a week or two. Most of the code changes are done, we're just taking a break between DEF CON / recuperating from a lot of long nights getting the first release out.
It should only take a day or two once we get working again.
For reverse engineering of protocols and formats for legacy software that was developed decades ago with no source code available. This is totally legal in many cases since there tons of companies that lose source for their own software.
Their main competitor is IDA Pro, which goes for $1129 for its "standard" edition. There is a version of IDA Pro that's only $589, but it supports only 32-bit code.
It is very easy to make an argument that IDA Pro is so fantastically underpriced that it has killed the market for these kinds of tools by setting a bad price point.
I'm sure there are tons of random people on HN that would love to learn more about RE by tinkering with tools like this, or maybe even that have $50 worth of work to throw at it. But in the real world, most of the market for IDA Pro is made by consultants and in-house security teams, all of whom realize something far closer to $100,000 in value from IDA, annually, than $3999.
Meanwhile, if you want to sell a reversing tool that integrates with IDA --- something like BinNavi or BinDiff --- you have to cope with IDA's $3999 price point. Whatever you sell will inevitably have to be cheaper than that. Result: most of the product talent in this space goes to appliances that sell for $50,000 a pop and only to companies that will buy 6+ boxes in a pilot.
Binary Ninja is cheap. But it's also a labor of love.
Seconded. I have a reverse engineering practice with my consultancy. Investing ~$5000 into IDA tooling has returned over $100k for me this year. Granted, it helps that this investment is tax deductible for me.
People who say that IDA Pro is expensive are not HexRays' primary market, or they have not been professionally reversing software for very long. The product is just phenomenally cheap from a value-added perspective. Open source alternatives are pretty good, and if you're focusing on iOS applications Hopper is nice, but for a one-stop shop on all platforms with excellent support and superlative features, IDA easily kills the competition.
My reverse engineering practice routinely returns more than my AppSec practice on fewer engagements. That's also just for reverse engineering, not for specialties involving reverse engineering (such as blackbox cryptanalysis, malware analysis, blackbox binary auditing, exploit development, etc).
Trying to understand as someone who's not a security professional:
Is IDA like Visual Studio or XCode - you basically need this to do your work - or is it more like Sublime Text or Text Mate or Github - boosts productivity but many people get by without it?
1 reply →
It's not unheard of for a plugin to exceed the base price, is it? Happens with graphics software I believe.
Cost of IDA is nothing. Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
>>Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee. Plenty of people would be happy to buy it, but they can't.
This is patently false. You can buy all HexRays products online.[1] I've done it myself. I'm confused as to why you're claiming this.
[1]: https://www.hex-rays.com/cgi-bin/quote.cgi
4 replies →
> Actual problem is that you can't really buy it at all if you're not well-known expert or AV company employee.
I was able to purchase a license for IDA Pro, I'm not an expert in the field and my job is not even remotely related to reverse engineering.
Only if they're on feature parity with IDA Pro though.
There's also hopper that starts at 89€ https://www.hopperapp.com
$99 for Non-commercial use.
You can't buy that version yet, though.
Should be out in a week or two. Most of the code changes are done, we're just taking a break between DEF CON / recuperating from a lot of long nights getting the first release out.
It should only take a day or two once we get working again.
5 replies →
How does one use a binary reverser commercially?
For reverse engineering of protocols and formats for legacy software that was developed decades ago with no source code available. This is totally legal in many cases since there tons of companies that lose source for their own software.
anti-virus development, just to name one...
security audit