BinNavi

zynamics BinNavi is the primary binary code reverse engineering tool
based on graph visualization
Description

BinNavi is a binary code reverse engineering tool that was built to assist vulnerability researchers who look for vulnerabilities in disassembled code.

With BinNavi you can analyze disassembled x86, ARM, PowerPC, and MIPS code using the powerful built-in static code analysis techniques. In cases where static code analysis is not enough, you can use the built-in debuggers to get a live view on the program you are analyzing.
Use Cases
  • Do control flow based code analysis of disassembled x86, ARM, MIPS, and PowerPC code
  • Cut down on complexity by removing unimportant code from functions
  • Use powerful remote debuggers to debug programs on different operating systems
  • Use Differential Debugging to quickly locate relevant code
  • Create and assign user-defined tags to mark important functions and basic blocks
  • Use advanced code analysis algorithms to keep track of data and code
  • Manage all your reverse engineering projects in one central database
  • Write scripts and plugins to extend BinNavi to meet your specific goals
  • Rename and annotate variables and functions to make them self-explanatory
  • Use the REIL meta-language to write platform-independent program analysis code

To learn more about the features and use cases of BinNavi please take a look at the BinNavi manual.
Screenshots
BinNavi 3.0 main window

Screenshot 1: BinNavi 3.0 main window

BinNavi graph window

Screenshot 2: BinNavi graph window

Highlighting call instructions

Screenshot 3: Highlighting call instructions in disassembled code

Debug trace

Screenshot 4: Debug trace that logs registers and memory values

Debugging a Cisco router

Screenshot 5: Debugging a Cisco 2600 router (Using GDB Agent, see below)

Scripting

Screenshot 6: Using scripts to access disassembly data

REIL

Screenshot 7: Using the platform-independent intermediate language REIL


Videos
Two videos are available that demonstrate the workflow with BinNavi.

The first video shows how BinNavi is used to isolate potentially interesting code in the Pidgin instant messenger client. In less than four minutes, the functions responsible for sending and receiving messages are isolated.

Video: Isolating interesting code in Pidgin (5 MB Flash Video)

The second video shows how BinNavi is used to resolve the target addresses of dynamic function calls. This is useful to get a better idea of the control flow in programs with many dynamic function calls, for example C++ programs which make use of class inheritance.

Video: Automatically resolving dynamic function calls (13 MB Flash Video)

GDB Agent
Out of the box BinNavi can debug applications on 32-bit Windows, 32-bit Linux, and Windows Mobile. If you want to debug devices that run a GDB server with BinNavi you can additionally purchase the BinNavi debugger GDB Agent.

The GDB Agent can be used to debug a wide variety of devices like Cisco routers or Netscreen firewalls. If you want to learn more about the supported devices and whether the GDB Agent is useful for you, please contact the zynamics customer support.