Search the Community

Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers. Developed with a focus on delivering a high-quality API for automation and a clean and usable GUI, Binary Ninja is in active use by malware analysts, vulnerability researchers, and software developers worldwide. Decompile software built for many common architectures on Windows, macOS, and Linux for a single price, or try out our limited (but free!) Cloud version. 3.3.3996 (2023-01-18) [Hidden Content] [hide][Hidden Content]]

Binary Ninja Commercial 3.2.3814 (2022-10-28) Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux. [Hidden Content] Stable Branch Changelog Note that customers with an active support license can access more frequent updates in the dev channel. This changelog only includes stable build milestones. 3.2.3814 (2022-10-28) Enhanced Windows Experience • Improved Enumerations • Next-Generation PDB Support • CFG Call Handling • MS Demangler Improvements Decompiler Improvements • Variable Merging/Splitting • Offset Pointers • Split Loads and Stores Objective-C Support Segments and Sections Editing UI Default to Clang Type Parser Named and Computer Licenses for Enterprise Documentation: • Vastly improved C++ API docs • New User Guide Layout UI Updates • Feature: Add “Restart and Reopen Files” command • Feature: “Run Script” Action and menu item • Feature: Add a recent file right-click menu for ‘Open with Options’ • Feature: Lots of new “magic” console variables • Feature: Add “Zoom to Fit” and “Zoom to Cursor” hotkeys • Feature: Add various filtering options to StringsView • Feature: Add ‘Copy’ options in the ‘Strings’ and ‘Symbols’ views • Feature: Restore window layout and location when reopening files • Feature: Show list of imported libraries in TriageView and if they have TypeLibrary information or not • Feature: Hotkeys for toggling integer size “D” and and sign “-“ in TypesView • Feature: Kill to end of line hotkey in python console • Feature: Undo/Redo now show action summaries for what will be done or undone • Feature: New Light Theme (Summer) • Improvement: Configurable HLIL tab width • Improvement: Move exact match to top of symbol list if found • Improvement: Hotkeys now searchable in the keybindings menu • Improvement: Wayland support (partial) • Improvement: Consistency of hotkeys in StackView (1, 2, 3) • Improvement: Menu organization (1, 2) • Improvement: Allow programmatically closing a global area widget • Improvement: “firstnavigate”, prefer triage, and other potentially conflicting default options normalized and documented • Fix: Text rendering glitch in hex view on Windows • Fix: Default font on Windows along with other font related improvements • Fix: Create structure ‘S’ hotkey wasn’t appearing to work during analysis • Fix: Right-click losing selection • Fix: BN hangs when it fails to open a URL • Fix: SettingsView filtering bug when pasting search text • Fix: ‘Display As’ for array index annotations • Fix: Various theme handling fixes (1, 2) • Fix: x86 assembler on Windows • Fix: Missing linear view updates when creating analysis objects via API Binary View Improvements • Improvement: PE more in-depth parsing of the LoadConfig structure • Improvement: PE create a symbol for the __security_cookie • Improvement: PE make DataVariables for XFG hashes • Improvement: PE identify _guard_check_icall and _guard_check_icall_check and their pointers • Improvement: PE Demangle GNU3 (clang) Mangled Names • Improvement: ELF Thumb2 entry point detection • Improvement: Mach-O Create DataVariables for ‘dylib’ and ‘dylib_command’ • Improvement: Mach-O Fix DYLIB and DYLD commands • Improvement: Mach-O Warn when encountering an unsupported INDIRECT_SYMBOL_LOCAL symbol • Fix: COFF loader does not respect address size when creating external symbols • Fix: COFF loader now recognizes (and stops loading) CIL and import library COFF files • Fix: PE Bug with parsing exception handlers • Fix: ELF hang when displaying DataVariables when section header count is too high Analysis • Feature: Added experimental option for keeping dead code branches • Feature: Setting to disable “pure” function call elimination • Feature: Add BinaryView metadata about which libraries have applied type information • Feature: Type extraction from mangled names is now optional • Feature: Recognition of thiscall and fastcall conventions on Win32 x86 • Improvement: Add support for indirect tailcall translation • Improvement: Improved string detection • Improvement: HLIL to other IL and assembly mappings • Improvement: Resolve dereferencing a structure into accessing the first member • Improvement: Create structure references for unknown field offsets • Improvement: Propagate pointer child type to dereference expression • Improvement: Template simplifier (from 2.3) now enabled by default • Improvement: Range clamping to improve jump table detection • Improvement: Add additional no-return function to Platform types • Fix: Issue where function analysis could timeout unintentionally • Fix: Invalid HLIL under some conditions • Fix: Missing empty cases in switch statements • Fix: HLIL graph when only default case falls through • Fix: Crash when wide string ends without null at section boundary • Fix: Fix hang in Pseudo C • Fix: Crash when importing function type info from unknown type • Fix: Constant propagation from writable memory for constant arrays • Fix: Properly decode and render strings with BOMs • Fix: Prevent demangler from making function types with single ‘void’ parameter • Fix: Don’t allow demangled types to override Platform types • Fix: MS Demangler fix order of multidimensional arrays • Fix: MS Demangler properly set calling convention • Fix: MS Demangler disambiguate int/long • Fix: MS Demangler add implicit ‘this’ pointer when demangling ‘thiscall’ • Fix: MS Demangler demangle SwiftCallingConvention API • New API: Merge and split variables • New API: Variable liveness API for determining soundness of merging/splitting variables • New API: Components class and notifications • New API: Get and set offset pointers • New API: Implement .tokens property on HLIL • New API: Function.get_variable_by_name • New API: Get and delete for DebugInfo API • New API: CallingConvention::GetVariablesForParameters • New API: BinaryView.get_default_load_settings • New API: Interaction.run_progress_dialog • New API: Function.is_thunk • New API: Notifications for Segment/Section Added/Updated/Removed • New API: Function.caller_sites • New API: HLIL_UNREACHABLE • New Example: Feature map • Improvement: Add progress callback to DebugInfo::ParseInfo • Improvement: Implement missing APIs in BinaryNinja::Metadata • Improvement: Add channel to core_version_info • Improvement: DebugInfo.parse_debug_info returns a boolean • Improvement: Many type hint additions and fixes • Improvement: Python/C++ APIs to get registers, register stacks, and flags for LLIL • Improvement: Allow DataVariable.name to be assigned a QualifiedName • Improvement: Added a significant amount of C++ API Documentation • Improvement: New theme for C++ documentation • Improvement: Allow passing QualifiedNameType instead of QualifiedName to many functions • Deprecation: BinaryViewTypeArchitectureConstant • Deprecation: BNLogRegisterLoggerCallback • Fix: Variable use/def API for aliased variables • Fix: Platform.os_list • Fix: DebugInfo.function • Fix: issue where EnumerationBuilder couldn’t set the width of the enumeration • Fix: BinaryView.get_functions_by_name to handle cases like sub_main • Fix: Trying to delete incomplete LowLevelILFunction • Fix: stack_adjustment.setter • Fix: Type annotation & documentation for define_auto_symbol_and_var_or_function • Fix: Issue where notification callbacks were not being called • Fix: missing debugger_imported definition in PythonScriptingInstance • Fix: Python exceptions when accessing functions with skipped IL analysis • Fix: Class hierarchy of HLILRet • Fix: Core parser not parsing struct __packed foo • Fix: Ignore UI plugins when loaded in headless Types • Fix: Make _Unwind_Resume() __noreturn Architectures • Armv7/Thumb2: Critical improvement to analysis of armv7/thumb2 call sites to respect callee function types • Armv7/Thumb2: Proper lifting for Thumb2 LDM and STR with Rn not included in register list • Armv7/Thumb2: Add lifting for SMULxx instruction forms • Armv7/Thumb2: Fix lifting of certain uses of flexible operands (Thank you @ehntoo) • Armv7/Thumb2: Fix crash on MSR banked instruction • Armv7/Thumb2: Fix PC-relative alignment issue • Armv7/Thumb2: Lift msr to basepri as __set_BASEPRI • Armv7/Thumb2: Added vmov immediate lifting (Thank you @ehntoo) • Armv7/Thumb2: Fix size of vstr storage (Thank you @ehntoo) • Arm64: Corrected lifting of *ZR target register • Arm64: Lifted load-acquire, store-release instructions • MIPS: Properly handle delay slot rewriting with call targets (Thank you @yrp) • MIPS: Lifted madd, maddu (Thank you @yrp) • x86/x86_64: int 0x29 now ends basic blocks Debugger • Feature: Add support for remote Windows/macOS/Linux debugging • Feature: Add basic support for iOS/Android remote debugging • Improvement: New breakpoint sidebar widget icon • Improvement: Remain in the debugger sidebar after launching the target or ending the debugging • Improvement: Register widget refactor • Improvement: Put the debugger breakpoints widget and registers widgets into a tab widget • Improvement: Modules widget refactor • Improvement: Status bar widget refactor • Improvement: Add history entries support for target console and debugger console • Fix: Windows x86 debugging • Fix: Invert debugger icon colors and fix panel icon to not be grayscale • Fix: Memory leak after using the debugger Plugins/Plugin Manager • Improvement: Prioritize plugin name in search filtering • Improvement: More robust against offline networks and captive portals • Improvement: Settings to allow disabling official and community plugin repositories Enterprise • Feature: Named and computer licenses are now available for Enterprise • Feature: Project files may now be stored in folders • Feature: The Enterprise server is now deployable with Docker Swarm • Feature: The Enterprise server is now deployable with custom SSL certificates • Improvement: Databases and files can now be downloaded directly from the files list without opening the database first • Improvement: Syncing has been made significantly faster by avoiding unnecessary analysis cache downloads • Improvement: A “skip” button has been added on initial launch to avoid waiting for server connection while offline • Improvement: Changed the way Enterprise server deployments work to allow additional flexibility and customization • Improvement: Enterprise client updates can now be downloaded and synced to the Enterprise server for only specific platforms • Fix: The initial login window now correctly responds to other ways to close a window (e.g. Cmd-Q) • Fix: Disabling plugins via the -p switch is now correctly supported in Enterprise • Fix: Fixed multiple client crashes related to UI and networking • Fix: The Enterprise server now correctly works with the compose sub-command included with newer versions of Docker [Hidden Content]

Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, Linux. Disassemble : Disassemble executables and libraries from multiple formats, platforms, and architectures. Decompile : Decompile code to C or BNIL for any supported architecture - including your own. Automate : Automate analysis with C++, Python, and Rust APIs from inside or outside the UI. Analyze : Visualize control flow and navigate through cross-references interactively. Annotate : Name variables and functions, apply types, create structres, and add comments. Collaborate : Collaborate effortlessly with synchronized commits using our Enterprise product. Disassemble Files Vector 35 provides first-party support for dissassembly from multiple architectures, including x86, x86-64, ARMv7 (with Thumb2), ARMv8 (AArch64), PowerPC, 6502, Z80, and MIPS. Additionally, our community supports many other architectures through our public plugin ecosystem. Loaders are available for all major platforms (PE, Mach-O, ELF) and can be extended or customized using our API. Decompile Code Our built-in decompiler works with all of our officially supported architectures at one price and builds on a powerful family of ILs called BNIL. In fact, not just our architectures, but even community architectures can produce amazing decompilation. Our decompiler outputs to both C and BNIL and can be switched on-demand. Automate Anything Our extensive API can be used to create and customize loaders, add or augment architectures, customize the UI, or automate any workflow (types, patches, decompilation…anything!). Bindings are available for C++, Python, and Rust. Create Plugins Made something cool and want to share? Publish your community plugin and have it featured in our Plugin Manager! These plugins can be installed (or updated) at any time by any customer, right inside the client. Triage Quickly Use our API to quickly batch process files and see the results in our triage view. Use the entropy graph to identify areas of interest, like packed or encrypted data. Click on any location to navigate there quickly. Explore Interactively We didn’t just build the best automation and API for binary analysis, but our UI design is intentional and clean. None of the distractions, but all of the features you need for the biggest jobs including multiple tabs, synchronized and split views, custom layouts and more. Annotate Everything Reverse engineering is the process of exploring the unknown. As your understanding improves, we give you the tools to represent that and improve analysis. Add types, structures, comments, highlights, tags, and more. Patch Effectively Make binary patches quickly and effectively with a variety of tools purpose-built for speed. Edit lines of assembly directly, select a preset patch, edit raw bytes with our hex editor view, or even compile C into the executable directly with our own built in compiler SCC. Switch Platforms You’ll never be stuck. Binary Ninja not only runs seamlessly on Windows, macOS, and Linux, but every purchases includes all three platforms for one price. Run Headlessly No need to only do your analysis inside of Binary Ninja. Instead, bring Binary Ninja into your analysis environment. Use the python repl of your choice, or even statically compile our core analysis library into an existing framework, our analysis can be completely untethered from the UI. Download : [Hidden Content]

Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series of information from a given APK package, such as: List of files of the APK: file name, size, MD5, SHA-1, SHA-256 and SHA-512 AndroidManifest.xml info: app name, package name, version, sdks, permissions, activities, services, broadcast-receivers, ... CERT.RSA/DSA digital certificate info: serial number, validity, fingerprint, issuer and owner List of URLs, shell commands and other generic strings hard-coded into the classes.dex files Furthermore, NinjaDroid uses apktool and dex2jar to extract and store: JSON report file, which contains all the extracted APK info AndroidManifest.xml file (thanks to apktool) CERT.RSA/DSA digital certificate file classes.dex files translated .jar file (thanks to dex2jar) disassembled smali files (thanks to apktool) assets/ and res/ folders together with their content (thanks to apktool) [hide][Hidden Content]]

[Hidden Content]

Overview: NinjaDroid uses a modified version of the Androguard AXMLParser ([Hidden Content]) together with a series of other Python scripts (by Paolo Rovelli) based on aapt, keytool, string and such to extract a series of information from a given APK package, such as: APK file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); App info (e.g. app name, package name, version, lists of permissions, list of Activities/Services/BroadcastReceivers, etc...); Digital certificate info (e.g. validity, serial number, fingerprint MD5, SHA-1, SHA-256 and signture), including certificate issuer/owner info (e.g. name, email, company, country, etc...); All the strings hard-coded into the classes.dex file; The URLs and shell commands hard-coded into the classes.dex file; AndroidManifest file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); classes.dex file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); CERT.RSA/DSA file info (i.e. file size, MD5, SHA-1, SHA-256 and SHA-512); List of file entries (i.e. file name, file size, MD5, SHA-1, SHA-256 and SHA-512) in the APK package. Furthermore, NinjaDroid uses apktool ([Hidden Content]) and dex2jar ([Hidden Content]), together with other Python scripts in order to extract from an APK package: classes.dex file; translated .jar file (thanks to dex2jar); disassembled smali files (thanks to apktool); AndroidManifest.xml file (thanks to apktool); CERT.RSA file; assets/ and res/ folders together with their content (thanks to apktool); JSON and HTML report files, which contains all the extracted APK metadata. [hide][Hidden Content]]

System Ninja is a fast, powerful and effective system optimization solution for Windows. It’s designed to quickly remove junk files, improve system speed and fix problems. [Hidden Content] [hide][Hidden Content]]

Binary Ninja assistant plugin for vulnerability research. Description: This plugin aims to assist during the vulnerability research process by providing a full tracing of sources of parameters to selected functions. It also provides a scanning capability which uses the function tracer and applies several rules to detect potentially dangerous function calls. Author: Martin Petran Scanner is using set of rules and function tracker to perform basic analysis to detect any potentially vulnerable function calls. Issues that are found by this component are marked with tags that reflect the priority for a follow-up manual analysis. Following are the priority categories: 🔴 High - Detected conditions are likely to lead to vulnerability. 🟠 Medium - Detected conditions could theoretically lead to vulnerability. 🟡 Low - Detected conditions are unlikely to lead to vulnerability. 🔵 Info - Detected conditions were not clear enough to determine if the call is secure or not. [hide][Hidden Content]]

Features The binary multi-tool and reversing platform All Reverse Engineering API Powerful Editing Performance Hex Editor [Hidden Content] Demo: [Hidden Content] [HIDE][Hidden Content]]

Software Name: Black Worm Version: 6.0 [ Black Ninja ] Software Job: Create a spreading worm with a GUI to control it dotNET Framework: 4.0 Server, 2.0 Client Source code author before developing: njQ8 [ jnRat ] Developer: Black.Hacker Credits: in the About Form What's New? 1. Full Data Transfer Encryption using Base64 2. Modified Icon Manager 3. Modified Plugin Manager 4. Modified Admin Checker 5. Modified Plugin Invoking 6. Modified Custom Plugin Invoking 7. DynuDNS Updater 8. NO-IP Automatic Updater 9. New About Page 10. Stable WatchDog to look after your client 11. Add to SchTask 12. Hard Install [ Stealth Mode ] 13. FileZilla Stealer 14. Clean Password Stealer [ Fixes ] 15. CPU,FireWall,Client Privileges,MUTEX Information 16. File Binder 17. Added More than 100 New Custom Icons 18. Modified Desktop Infection 19. New Port Settings 20. New MUTEX Format (bWorm[xxxxxx-12345]) 21. Listview Style 22. Remove Empty Subs and Functions 23. Process Manager With Custom Colors 24. Command Shell 25. Remote Powershell 26. Remote Desktop 27. Keylogger Manager 28. RSA Encryption With 4096bit Encryption Key for the Host and Port 29. Stable File Manager With a Downloading Large Files and Arabic Names Support 30. Critical Process 31. Updating Password Plugin 32. Added Product Serial Stealer 33. Service Manager with Full-Service Controller 34. Startup Manager 35. Victim Notification with XtremeRAT Sound 36. Simple IP Tracker 37. Infect ZIP & RAR Files [ PoC ] [ UnTested ] 38. Clients Groups [ Single and Multi-Manager ] 39. Upgrade Software DotNET Framework From 2.0 to 4.0 34. Small GUI Changes 41. Small Fixes to the Socket to be more stable 42. Multi Transfer 43. Bug Fixes To download any large files from the Target Device you need to Foreword The Port 6060 BlackWorm v6.0 Black Ninja + Source Code [Hidden Content] Server.exe

WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability. View the full article

WordPress Ninja Forms plugin version 3.3.13 suffers from a CSV injection vulnerability. View the full article