My PR to Binary Ninja to provide a “Pseudo Objective-C” representation of decompiled code was merged and is available in the latest 5.1-dev builds. For best results, use in conjunction with https://github.com/bdash/bn-objc-extras to hide Obj-C memory management noise and propagate more type information.
#binaryninja #reverseengineering #objectivec
https://social.bdash.net.nz/@mrowe/114468984084790336
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolodev ; available in the plugin manager.
Check it out: https://github.com/mrphrazer/obfuscation_analysis
I managed to finally get BYUCTF's pwn/MIPS going. Ghidra gave me a wrong value for __stack_chk_guard and also didn't tell me about it being a pointer. Binary Ninja helped (but had some other issues).
I have updated my writeup, FWIW:
http://www.feyrer.de/redir/BYUCTF2025-Writeup.html
#BYUCTF #ctf #cybersecurity #ghidra #binja #binaryninja @binaryninja
Crazy thought… what if your decompiled Objective-C code looked like Objective-C code?
Today's journey: implementing an Objective-C “pseudo-language” view for Binary Ninja.
My plug-in providing this additional analysis is available at https://github.com/bdash/bn-objc-extras
I've been experimenting with improving Binary Ninja's analysis of Objective-C code recently. Having the ability to hide Obj-C runtime reference counting calls, and apply type information based on [super init] and objc_alloc_init calls can dramatically improve the readability (and in some cases even accuracy!) of the decompiled code.
![After: Decompilation of the same function, but with retain / release calls removed and the type of [super init] propagated to the local variable. As a result, access to instance variables are correctly recognized and field names are displayed.](https://files.mastodon.social/cache/media_attachments/files/114/455/811/447/489/345/original/27f576a6cac6098e.png)
Control Flow Hijacking via Data Pointers
CC: Jordan Jay
#infosec #hijacking #windows #binaryninja #reverseengineering
🔍 Introducing MCP Server for Binary Ninja: Connect your AI assistants directly to @binaryninja for powerful reverse engineering! Get pseudo code, analyze functions, rename symbols, and more—all through the Model Context Protocol. Works with Claude Desktop, Cherry Studio and any other MCP Clients.
https://github.com/MCPPhalanx/binaryninja-mcp
#ReverseEngineering #BinaryNinja #LLM #MCP #AI
At @recon , @nicolodev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: https://cfp.recon.cx/recon-2025/featured/
I'll also give a training: https://recon.cx/2025/trainingSoftwareDeobfuscationTechniques.html
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Released Binja Apple Blocks Plugin 0.4.0, adding support for generic helper info on block descriptors.
Created my first #BinaryNinja plugin - it helps apply API function prototypes to variables based upon the variable name. Hopefully it gets accepted into the community repo soon (already submitted the issue requesting the addition)
https://github.com/xorhex/binjaextras
Thanks again @cxiao for the suggestion and code snippet to add the type lib if not found!
Guys; you should try binary ninja on reversing c++ classes. Look at this writeup from Sean Deaton.
Gotta RE 'em All: Reversing C++ Virtual Function Tables with Binary Ninja
https://www.seandeaton.com/gotta-re-em-all-reversing-c-virtual-function-tables-with-binary-ninja/
#binaryninja #binary_ninja #binary #ninja #reversing #reverseengineering #cpp
Here is it in plugin form. Testing more before releasing it.
GIF linked as it’s to large to upload here: https://raw.githubusercontent.com/xorhex/binjaextras/refs/heads/main/bn_type_application.gif
#binaryninja #reverseengineering https://infosec.exchange/@xorhex/113445847615931941
1. I think this is my favourite: Auto (more meaningful ) rename. Guys it is really annoying and hard to understand renamed registers in decompiler output:
https://github.com/Vector35/binaryninja-api/issues/2967
2. This is waiting for 2 years (I thought that would be more easy to implement):
https://github.com/Vector35/binaryninja-api/issues/3289
3. GCC/Clang RTTI analysis
https://github.com/Vector35/binaryninja-api/issues/3857
4. Peter himself opened this one 4 years ago (yes 4 years)
https://github.com/Vector35/binaryninja-api/issues/1888
5. Trivial but that would be nice (Hex Rays can do this on windows binaries but cannot do on Linux binaries)
https://github.com/Vector35/binaryninja-api/issues/3290
6. Peter also agreed that we need this:
https://github.com/Vector35/binaryninja-api/issues/3530
7. OK last one:
https://github.com/Vector35/binaryninja-api/issues/3313
Going to make this into a #binaryninja plugin soon, but if you want to apply a Windows API type to a variable (tested in the binaryview MLIL):
- Load this script
```
def apply_type():
t = bv.import_library_object(current_variable.name)
if t is not None:
new_type = f'{t.get_string_before_name()} (* {current_variable.name}) {t.get_string_after_name()}'
current_variable.type = new_type
else:
print(f'Type not found for {current_variable.name}')
```
- Change the variable name to match the windows API call being made
- Select the variable in the binaryview and run this in the python console: `apply_type()`
This is useful for when malware dynamically resolves API calls.
“Unstripping” binaries: Restoring debugging information in GDB with Pwndbg - By Jason An
GDB loses significant functionality when debugging binaries that lack ... https://blog.trailofbits.com/2024/09/06/unstripping-binaries-restoring-debugging-information-in-gdb-with-pwndbg/ #applicationsecurity #internshipprojects #binaryninja #go
