capa icon indicating copy to clipboard operation
capa copied to clipboard

Published 20 hours ago verified publisher icon mandiant

binary ninja plugin

Open psifertex opened this issue 5 years ago • 9 comments

Summary

There's already an IDA plugin (and #49 tracking the for a ghidra plugin), would be nice to have BN plugin.

Motivation

Because many people use BN and capa has some nice features that would be great to expose to BN users.

psifertex avatar Jul 17 '20 18:07 psifertex

I'm working on this right now (starting with just the import script to test) and I came across: https://github.com/fireeye/capa/blob/master/scripts/import-to-ida.py

Can you clarify how the "All Rights Reserved" on that interacts with the Apache license on the whole repo? I assume it's an artifact from before the apache license was added?

I'd like to create a derivative of that script but obviously I can't do that if it's under full copyright and not Apache. :-)

psifertex avatar Jul 17 '20 18:07 psifertex

The capa tool and its supporting resources are released under the Apache 2.0 license. The FireEye legal team had asked us to include the header on each source file, though to be completely honest, I don't know the ins-and-outs. I will ask around and see if they can clarify what they expect this header to convey. For the past many months, there has been agreement to release the tool under Apache 2.0 so I do not expect to encounter any surprises during this discussion.

Thanks for double checking on this. We want the tool to be used in many ways, and will do our best to make this easy for you. I'm excited for the Binary Ninja importer and any other integrations!

williballenthin avatar Jul 19 '20 21:07 williballenthin

Thanks! If you don't mind a suggestion, maybe:

Copyright (C) 2020 FireEye, Inc. Released under an Apache License Version 2.0.

is worth running by the legal team. If they've already agreed to the license I can't imagine they'd mind as you point-out.

Normally having the repo license be Apache 2.0 is enough to be sure, but it's not uncommon for some repositories to be generally released under a specific license but to have some files inside of it released under a different license and my understanding of "All Rights Reserved" is that it's explicitly full copyright that does not allow any other adaptations like those encouraged by open source licenses.

psifertex avatar Jul 19 '20 22:07 psifertex

Let's move the licensing discussion to #173. Please keep updating us on the Binary Ninja integration here!

williballenthin avatar Jul 21 '20 15:07 williballenthin

Hey, is this still planned/in development? :-) Sorry to bump such an old issue

agnosticlines avatar May 28 '23 14:05 agnosticlines

No worries! There has actually been some activity behind the scenes not represented here. There is still interest and in fact Capa now uses Binary Ninja as one of its backends for automation. No immediate timeline but there is also interest from several parties in potentially putting together a UI based plugin too

psifertex avatar May 28 '23 15:05 psifertex

Hey is there updates regarding the plugin ?

Compr0mzd avatar Jul 27 '23 08:07 Compr0mzd

@xusheng6 and the Vector35 crew have implemented a Binary Ninja backend for capa. We haven't had a chance to implement a UI plugin yet, unfortunately. I won't hazard a guess as to an ETA since I'm usually too optimistic.

Of course, we'd be happy to guide or mentor a contributor to port the IDA plugin to Binary Ninja. Both rely on Qt so I hope that the architecture will translate easily.

williballenthin avatar Jul 27 '23 14:07 williballenthin

I remember the IDA plugin comes with a rule editor. It would be easier to first implement a BN plugin that browses the capa result. After that, if people really need the rule editing feature, we can get started on portion that part as well.

xusheng6 avatar Jul 27 '23 14:07 xusheng6