Jump to content
Tuts 4 You

BinaryNinja Getting A Decompiler


Recommended Posts

Good features but bad GUI

The demo is kinda crippled, can't be patched into a full version.

if anyone has the full version then maybe we can fix it

Link to comment
1 hour ago, Kurapica said:

Good features but bad GUI

The demo is kinda crippled, can't be patched into a full version.

if anyone has the full version then maybe we can fix it

I agree. And it's more on a level with radare, in my opinion in terms of analytic capabilities and such.

Link to comment
16 hours ago, Kurapica said:

Good features but bad GUI

 

This is solely why I have avoided BinaryNinja entirely so far. The UI is just absolute garbage in my opinion. I've heard great things about their scripting API and now this new decompiler. Waiting to see how well it performs, what kind of output it can product and how much it'll cost. Perhaps I'll give it a shot then, but for now the UI keeps me away from using it at all. 

Link to comment

I wonder how they still use the same GUI although they internally use Qt for building the user interface !

I mean Qt has great capabilities and sure they can do much better with it

Relyze is also doing a nice job, in terms of speed and decompilation I think it's good but still needs more work.

Link to comment
1 hour ago, Kurapica said:

I mean Qt has great capabilities and sure they can do much better with it

Qt is sometimes very slow and I think they were trying to optimize for speed. Speed is good but user experience is very poor.

Link to comment
12 hours ago, deepzero said:

What do you dislike about their GUI? Seems decent to me.

First get the demo for windows, I got 1.3.2015 with build ID : 90ff0608

Apply these 2 patches to kill the nag and the session timer , file : binaryninja.exe , SHA-1 : 68F2D697505882F9999CBCF803B3B50E800C4F99

1 - @ file offset : 6BC3Ch  >> x90, x90 , x90, x90, x90, x90

2 - @ file offset : 6C07Fh  >> x90, x90 , x90, x90, x90, x90

 

Now :

 

1 - Switching between different views is mainly done via a small popup menu at the right bottom corner of the application's main form, very annoying to me and sometimes I pick the wrong option unintentionally

2 - Try the "Go to address" function, it's horrible, there is a "relative" check box which is supposed to mean "Enter RVA or VA" so you will have to guess which, I don't want to read the manual to find out ! it's supposed to be

intuitive or done via a combo box to specify the kind of address you mean, and in several cases I was taken to different places even when entering the same value for that address !

3 - The Intermediate languages they implement are not very useful compared to IDA's or Relyze pseudo code, in IDA and Relyze you can re-write it into C with some effort but in Binary Ninja you can't

4 - you can see "Symbols" or functions for a module in listbox on the left side and only with 1 column showing the name of that function, no way to know the function size in bytes or other info, I prefer a listview

with several sortable columns

5 - The way a function is layed out is not optimal, lots of wasted space between the blocks which even with a high resolution monitor will make it hard to navigate through the blocks

ScreenShot00252.jpg.266681896a5f7221c0e8c557050aefa7.jpg

 

 

 

 

Link to comment

Here is a more real-world example of BinaryNinja's decompiler on a personal target of mine that I work with regularly. This is a routine for encrypting a packet for an online game. This is a comparison of the following tools output:

  • IDA 7.0.170914
  • Ghidra 9.1
  • BinaryNinja 2.0.2097-dev

IDA has the best output currently, (ignore the renamed function calls they are named from my own edits).

eyWcwMo.png

 

Ghidra has decent output, although it does not have the optimizations and cleanup that IDA has yet to slim down some of the boilerplate code and to automatically detect helper inlines like qmemcpy's and similar. But the output is still very usable and helpful:

5XWX1Gm.png

BinaryNinja on the other hand has some bad display/output. The output basically resembles an enhanced version of Snowman in my opinion. The syntax is technically bad/wrong as it mimics a C/C++ style, but uses Python-like scope indentation. This looks terrible if you are a C/C++ coder (or similar languages). 

JsCvrX3.png

I get that this is new, so hopefully it'll grow into something better than this, but at this time, this output is not that great. And the way it handles displaying scope via tabs is horrid to look at when the rest of the syntax is trying to emulate a C-like look.

  • Like 1
  • Thanks 1
Link to comment
  • 4 weeks later...

BinaryNinja has announced the new prices, and with no surprise are slowly also pushing themselves away from many users.

https://binary.ninja/2020/05/11/decompiler-stable-release.html

A personal (named) license is now $299 with the only 'new' thing being the not-so-exciting decompiler as seen above. They are starting to push themselves closer to IDA pricing, which is just plain stupid on their part. Ghidra's decompiler can be made to run anywhere, and thus, why would anyone pick BinaryNinja over IDA when it comes down to features? I don't feel like they are branding themselves well at all and are trying to target the wrong setups/situations. Their new blog post mentions things like:

"Support for MacOS, Linux, and Windows. You’re not buying each platform separately." - Sorry but people that generally use this kind of software are users that stick to one primary OS for the most part. At most, people spin up a VM if they 'must' use a secondary OS for anything. This is not a selling point in my opinion at all.

"Decompiler for all architectures." - Again, the decompiler is not impressive so far. Ghidra's can be made to run in BinaryNinja and IDA (along with anywhere else) and is 100% free. The value for this being a new reason to increase the price of BinaryNinja is just not there, at all.

And sadly, like most other software companies, they still have this mindset that everyone is a student and consider their software "openly available for everyone" because they offer student pricing. Really wish companies would just stop with this nonsense. Price yourself better in general, don't selectively single out 1 small demographic. I'd wager most people in the RE scene are hobbyists, not students and are not directly in a career path that includes the use of these kinds of tools directly.

The only thing BNinja has going for it that most people praise it for is a good API. Outside of that, you don't really hear anything else good/interesting about it. So this price jump is honestly a stupid move in my opinion. 

  • Like 3
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...