Binary Ninja
Anyone used this software?
https://binary.ninja/ The demo was a pleasure to use and this could save me a bunch of time, just trying to collect experiences from people before I lay down the cash. |
Re: Binary Ninja
Guess it depends on what you want to reverse or decompile. Binary Ninja is picking up traction due to it's nice interface and mostly price.
Radare2 and IDA with plugins covers more file formats and architectures. If you only need to reverse exe's and the basic stuff, then Binary Ninja should be fine. With IDA being the industry standard you will likely get much better community support with it. Something else to consider. A slightly biased comparison chart but you are only really interesting in the first few tables anyway: http://rada.re/r/cmp.html Chinese hackers crowd fund buying expensive tools and a recent spat where 40 people put in to the pot for IDA 7 for mac/windows and most it's plugins ended up with a few of the group trying to sell the software to recoup some money. The others got upset over this and released it to all for free. So if you search for 'IDA 7 Leak', you would come across this leak. Just another avenue if you considered comparing :) |
Re: Binary Ninja
This is now sorted.
Anyone know how to understand these opcodes? |
Re: Binary Ninja
Code:
section .data |
Re: Binary Ninja
Quote:
Its not that hard to do (or follow) once you have a lookup of what all the codes actually do. (which is mostly just moving data from memory to registers and back again). |
Re: Binary Ninja
Quote:
The ebx and eax type codes are registers and memory addresses. If you are de-compiling malware you want to watch for the code jumping to memory locations (jmp) and if the commands are changing registers or data at the locations, via mov or push type codes. You can tell the type of register by the e** code. Very simplified and probably worded wrong :P |
Re: Binary Ninja
Wow, takes me back to breaking dongle protected code. Just locate all the program points that called INT21: Exit to DOS services. Backtrack a bit and find the test for leave or stay. Patched to stay and try each one. Job done. ;)
|
All times are GMT +1. The time now is 04:21. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.