Products > SABRE BinNavi

Do you need to have code execution reach a certain part of an executable ? Do you want to visualize program structure ? Do you want to visualize the code coverage of your black-box testing or for benchmarking fuzzers ? Do you want to perform security analysis of your Cisco router ?

SABRE BinNavi is the world's first debugging system based on directed graphs and graph visualisation. Using a third-party disassembler (for example IDA Pro [http://www.datarescue.com]), to generate disassemblies, SABRE BinNavi can:

  • Display, layout, color and edit call hierarchies to clarify dependencies
  • Navigate execution to a certain location in the code to prove/disprove hypothetical vulnerabilities
  • Assist in crafting input to reach given code locations
  • Interactively explore the structure of the program
  • Run Python-scripts to automate reverse engineering tasks
  • Debug on many different platforms: Win32, Linux, Cisco IOS, ScreenOS etc.
It is usually best to explain SABRE BinNavi with the help of screenshots:
  • The first screenshot shows the callgraph browser of BinNavi. In the screen, a callgraph of a commercial IMAP server in the immediate vincinity of the recv-function (which is highlighted in magenta). Only the function that calls recv and close neighbors are shown to reduce clutter on screen.


  • The next screenshot shows the control-flow-graph of a function in the IMAP server. It also shows BinNavi's built-in python interpreter in full swing: With a short 6-line script one can detect the natural loops in a function and output the addresses of the basic blocks contained therein.


  • The third screenshot shows the interaction of BinNavi with the included debugger: Two debug traces were created, one collecting all functions that are executed when an IMAP-client connects to the server, and one that collects all functions that are executed upon sending the 'CAPABILITY'-verb. The second trace was made visible, yielding a graph that shows all fuctions executed upon sending said verb, and their relations to each other.


  • The fourth screenshot shows how BinNavi can be used to do 'differential debugging' (sometimes incorrectly called 'active reversing'): Debug traces can be used like regular sets, and functionality in the executable can be easily isolated. In this screen, the functions that execute when 'CAPABILITY' is sent, but do not execute on a simple connect-disconnect have been highlighted in green.


  • Execution traces can of course be performed on the function flowgraphs themselves. Here the flow through a function handling user input has been highlighted.


  • Like in any other debugger, breakpoints can be set, registers and memory can be inspected. And like in any serious debugger, all these things can be scripted.

  • The point that differentiates BinNavi most from our competitors is the focus on allowing reverse engineering on a wide variety of platforms through the same interface: The next screenshot shows BinNavi debugging a Netscreen NS5XT VPN Gateway. BinNavi can debug other network devices like Cisco IOS-based routers, or even your WinCE-based smartphone !

With our release of SABRE BinNavi v1.2, many important features have been added:
  • Open Database Format: SABRE BinNavi now stores all data in a MySQL database in a convenient and flexible format. This facilitates the sharing of disassembly results amongst multiple users, data management and backup.
  • Integrated Python Interpreter: SABRE BinNavi allows access to the entire disassembly, all callgraph and flowgraph structures, the memory and registers of the debugged process and much more from the convenience of an integrated Python command line
  • Availability of the SABRE BinNavi GDB agent allows debugging on any platform which supports the gdb serial protocol. This includes most UNIXes and network embedded devices such as Cisco routers and Netscreen VPN appliances.
Please see the flash movies at the [BinNavi Flash Page] to get a better impression SABRE BinNavi's capabilities.

SABRE BinNavi consists of a Java-based GUI and several small debug clients for different platforms. SABRE BinNavi allows you to:

  • Simultaneously set breakpoints on all known functions to see coverage and normal program flow
  • Visualize and replay program execution
  • Edit, move, and color nodepaths and nodes in the code flow path to aid in program understanding

Currently supported platforms (for the debugger) are Win32/x86 and Linux/x86 (ptrace). A WinCE/ARM debugger is experimental and is available (but sometimes buggy). The GUI is in pure Java and has been successfully tested on Windows, MacOS X and Linux.
We are also proud to offer the SABRE BinNavi GDB Agent, which allows debugging on any platform that speaks the GDB serial protocol in a dialect that we can deal with. The SABRE BinNavi GDB agent has been successfully tested under the following platforms:

  • Linux x86
  • FreeBSD x86
  • Cisco IOS (PowerPC)
  • Netscreen ScreenOS (PowerPC)
We expect it to work with most hardware / JTAG debuggers.

SABRE BinNavi consists of a GUI and a set of debug clients. client and an extension to the commercial disassembler IDA Pro [http://www.datarescue.com/]. You need a recent version (4.9 or higher) of IDA Pro to use SABRE BinNavi.

Pricing:
Per-Engagement License (4 weeks, single user): 800 EU (1080 USD)
Single User License: 3200 EU (4320 USD)
5 User License: 12800 EU (17280 USD)
10 User License: 25600 EU (34560 USD)
Enterprise License: 38400 EU (51840 USD)
BinNavi GDB Agent (per User): 1500 EU (2025 USD)

Every license includes free updates and email support for 12 months after the date of purchase. Additional 12 months of free updates can be purchased at 75% of the original license cost:

12 Months Single User Updates: 2400 EU (3240 USD)
5 User License: 9600 EU (12960 USD)
10 User License: 19200 EU (25920 USD)
Enterprise License: 28800 EU (38880 USD)

In addition to the above options, SABRE Security also offers an attractive subscription plan for large customers: our Enterprise Subscription Plan offers all the benefits of a regular Enterprise License, but is based on a monthly fee. The minimum duration of the subscription is 24 months. If not terminated 8 weeks in advance of expiration, the subscription will be automatically renewed for 3 months at a time.

Enterprise Subscription Plan: 3000 EU/month (4050 USD/month)

For placing an order or any further questions, please contact info@sabre-security.com or download our order form as Word document or as .Pdf.

For any further questions, feel free to contact info@sabre-security.com