weggli icon indicating copy to clipboard operation
weggli copied to clipboard
verified publisher icon googleprojectzero

Native binaryninja support based on rust API

Open fabianfreyer opened this issue 3 years ago • 5 comments

This is some rudimentary binaryninja support based on the stuff in https://github.com/Vector35/binaryninja-api/pull/2890.

For now this is mostly a proof-of-concept, and there are a lot of performance improvements that can (and should) be made. It's not yet ready for merging because:

  • ~~it depends on the changes in https://github.com/Vector35/binaryninja-api/pull/2890 which are unlikely to land without some changes to them~~
  • the binaryninja rust API isn't stable
  • it could use some prioritization based on identifiers in the query like in @mmaekr's binaryninja script ( #1 / #32 )
  • ~~line numbers are off, and could probably use replacement with function addresses.~~

This is what it looks like, for now: image

fabianfreyer avatar Jan 28 '22 06:01 fabianfreyer

Thanks for the PR. This looks like a fun feature, I wasn't aware that binaryninja has a working rust API. A couple of stupid questions (related to this PR and #32):

  1. Could we extend this to support binary ninja databases? I guess most users would like to run this against a db of some bigger target that they are currently reversing?
  2. Is it possible to a write Rust plugin equivalent to #32 and skip the whole Python interface?
  3. With this and #32 weggli would have two different integrations with binja. Maybe it would make more sense to turn this PR into a standalone CLI tool that dumps the decompiled code on the filesystem? That would also enable the use of other tools like joern, semgrep or ripgrep.

felixwilhelm avatar Jan 28 '22 14:01 felixwilhelm

  1. yes. In fact, the current API should support this already (although it seems to not work for some reason)
  2. yes, this was next on my todo list. In fact I'd like to even add some pane similar to the functions list where you can type a query in a pane and have clickable references in a list update when you press enter. Problem is that the rust API isn't stable and still pretty new, and a lot is missing from it still, so I had to add some of the missing functionality in https://github.com/Vector35/binaryninja-api/pull/2890
  3. yes, see https://github.com/Vector35/binaryninja-api/pull/2890/commits/ae8f69683e1d2fd35f8f1e4f49933fd24f64035d. That should probably do it.

fabianfreyer avatar Jan 28 '22 14:01 fabianfreyer

Now that https://github.com/Vector35/binaryninja-api/pull/2890 landed, I guess it mostly is a question of whether this is mergeable given that the rust bindings aren't considered stable yet.

There are probably some performance improvements that could be made, but that could be a future iteration.

fabianfreyer avatar Feb 17 '22 11:02 fabianfreyer

@felixwilhelm regarding question 1) above:

  1. Could we extend this to support binary ninja databases? I guess most users would like to run this against a db of some bigger target that they are currently reversing?

My previous comment "although it seems to not work for some reason" doesn't apply anymore. This has been fixed by https://github.com/Vector35/binaryninja-api/pull/3029.

Opening a BNDB now works.

fabianfreyer avatar Mar 21 '22 01:03 fabianfreyer

Rebased this on current main.

fabianfreyer avatar Sep 24 '22 01:09 fabianfreyer