Ryan Stortz has a new post on the Trail of Bits Blog on the tool Binary Ninja:
Using Vector35’s Binary Ninja, a promising new interactive static analysis and reverse engineering platform, I wrote a script that generated “exploits” for 2,000 unique binaries in this year’s DEFCON CTF qualifying round. If you’re wondering how to remain competitive in a post-DARPA DEFCON CTF, I highly recommend you take a look at Binary Ninja. Before I share how I slashed through the three challenges — 334 cuts, 666 cuts, and 1,000 cuts — I have to acknowledge the tool that made my work possible. Compared to my experience with IDA, which is held together with duct tape and prayers, Binary Ninja’s workflow is a pleasure. It does analysis on its own intermediate language (IL), which is exposed through Python and C++ APIs. It’s comparatively simple to query blocks of code, functions, trace execution flow, query register states, and many other tasks that seem herculean within IDA.
Binary Ninja is a commercial product, not open source, US$$100-400, with an Enterprise level coming soon:
Binary Ninja currently comes in two different flavors. The personal edition is primarily for students and hobbyists to give them a powerful feature set at an extremely affordable price. The personal license’s primary restriction is that it only allows non-commercial use. The standard license includes more than just the freedom to profit with your work though. Some specific features targeting professional or power users are also included, while still keeping the personal edition featureful.
Well, it comes from an open source roots, and that is still available, but deprecated, see the Prototype page and the Github page: