Can you believe it’s been over 2 years since our last major version increment? We certainly couldn’t at first, but when we look over the list of changes since then it seems almost surprising we haven’t done it sooner! We’re super pleased to announce Binary Ninja 4.0 is available. It includes an absolutely massive set of improvements, new features, and fixes. Far more than any previous release and we can’t wait for everyone to try it out!

We’ve got so many changes that we’re not going to go into detail on each of them in a single blog post. Instead, we’ll be doing a quick summary of some new features and then over the next few weeks we’ll be doing deep dives into them.

Just check out this list of just the highest impact changes, and you’ll see why that’s the case:

• Binary Ninja Free
• Types View / Type Archives
• UI Refresh
  • New Tab
  • Themes
  • Sidebar Refactor
  • Icons
  • Symbols View
• Windows Improvements
  • Windows Platform Types
  • Kernel Types
  • COMPanion
  • Local/Remote Windows Kernel Debugging
• Documentation Refresh
• New Architecture: RISC-V
• Commercial Only
  • Projects
  • New Architecture: nanoMIPS
• Sidekick
• Many More

Binary Ninja Free

Since the launch of Binary Ninja, we’ve offered the demo version which was severely restricted and really only intended to let people get a taste of what it could do. We have however quietly expanded what it could do such as removing the time-limitation.

Coinciding with the release of 4.0, we’re pleased to announce the release of Binary Ninja Free. This version of Binary Ninja is free for evaluation or non-commercial purposes, and we hope it helps those who can’t afford a paid license but want to get into the easiest to use and best designed decompiler available. With Binary Ninja Free, one of the last big restrictions has been removed: you can now save/load databases. Of course, there’s always still cloud.binary.ninja which has support for additional architectures and can show all IL levels.

We expect to continue to add additional features into Binary Ninja Free over time, just as we’ve continued to add features into Binary Ninja Non-Commercial since it was launched.

Types View / Types Archives

Improvements to the type system are a major improvement to 4.0. Not only have we introduced a brand new Types View, but we’ve also added support for Type Archives. Type Archives are a new way to share collections of types with other Binary Ninja users, or just between two analysis sessions. No more manually copying type information back and forth between sessions!

We’ll update this section of the blog when we publish a much more in-depth explanation of these two new systems and how you can use them to make your reversing more efficient than ever, but in the meantime check out the updated user guide for more information on the Types View, and Type Archives.

UI Refresh

One of our major goals for 4.0 was to really focus on making the UI feel even fresher, easier to use, and adding even more power without overly complicating the experience of using it. Just because we think we have the top UI in our space doesn’t mean there isn’t room for improvement!

New Tab

The first thing you’ll notice in 4.0 is that the new tab has gotten a makeover. Not only does it make it easier to access important features (recent files and the different ways to open files), but the dedicated change log area makes it easier to scroll the list of changes.

Themes

The other thing you’ll quickly notice is that there’s a new default theme in 4.0. In fact, we didn’t just add one new theme, but three! While we selected Ninja Edit as our new default, we know you’re going to love our other two new themes, Slushee Dark and Slushee Light. And of course, don’t forget that we have a huge collection of third party themes available as well! Of course, we left the original theme, Dark as well so if you’re one of those folks who find change uncomfortable, you can always change it back in settings.

We’ve also refreshed the theme documentation in our documentation refresh for those of you interested in making your own themes, you should definitely check it out as you can now do even more themes in 4.0.

Icons

What UI refresh would be complete without new icons as well? Not only have we refreshed the obvious sidebar icons, but all the icons all over the product have gotten a more consistent look, while also enhancing their distinct function to make them even more intuitive and unobtrusive.

Symbols View

Previously called the components UI, the newly launched Symbols View exposes the power of components by default. While it was available as an experimental feature in 3.5, in 4.0 it’s been polished off, performance was improved, and now it’s on by default! Check out the documentation for more information on the many features in this new UI and how it can help you organize functions and variables to make your life easier (and it works great with Sidekick!)

While our 3.0 release brought the powerful pane system and the simplified sidebar system in its UI redesign, not everyone was happy with the lack of flexibility. We heard you, and we made some major improvements in 4.0. Now you have the ability to control exactly where your sidebar panels live, how many are shown, and many more UI elements support both vertical and horizontal orientations for even greater flexibility. We’re super pleased with this update that brings the smart defaults and ease of access we wanted in 3.0, while restoring some flexibility for custom layouts that customers have been missing!

Windows Improvements

The last few releases have seen several improvements to our support for windows types. We’ve come a LONG way since even 3.0. We added a huge amount of default types in 3.1, better demangling, PDB, enumeration support, and CFG handling in 3.2, SEH prolog/epilog inlining and more libraries in 3.3, and TTD Debugging in 3.5! However, there were a few crucial pieces missing that we’ve now added in 4.0: Kernel types along with platform type improvements, amazing support for COM, and support for local and remote kernel debugging!

Windows Platform Types

While some changes involved moving base types behind the scenes between type libraries and the Windows platform types, one obviously notable change is that _TEB and _PEB types are now available. Consider the above shellcode example above before and after applying the _TEB* type to the pointer loaded from FS:30.

Kernel Types

Keep an eye out here for a more in-depth explanation of the improvements to both the platform types and the kernel types, or just open up any kernel driver, and you’ll immediately see the difference!

COMpanion

We’ve actually front-loaded the extra blog post for one feature! Several weeks ago Peter wrote about our new COM support in 4.0 in a blog entry. Go check it out as there’s a lot more than just a few extra types and these new changes add up to a massive quality of life improvement for anyone doing COM reverse engineering.

Kernel Debugging

Our open-source debugger continues see major improvements and in this release, we’ve added both local and remote Windows Kernel Debugging.

Documentation Refresh

If you happen to be on an OS that supports light/dark mode you might have noticed for a week now that the dev docs can switch based on your OS’s preferred color scheme. You can also manually trigger it yourself using the sun icon at the top. This change is now on stable as well.

That said, there’s far more useful changes than just the theme! Check out the commit that landed the new code to see the summary, or just dive right in to the new documentation.

New Architecture: RISC-V

New in 4.0 is our first new architecture in several releases, RISC-V. Like all our other default architectures it is open source. Check back later for a follow-up blog on the details of what you can expect when lifting and decompiling RISC-V 32bit and 64bit binaries.

Commercial Only

For the first time in… well, since the launch of Binary Ninja, we’re adding a feature that is only available to the commercial edition and above. If you’re not familiar with the full history, at launch the non-commercial edition was limited to a single thread, had no headless API, and didn’t have caching of analysis data in the saved BNDB files.

However, over time we’ve continued to add features from commercial to non-commercial and prior to 4.0 the only remaining differences was the right to use the software for commercial purposes, and the headless API.

With 4.0, we’re finally adding our first commercial and enterprise only feature: Projects. Additionally, two other paid add-ons are now available: nanoMIPS support, and Sidekick.

Projects

Projects allow you to not only collect related analysis databases (or any other related files) but allows you to establish connections between databases, so you can walk cross-references. Think of a piece of malware that contains functionality split across multiple DLLs, or an embedded firmware that has multiple processes with RPC set up to call between them. You can link call destinations so that you can directly navigate within a project to the appropriate library. Check back for our updated blog post on projects!

New Architecture: nanoMIPS

At the request of a few customers we’ve added a paid nanoMIPS plugin. If you’re interested in a separately purchased plugin for nanoMIPS support, contact us.

Sidekick

Sidekick is our exciting new AI assistant for reverse engineering. It’s not just simply “send my text to the LLM and ask it to summarize it for me”, but rather represents the culmination of years of internal research and a combination of our own ML models and best-of-breed public tooling to make the best experience possible in reverse engineering.

While the full service is a paid offering, you can install it from the plugin manager and check out several of the features already.

We’re still in early-access, but we’ve caught up on sign-ups, so there’s no wait if you want to check it out now!

There are a lot more details coming about the many ways Sidekick can help enhance your reverse engineering, so keep an eye out for future blog entries. In the meantime, here’s a few real customer quotes:

• I feel like Sidekick will slice through a binary like a hot knife through butter. … Dude. This is sick! I haven’t been this excited about anything in a while.

• Sidekick is awesome.. saving me a ton of time.

If you want to see more specifics check out our launch stream segment on Sidekick.

Open-Source Contributions

Special thanks (in no particular order) to the following open source contributors! reciate, rbran, emesare, SmoothHacker, saagarjha, greaka, patacca, pdietl, 0xcaff, nullableVoidPtr, nbailluet, resistor, v1X3Q0, yrp604,

Other Updates

And those are just the major features, here’s a more complete list of Features, Improvements, and Fixes (and even a deprecation or two) for 4.0:

UI Updates

• Feature: New Symbol browser provides support for folders
• Feature: Symbol search now supports tokenized search
• Feature: New Types browser adds support for
• Feature: Find dialog now supports tabbed results
• Feature: Ability to have a right sidebar
• Feature: Tool tips of structure members now show their Type, Size, and Offset
• Feature: User-informed Dataflow is available in many more locations
• Feature: Add ability to show only ‘user’ symbols in Symbols Sidebar
• Feature: Added ability to search in Merge Variables dialog
• Feature: Added Recommended Merges in ‘Merge Variables’ dialog
• Feature: Added Merge Variables Here action
• Feature: User-informed Dataflow now shown in Variables list
• Feature: Allow User-informed Dataflow actions in the Variables list
• Feature: Use symbol’s common prefix to suggest component name
• Feature: Added Platform Indicator in status bar
• Feature: Added action to clear default layout
• Feature: Triage View now support search of ordinals
• Feature: Feature Map now support 1 dimensional (Linear) mode
• Feature: Render COM GUIDs nicely
• Feature: Settings ‘objects’ are rendered as editable tables in Settings view
• Improvement: Merge Variables action now triggerable from the ‘Variables’ Sidebar
• Improvement: Tab tooltip now shows full path of file
• Improvement: New Styling of the Tab Bar
• Improvement: Entry and Exit indicators show only on disassembly graphs now
• Improvement: Better error logging when themes fail to load
• Improvement: Better shift scrolling
• Improvement: Better integer display in ‘Create Array’ dialog
• Improvement: Better hiding/displaying settings under some conditions
• Improvement: More consistent navigation to main symbol on file load
• Improvement: Added Analysis Indicator in Linear View Function header
• Improvement: Better analysis of builtin_memcpy and wide string detection
• Improvement: Settings view search is now case-insensitive
• Improvement: Better handing of opening URLs on Windows and Linux
• Improvement: Update to Qt 6.6.1 which fixed a number of issues 1, 2
• Fix: Issue on macOS were menu items were duplicated
• Fix: Issue where dev branch would try to update to stable
• Fix: Issue with sub-menus were clickable
• Fix: Issue with rendering in Cross References pane
• Fix: Issue rendering >= 128 bit integers and non power of 2 integers
• Fix: Issue where Update Channel dialog was unnecessarily resizable
• Fix: Crash that could occur when closing triage view
• Fix: Issue where save would suggest suboptimal file names
• Fix: Issue with padding of types dialog
• Fix: Possible crash in Linear View
• Fix: Issue where URL handing on Windows and Linux did not work correctly
• Fix: Issue affecting plugin requirements installation
• Fix: Issue affecting CFString rendering
• Fix: Rendering issue with ‘linear’ Feature Map
• Fix: Text Input of ‘Add Segment’ Dialog
• Fix: Crash that could occur when sorting cross-references
• Fix: Issue with pasting into ‘Import Header File’ dialog
• Fix: Issue affecting selection in memory map
• Fix: Potential hang on application close
• Fix: Issue affecting when ‘Override Call Type’ and ‘Set Stack Adjustment’ could be used
• Fix: Potential hang on close of a tab
• Fix: Issue with default address in ‘Create Stack Variable’ dialog
• Fix: Memory Leak in ‘Create Structure’ dialog
• Fix: Focus Ring of some dialogs
• Fix: Issue with scrolling in Settings view
• Fix: Issue with focus in Enum selection dialog
• Fix: Issue with rendering ‘CHAR’ in Linear View
• Fix: Issue preventing assembly dialog from getting smaller
• Fix: Issue with font in Memory Map
• Fix: Crash when adding segments via the API
• Fix: Issue with case sensitivity in Find dialog
• Fix: Issue resizing Merge Variables dialog
• Fix: Issue with consistency of star icon in plugin manager
• Fix: Representation of structures with inheritance in Stack view
• Fix: Issue with ‘About…’ menu item on macOS
• Fix: Copy for some strings in Linear View

Platform

• Feature: New ‘windows-kernel’ Platform
• Feature: New windows-kernel Type Libraries and Platform Types
• Feature: New Import Type by GUID in Windows binaries
• Fix: Issue where the type parser on macOS doesn’t use Darwin target
• Fix: Issue with varargs in windows Type Libraries
• Fix: Issue affecting platform types in Mach-O Thumb2 binaries
• Fix: Issue with ordinal to name mapping for ws2_32.dll
• Fix: Issue with demangling Microsoft mangled names

Binary View

• Feature: Display Rich Header lookup information in Linear View Summary for PE files
• Fix: Issue caused by improper ELF parsing
• Fix: Issue where PE files would discard DLL name for some symbols
• Fix: Issue parsing Mach-O symbols
• Fix: Improved parsing of PE Relocations
• Fix: Multiple issues with Mach-O export trie processing
• Fix: Issue with sign of enumerations while importing types from a PDB
• Fix: Sign of HRESULT when imported from PDBs

Architecture

• Feature: Added ability to register an architecture based on ELF Machine Type
• Feature: Added RISC-V Linux Kernel relocations
• Improvement: Added support for ARM-ELF R_ARM_TLS_DTPMOD32 and R_ARM_TLS_DTPOFF32 relocations
• Improvement: Added support for some MIP64 instructions
• Improvement: Added support for PPC fcmpu instruction
• Improvement: Updated PPC Disassembler (Capstone)
• Improvement: ARM64 PAC instructions no longer affect dataflow
• Improvement: ARM64 PAC instructions no longer lifted as intrinsic
• Improvement: Better handling of blx lr instructions
• Fix: Issue where x86 ‘int’ instruction didn’t was ‘unimplemented’
• Fix: Issue where vbroadcastsd showed in correct memory access
• Fix: Issue where TLS symbols were missing in some ARMv7 ELF binaries
• Fix: Issue with MIPS PLT entries
• Fix: Issue with MIPS64 PLT entries

Analysis

• Feature: Support for opening dSYM files
• Feature: Automatically Navigate to WinMain on x86_64 binaries
• Feature: Added get_large_choice_input to select from a large choice of items
• Feature: Python SidebarWidget API now get notified when the its being closed
• Feature: Add as setting to control auto variable naming
• Feature: Add new setting type: object
• Feature: Add new setting attribute: hidden
• Feature: Add ability to set UIDF of intrinsics
• Improvement: Improved floating point parameter recovery
• Improvement: Analysis of push/ret
• Improvement: Better parsing and exporting of types with circular references
• Improvement: Better analysis of partially access registers passed through calls
• Improvement: Better integer to float conversion in HLIL
• Improvement: Added new heuristics to automatically discover floating point return values
• Fix: Issue with setting enumeration values
• Fix: Crash caused by outlining
• Fix: Multiple crashes when loading some files with DebugInfo
• Fix: Issue that affected jump table calculation
• Fix: Issue where inherited structure members showed up as __offset(0)
• Fix: Issue where ARM -> Thumb calls were not showing up
• Fix: Issue where minStringLength was not respected
• Fix: Issue affecting cross references to VTables
• Fix: Issue preventing array index simplification
• Fix: Issue affecting selection of proper builtin
• Fix: Issue applying DWARF for Arm/Thumb binaries
• Fix: Issue importing types with inheritance from Type Libraries
• Fix: Issue importing types from Type Libraries
• Fix: Issue with arrays not being recognized in HLIL
• Fix: Issue with detection of main in windows binaries
• Fix: Crash while analyzing some binaries
• Fix: Crash when None gets passed in to some python APIs
• Fix: Issue with order of operations of Not/Neg instruction in Pseudo-C
• Fix: DWARF Export compatibility with other tools

API

• Feature: New api for reading strings from an IL object
• Feature: New traverse api for traversing IL expression trees
• Feature: Structure Member types support confidence
• Feature: Added support for Components in the DebugInfo API
• Feature: Added API to get the original base address of the binary
• Feature: Project support in GetSaveFileNameInput
• Feature: GetSaveFileNameInput now allows filtering by extension
• Feature: Added new NotificationBarrier API for high performance notifications
• Feature: Added new LLIL and MLIL SEPARATE_PARAM_LIST_SSA, SHARED_PARAM_SLOT_SSA to better describe integer vs floating point argument usage
• Feature: Added new Project APIs
• Feature: Added new TypeArchive APIs
• Feature: Added BinaryView.metadata property to retrieve all metadata
• Feature: Added TypeLibrary.metadata property to retrieve all metadata
• Feature: Added BinaryView.import_type_library_by_GUID
• Feature: Added BinaryView.get_type_name_by_GUID
• Feature: Added TypeContainer UI API
• Feature: Added TypeBrowser UI API
• Feature: Added Animation UI API
• Feature: Added Symbolic SymbolType
• Feature: Added SSAVariable.def_site
• Feature: Added SSAVariable.use_sites
• Feature: Added support for Architecture intrinsics in Rust API
• Feature: Added support for assemble callbacks in Rust
• Feature: Added support for relocations in Rust
• Feature: Added support for function recognizers in Rust
• Feature: Added support for HLIL in Rust
• Feature: Added GetRelocationsAt API
• Feature: Added BinaryView.read_uuid API
• Feature: Added exprIndex field to BNInstructionTextToken
• Improvement: Component class now hashable
• Fix: Crash in get_address_input
• Fix: Issue where ‘get_view_of_file’ could wrongly return None
• Fix: Issue where DebugInfo.parsers didn’t work
• Fix: Issue where BinaryView.load() return incorrectly
• Fix: Issue causing unnecessary log errors
• Fix: Issue with repr of BasicBlock objects
• Fix: Numerous memory leaks
• Fix: Issue with define_user_symbol in the Rust API
• Fix: Issue with Type.with_replaced_* APIs
• Fix: Issue with NameList.StringSize() for empty NameLists
• Fix: Issue with BinaryView::GetRelocationsAt
• Deprecated: Numerous BN APIs

Debugger

• Feature: Added support for local and remote Windows kernel debugging
• Feature: Added support for using the debugger without opening a file
• Improvement: Updated to Qt 6.6.1
• Improvement: More robust handling of the DbgEng DLLs
• Improvement: Use new icons
• Fix: Windows non-TTD debugging not using PDB file name
• Fix: Breakpoints for non-PIE Linux binaries do not work
• Fix: Lots of undo action warnings when using the debugger
• Fix: Various crashes (#546, #534, #537) and memory leaks (#544)

Miscellaneous

• Improvement: Include product type and build info in the Windows installer file name
• Improvement: Docs have been completely revamped and improved

Enterprise

• Feature: Files are uploaded to projects in the background
• Feature: Projects can now be used offline
• Feature: Local projects can be imported in their entirety to your server
• Feature: Remote projects can now hold files other than analysis databases
• Feature: Type Archives can be created remotely and will sync their changes
• Improvement: Remote Browser is now a dialog that takes you to the Project Browser
• Improvement: Project Browser no longer opens every file with options by default
• Improvement: Project file and folder count is included in Remote Browser
• Improvement: API class names for remote models have been renamed to Remote<Class>
• Improvement: Added compatibility.py for scripts written prior to 4.0 using the old names
• Improvement: File creation date is now stored on the server
• Improvement: Server status bar button is now properly themeable
• Improvement: Some small performance increases in merging databases with many types
• Improvement: New --no-validate-tls flag on Enterprise Server
• Improvement: Docs now have search!
• Fix: Opening files when Binary Ninja is closed works properly
• Fix: Opening on new versions of macOS no longer requires you to tab into the application
• Fix: Window loses focus when connecting on startup
• Fix: Exception thrown when merging types with no name
• Fix: Pinned Enterprise Server dependencies in Dockerfile
• Fix: On macOS some Qt dialogs would steal focus and not give it back
• Fix: Project file names are no longer stored in user preferences
• Update: Increased minimum required version of docker-compose to 2.0 for Enterprise Servers

…and, of course, all the usual “many miscellaneous crashes and fixes” not explicitly listed here. Check them out in our full milestone list: https://github.com/Vector35/binaryninja-api/milestone/14?closed=1