What is Reddit's opinion of Binary Ninja?

From 3.5 billion Reddit comments

My primary RE activities involve analyzing malware. I too primarily look at it in assembly. Though, to be fair, I have found that Binary Ninja's intermediate representation is pretty handy for quick perusal. It's not full decompilation, but it translates common, recognizable assembly idioms into a pseudocode. For deep analysis, it can still be kind of screwy, though, so I end up looking through the code in both views.

For this year's DEFCON CTF, the organizers decided to break all existing tooling by making a custom architecture with 9-bit bytes, 27-bit words, and middle-endian integers.

I was able to make a Binary Ninja architecture plugin on the flight to Vegas, but unfortunately I had to expand everything to 16-bit bytes to be able to handle addressing. This made control flow graph recovery possible, but I had to choose between accurate data references or accurate immediates. I ended up going with accurate immediates and letting my data references fall into the middle of functions (because instruction addresses were all 2x).

The 27-bit words and middle-endianness wasn't a huge issue, but the 9-bit bytes really really sucked. We had IO buffering issues on every exploit we wrote and analyzing PCAPs was a huge pain.

Yeah, they're a little late to the party, but I'll take it. :-)

WIRED found out about it from our Infiltrate talk (https://github.com/Vector35/HackingGames). It's worth pointing out that PwnAdventure 3 was only a small part of the talk. We also release a new reverse engineering tool (https://binary.ninja/) and covered a bunch of other game-related hacking. Hopefully the videos are posted at some point.

There's also binary ninja: it's the newest of the bunch and still in beta (signup on the website), but we're building toward some longer term features like an interactive decompiler and collaborations and already have a solid set of features for many reversing needs. Heck, we already have a built in data flow based analysis that IDA explicitly doesn't have which makes analysis plugins a lot simpler.

https://binary.ninja

Also, Hopper does have a decompiler, it's just not as robust as IDAs. In particular its harder to manually inform it and fix it up the way you can with IDA.

Of course, the list also neglects to list the price for HexRays (which is per-architecture), and many of the other products are cross platform where IDA makes you pay to switch operating systems. When you add all that up, IDA gets /way/ more expensive than the listed price. At least they didn't quite the price for standard which is ridiculous for not including x64.

As someone who has been down this route, and who has implemented hierarchical graph layout, I applaud your efforts.

Giving the code a cursory look, are you attempting to reduce edge crossings? I can't find that in DisassemblerView.py .

[edit] Ah I see now, a, "Full Release," will be coming soon https://binary.ninja/download.html .

Nope!

Student discount applies to all full-time students. We just have an automated verification system for US students which makes it a bit easier to verify them, but we've probably given out more international student discounts if I had to guess. Just follow the directions on https://binary.ninja/faq/#student-discount

I think there's a lot of promise in automation that's been spun off from the CTF community. Angr and Binary Ninja are both very much spinoffs from contest hacking, and are pretty great for helping a skilled hacker find flaws in software.

On the other hand, CTF has made it abundantly clear to me that C and C++ aren't sustainable for software development. We've definitely made our fair share of challenges with unintentional flaws that players pick up on.

At the end of the day, it's like exercise vs. dieting. You can't out-run a bad diet, and you can't out-fix a bad development process.

You can try it yourself for free. Latest demo is https://binary.ninja/demo/

And cloud supports all the architectures as well as HLIL: https://binary.ninja/cloud

Cloud signups were temporarily disabled due to some signup spam but should be back up shortly.

I'd give you my opinion but I'm a biased developer so best to just try it yourself. 😉

Why choose between text or an image for disassembly? Have both! I added SVG support as a binary ninja export plugin a few weeks back. Join the mailing list (http://binary.ninja/support.html) to get the beta download and a license key.

Could probably adapt it for radare if you wanted (our example plugins are MIT licensed), but I don't know anything about the layout code there.

Though Binary Ninja itself is not open source, when the beta is done, we are aiming at a much lower price point than IDA (https://binary.ninja/purchase.html).