Binary Ninja: 4.0 Feature stream!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] you [Music] [Applause] [Music] [Applause] [Music] you [Music] here [Applause] [Music] [Applause] [Music] [Music] yeah [Music] oh [Music] [Music] [Music] and let's go hello everybody audio check for me Glenn audio check from you audio check keep talking still talking that's that's nothing I think I think you just are too quiet hold on let me see which which one you are on keep uh keep talking all right off to a start that one's mine that one's that one I hey everybody keep talking if I just talk loud enough it'll come through Jordan's mic this is true would I'd rather okay now keep talking now I'm talking yeah there you go there we go I think they could hear you before but this is better this is better oh boy oh okay good I'm glad oh wait audio is okay excellent excellent we got the wide cam too because we got we got everybody come inight it's going be a party yeah we got all sorts of folks in the office um we got uh 45 viewers everybody exciting exciting oh I'm sorry Julia you lost the music um oh okay we gotta hide this did I copy everything over I've got our last my my little cheat sheet of all my notes this are the most plans I've seen in a while I I practiced I was working on this one this is it Fox are you excited no no crazy bom I thought about teasing the game but I already did that once I can't do that again so let's see let's close that down uh yes Save the note sure okay so okay who here and the stream I think I the desktop now right wait why is there a new update which one is this the one that I I did I just didn't restart it okay all right let's switch over Let's uh let's go and we'll leave chat K on for a little bit here um so we're live we've got 4.0 does anybody have like favorite oh I'm supposed to not watch chat too yeah yeah I got chat the plan is Glenn's on chat he'll tell me what what what pops up um we got a whole bunch of stuff I'm curious though does any if anybody has like a favorite feature they they know is coming at ptoo that they want to see let me know someone says there's a bit of echo on the mic there might be because there's two mics so I don't know if there's a good way to fix that just we can we can actually switch to the top mic when it's just the two of us if we wanted that might be better um oh there's also that one back there that one that's true definitely mute no Echo okay some people say no Echo all right all right let's okay good projects yes projects are a thing just for Duncan risk 64 look that might be that might be on the list here I'm just saying um I think thir I think you have good hearing I think there is a little bit of of echo because we do have I mean there might be it's kind of an enclosed like square space oh also two streams that'll do it too Sid kick okay all right Sidekicks there might be some other Sidekicks there's there's uh there's lots of good stuff coming um so let's without further Ado um let's get into it so the first thing I'm going to announce is I think I've mentioned this before but the the demo binary ninja demo uh is going to be released as binary Ninja free so we're actually going to have a true free bja um it's going to have for example still no plugins but you can now save and load databases there's no timeout it's going to get four uh API threads so you can you get a little bit more performance out of it um and I forget exactly which architectures we are or aren't uh including so um that's going to be uh that's going to be exciting for some people I mean everybody here hopefully you guys are already bingi users in which case yeah that doesn't do you much good right but um for for people who haven't tried it yet hopefully that that that helps them out yeah um oh the one thing that's a little bit different about it is the free version will not have uh all the ILS it's just going to have high l uh pseudo C and decompilation so I mean that makes sense right if you're not scripting it right you don't have the API the is aren't as important yeah um and you know I got to have some future upgrades something to make it worthwhile to buy uh speaking of future upgrades let's let's go okay so um the first one on my list and you'll notice I've got oh man oh there's some hints there there some hints there giving it all away right in the file tree just just a couple just a couple uh in the recent file list so uh actually I wanted to do Enterprise Dev um the yeah you'll see a bunch of file names that's fine you I gu will see it coming I'm not trying to actually make it a secret but the first one we're going to talk about is uh new architectur so we have two new architectures coming to to bja one will be in all versions and then the other one is only going to be in uh it's like a separate a separate paid add-on so it's the first time we're trying this we'll see how that goes but as as some of you already saw we've got risk uh risk five support so uh 32-bit and 64-bit risk 5 so I think like this one for example is a 32-bit uh risk 5 binary uh this is on dev right now if so every like the first half of the stream is just going to be on things that is only um uh are already on dev right so this is you could you could try this as well right now right so we've already got uh support for although let's see there's a uh maybe a jump table that needs some uh needs some fixing up so this is in the libc too you can see so there's a mem set so yeah this is a pretty good good test case cuz this is literally statically compiled B yeah but if you I think if you just go to main I this one briefly this is actually I pulled this one from the the risk five uh the open source binder ninja risk well this will also be open source I think I don't remember have we oh we did no I think we did this is where we find out I know right like we actually go look at our own repo I'm pretty sure Arch risk five let's let's see it's not that oh no no I know it's in the API repo itself binary ninja API blaz of Glory subscribed to the channel and yeah exactly so this is open source it's already in the uh in the repo so you can you can grab it and it's written in Rust exactly yeah so it's a it's a is it the first I think it's the first public rust architecture certainly the first first party rust AR I think I know a couple of people who who've definitely worked on them and there are other ones out there um but it's the first one that we've released so that's that's kind of cool um the risk five plugin there um I did yeah and just for dun I don't know if Dunc get on the stream but it does support uh risk 564 bit as well um I just I happen to come across a sample and try it and got accused of some maliciousness but uh I was just I was just showing off that uh we're proud of our new risk five support and it's not Flawless like you'll definitely see there's some These Warnings and and errors here are either like unlifted instructions or some other thing where we think there might be a problem with analysis that um like there's like you get the disassembly and you get a decompilation with it like that's pretty good yep so we could you know all the all the disassembly de compilations are here again architecture itself is open source so yeah that's nice as well again especially if you're doing doing uh rust stuff so uh you'll also notice uh another little change here on the sidebar uh the this view has been around for actually several releases now but it was off by default and so this is now on by default uh it's our new symbol table view which has you know all these these columns and you can reorder you can change the The Columns and uh couple other things that it that it supports different different types of variables you can do all sorts of other stuff there too uh that's now much faster much more performant fixed up a lot of stuff there so yeah that's exciting um let's see so risk five 64-bit 32bit nanomips nanomips is our other architecture now this one I just for context here um I've actually just installed this one uh binary nin plugins so you I literally have just put the the the the plugin in here so that one is is only a a native module right now um and nanomips has been in progress for a while we've got a couple folks already in the the beta program checking it out so let's go grab yeah so here's like a Lipsy nanomips Lipsy for example so if this is interesting I know some people um are uh are are definitely interested in nanomips there you go we've got a nanomips decompiler and disassembler and like you know all of our architectures you notice these just open right up because they were um erl files so they just automatically you know recognize them and and added but obviously if you're doing more firmware and kind of eded things for for those you can you could just specify you'd open the file specify open with options and um you can you know change the architecture and set of there so just shows up that's another I'm trying to go pretty quick here because we got first we got a bunch we got question tell about the availability of nanomips oh right yeah so so and yeah so let's clarify risk five is on every version of ninja um I don't know that it's going to be in the free one necessarily like I said I I forget exactly which architectures are coming on that but personal commercial Enterprise everybody gets um gets risk 5 nanomips is right now just a paid add-on uh and so it's really expected for businesses so it's like a $5,000 purchase maybe eventually after a couple years if we actually make our money back in terms of how much effort we put into developing it then we'll um then we'll ship it to everybody uh but for now I'm actually excited that we're we're kind of like adding a couple features that are only in like higher tiers or separate price points just because it's it's kind of nice that we can keep the base Point price point low and then some things if it makes sense we can we can put it up there obviously I also like it cuz and I mean we're still continuing to add on features to the Bas tier product absolutely so it's not like it's all being left behind yep and because again we it's even intentional that we have not only nanomips but a risk 5 architecture in the same release right so we're we're releasing both architectures in the same one just to show that like no we're not giving up on releasing architectures we think everyone not giving up on open source yeah and open sourcing it too right exactly because RIS 5 is also another open source one so uh the next one you did this one actually so the next one on my list we're doing mine next yeah we're going to do the type browser uh so if you've been using Dev again this one's on dev right now although it's off by default until yesterday yeah really recently so you uh you may or may not have seen it depending on if you uh if you kind of got the word or maybe still new to you uh but if you actually let me bring up an old um you got old yeah old let's go grab a grab a 35 um we're going to want that for some of the other comparisons too um also just just for uh I think think it's a useful point of comparison this box that I'm running all the demos on right now is a A Little Mac Mini with 8 gig of RAM um so I think that it's uh it's definitely UND speec for what we recommend for a lot of Bing stuff Mac Min are really good though but I mean the CPU is is is nice yeah so we'll take that um so here's the old type viewer right you would get just all the types almost like a header file and you could expand a contract and every time you open up a Windows File you get win 32 error which takes up like 500 lines and is just like oh my goodness you could you could search for for some things that's a linary but yeah but I know just like in general like you could you could filter it but it was and if you opened up something like factorio like it would just hang forever anything with a pdb say say good night gra yeah it it took a while so the new one is meant to be um just a little bit easier to use because you have like kind of a summary oh tell me what the uh yeah yeah the icons are oh I think we did this bit on stream last time did we we show off before the icons represent like which class of like type you use class and type in the same word type class yeah where the is a structure U is a union e is an enom and T is like type okay uh there's also C for class okay but if you're looking at like a lipy you're not going to have any of that well there's no C++ in in lip C I hope not that would be terrible um but yeah you should click on some yeah so if we pull up any of these types you'll see there's like a separate view all right where we actually get like the details down below yep and you can still like hit Y right which was you can still hit Y you can still do all the and like you can like everything you could have done in the old types view will now work in the little type editor inside of this type view and you can even select more than one at a time there was line numbers before though was there that one looks new uh no line numbers are new see well I mean that's the structure those are the op the enums also don't have line numbers true was there oh there was that's right there was there was they're not line numbers their offsets they're just it's smarter about uh how many it doesn't hardcode the yeah well the old one it would pick whatever your biggest structure is so if you have like a structure 100,000 it was one big it had to yeah because it was one big view it couldn't like have different uh kind of gutter width there whereas with this it's doing the same thing there just you're only seeing one at a time should try a couple you're not always doing one at a time yeah you can still do multiple at a time if that's the kind of if you like the old one just hit command a or control a and there you go it's it's just like before so you can can still get that that kind of behavior what I usually like to do is if I'm working on like just like a set of code you can be like oh I need these three types and just keep those three types open like the whole time oh oh yeah because you can like command click or control click yeah you can individually select and then just have just in it shrink the top and like you just got your types that you and it also works in a full width pane ah so if we can go over here to the type browser yep and actually this is also nice that shows off yeah because that makes way more sense for this this layout so if you really have a a bunch of types or some big types you want to choose them there you go and then do your re over here yep so type browser uh I think that's and that goes well with some other things that I was going to say there's a couple other things that does but oh yeah tell yeah tell me what other things it's got uh it shows type libraries oh right you're in nanomips I don't know if we have any type libraries for that but if you pick like a random like Windows binary on there somewhere oh man should have found some random Windows binary I think I should have those some of those flare on ones were uh I mean that's an exe so that probably works yeah try one of these yep so now you can see all of your type libraries that you've imported and all the types that are available from each of them you can even see what's in them and you can import tyes directly or import the type from there into my binary view right nice CU I can't Ed I can't directly directly edit them yeah use them then yeah just import it and then make whatever changes I want to it in my yep very nice uh and then I have it on the the list for later but there's some some other there more stuff in there other other things that it will it will do too any questions oh yeah see what chat says will the type integation become any better questions about structures I could use some more clarification you know that it's kind of my opinion too um yeah so type integration um like type libraries I think so there are some other so I guess what he means yeah go ahead and clarify that but also later in the Stream we might get to to some other things that we'll there's more stuff with types happening yeah also I'm turning off our our video here want to want to get full yeah full screen glorious capture um okay so so like I said that's is there going to be a native mod ual package manager support so the uh for like native plugins and binary ninja the short explanation is no not coming in 40 uh we did actually have a a design discussion yesterday on the some things that Kyle's working on for the plug-in manager that will include a little bit better support for Native plugins so we're working on it but yeah so it's in progress but it's not going to be and that's just dealing with the infrastructure and the uh yeah Native Native plugins is trouble it's a it's a difficult challenge Y and someone else says did rust make it easier to implement semantics for the new architecture technically you're not Rusty but I think we could probably say for him he he did a lot of work on that well so the first version of that plug-in that plugin is actually been around for a long time and was written as a proof of concept for the API years ago and just never really finished it was just kind of a very early prototype so Rusty finished it but I have heard started by Snider yeah yeah and I have heard that there are language features of rust that in particular make it uh make it a better platform for for doing architectures a lot of the boiler plate code is probably way better yeah there's a bunch of situations where like you know you're doing parsing of the same parameters or or uh I'm really excited to see all the uh like the medium level and high level I stuff if we can get that in there or that's that's already on dev actually so that's actually a good yeah yeah I'm oh is that is that that I I don't have I didn't have that one actually on the list but yeah like it it was on your extra extra list I saw that was on the bonus the bonus list um but yeah another good point is that we actually that was a poll request too it was a poll request so if you check out the closed poll requests um you can see actually there's is waiting to be open but you can see adding ml to rust so the rust API continue to get get flushed out so ml is making it in 40 High LEL I don't know I'm not sure what the current uh yeah current timelin on that have you noticed our little Binga face is blue huh I haven't noticed this before wonder if that's a safari thing yeah I feel like it might be because Joe Rosner says rust macros made the MSP 430 architecture much easier yes yeah Joe one of the people who's worked on Rust architecture yeah and like that's the end goal with all this stuff is to make implementing plugins easier to do so that more people can do it and higher quality EAS to write a lot easier to like write not make mistakes yeah yeah it can be it can be you know C++ is you can write C++ that's just as good as any rust the difference is if the rust compiles you have a little more Assurance of the quality then you can write C++ that's as good as rust like well I can't but it is physically there are people who can't we should say theoretically it's possible the hypothetical U yeah so okay next up we've oh also uh I think I already saw somebody mention it earlier but there's some there's a some subtle UI changes here that have happened so if I actually switch back to to 35 I kind of all tab a little bit you'll notice these uh the tab bar up top is different these icon these these icons are a little more flush you can actually see what the arrows are now uh let's make a few more tabs here just to like show how much more distinct like there was tabs before they were all kind of the same color it didn't really stand out so it's just a lot more clear which one's focused uh which is nice there um that's nice uh you've actually got the like the new tab the plus over here to make a new one whereas before you had to just kind of know you could the use the menu yeah so you've got a little more very browser like in fact very Firefox like specifically apparently like the it does remind me of Firefox right because it's got the tabs and like the Bob blobs or whatever right the fact that there's really not anything distinguishing these as much over here um is something we've been kind of debating And discussing and there may be there's lots of talk happening twe to it yep so that's one change that's already on dev uh you got more UI changes oh yeah yeah yeah yeah lots of UI I'm giving you all the Segways here lots of UI changes although I think the main one uh that is incons are slightly latter uh yeah actually the icons are about to change even more than that oh yeah that's going to come later um the uh the other big thing is the components uh this this new UI supports components right so we've showed this off several times oh you know what I I did a thing what' you do watch this let me select some components all right um I have to find some good ones I get all those file functions there a bunch of ones with uh see it's it got to have the right I say that before I look anything that's named uh all right so let's make a component with these these things in it right sure so new folder with selection oo it's named smart so yeah does it like pull out the first couple of letters it it will match the the longest comment substring basically it does a little bit of filtering and cleaning up so especially actually if you have like a C++ thing with a bunch of class lot yeah exactly I mean it's minor but it saves your thing and I mean it's the little things I did it so i' I feel proud of that actually again thank you to the I forget who was in slack that mentioned this because this is the kind of thing where somebody just mentioned it off hand like oh yeah that would take like 30 minutes to go and and throw that end and takes five minutes to right and then like 20 minutes to test and make sure you know you thought the edge cases and but is you can still you know change it to something else if if you want it's just that the default name now so it it comes up with smarter defaults um but you notice if I do like these well it do just like s it will not right there's a minimum I think it's three characters um okay just because I feel like no that seems s is I don't know just call it s that doesn't seem yeah as useful so just thinking have you ever seen what it looks like in gidra when you have like subcore one and then one one one it's not very helpful right when you take a meaningless name and make another meaningless name yeah um so so that's uh yeah components are they've always been there in the API but now they're oh we have one question about this do type libraries know about what header defines them and would it be difficult to build components grouping by the header that's a interesting question so type libraries do have a list of all the functions like contained in the library it's not split out by header but you could probably like we know these are imported from this Library make a component for that that would be pretty EAS that's actually a really good idea in fact one thing I I missed early beta versions of components some of you may remember had like some scripts it was a little I can't decide if it was super elegant or super janky maybe a little bit of I remember you'd like hit the menu item and it would paste some code in the console it would literally just type code in your python console so you'd hit the the menu there I assume the uh shipping version is not going to do that no it does it already it's already gone it's been gone for a while but you can make like a snippet to do that or you can make your own plugins and I did migrate in fact both of those two Snippets so if you if you search for the the um Snippets plugin y I don't have Snippets install I should do that um and uh yeah you'll you'll find um you'll find the Snippets in there so you can still do that but I think I'm try remember if Snippets did C++ it actually did a specifically just for C++ classes it would do I think it was using like the name splitting yeah yeah I know I had a longer version of it I'm not sure you ever I don't remember which one is in is in there's a couple of versions of this floating around yeah but I I like the idea a lot of actually component by Library basically that is a very good idea that's a great idea yeah with find me all of the uh like everything from imported yeah from each library and make a component like that should honestly just kind of be a default thing I feel like throwing all these all these Imports matching my library yep that feels that feels like a great idea yeah good suggestion all right we got one more question is with the API can we create plugins that manipulate micro code generation which I assume they mean like I generation Yeah in our case it's it's l or or and the answer to that is like yes we got workflows yeah we do so it's it's um here there be dragons and other words it's like just it can be difficult it's not it's not super easy necessarily um to just arbitrarily rewrite that stuff and have it still work with the way uh analysis is but it's absolutely doable in fact there's plugins already there's certainly ones out there I know the The Objective C still a plug yeah see if you can hear the kids in the background of the office how good is the uh we should see if our special visitor wants to come by too we we have a we have a special visitor coming by at some point um uh it'll be be good surprised so workflow workflow is probably the name of the file you want I think this is the one right yeah yeah so this is The Objective C plugin that we ship which is originally written by by John who was one of our interns for a little while M and it has a bunch of different stuff to try to like enhance oh we're getting the door shut prepare to get warm it'll be quieter but it'll be warm oh boy so I think workflow CP is probably the place you want to go good call good call yeah so I haven't actually looked this well but it does uh it creates a custom workflow that will reite it's in there somewhere yeah so it's it's getting the parameters yeah basically what you can do is and then here right here change the Des initi of the expression so it's replacing it's really modifying that that I directly yeah and replacing it then kind of putting it back into place you can slot functions into the like analysis workflow basically so there's a whole bunch of different stages and you can say hey after this stage please run my function and then your function can like get a reference to the current iil do some stuff to it and then like send it back put it back there's also a couple other examples on I know we have like the inliner one as well in the uh yeah so you go to the API repo and then you go examples yeah and then workflows yep inliner and the tail call is another one that modifies tail call analysis I think that one doesn't actually do anything in inliner is actually quite um useful in fact although it actually kind of got replaced with function inlining first class but so now if you if you select a function um you can literally be like oh this function just in line I want to see the call there although actually this is a looks like missing lib C libraries it's doing a bunch of stuff but you could it's under function properties yeah yeah be like please inline this thing yep and then anywhere it's used it will replace it with the actual definition so if we redo analysis in this whole function we have to find it again but it will just replace it with that with that call so we can hit the where is it you consider oh yeah no I got one more question would you consider integrating AI code comments into the decompilation output AI code comments these that's such a good idea oh man is this a segue that's great not yet not yet not yet not yet one more thing okay so uh rist five n set browser components the UI stuff uh let's do what else we got I was in the wrong one I was in the the old old build I close it down before I forget that I'm not on the way you have two you have three of them open already only I'll have more before I'm done we'll have we'll have more um I'll try to I'll try to keep it straight though uh the next one is going to be actually you know ironically I want now you want the old version the old one but I didn't want it on Enterprise so we're going to do Enterprise uh 3 four three is there 3 is the current 35 is the one I want the current stable Enterprise is 35 so we're going to pull that one up and we're going to open up door side demo area so this is the old the old view so this is we I you actually may be able to explain this better than I can I know there's some see convention calling convention oh is the float stuff yeah that's about as much as I know about it so I don't know if you um have a have a good explanation I mean well I mean you can just look at them and see right you can tell it's clearly gotten yeah the floating Point calling conventions have been fixed significantly Rusty spent what like two or three months on this it was a good amount it was a lot of work yeah basically the gist is like floating Point uses different registers to return it uses different registers for arguments and trying to figure out which ones are actually used in a function is a very tricky problemm and previously we did not do very well we only really considered integer arguments yeah and floating point a heuristic for identifying and then the problem is we'd be like oh well since we don't know every floting might we see this register is used we don't really know what for so might as well just like slap it in the list but now it actually understands what that means yeah if you switch to like uh I think disassembly so like the incoming register xmm0 there if you see the third instruction right yeah right there where it's used before it's ever written to right so you know that's a parameter of some sort yeah and it used to be we would it used to say zmm Z because that's the full width version and it doesn't understand that like we're using the specific part of it y this is a rather simple example but like in more complicated code using a lot of floating point it is like really nice yeah and I guess the other thing is if you have integer arguments and floating Point arguments if you use both the first integer register and the First floating Point register or sometimes I think Windows it'll use the first integer register then the second floating Point register and then you're like wait what happened to the first one no no parameter for you there's a whole bunch of like specifics that make it really kind of tricky and it's just way better now yeah so that's that was just a a really nice I know several people who were like oh thank goodness I need floating point a lot that got significantly better there's a decent amount of whiteboarding involved with this one all right so let's go make sure I'm on the all right and we close down get the right B before I forget all right we got the latest we got to make it have like a different color icon uh let's actually that on my short list let me see here for 40 no change the icon actually wasn't there no no there was proposals for a new icon there was actually at one point I don't what happened to that I don't think we I think our icon guy is currently busy making as many icons as possible there well there are yeah there's there's some other we have need for icons for for some other stuff um this is another one we'll see uh See this view there is a um merge variable uh UI that's merging a variable with an expression but yes okay um yeah is this let's see find find something where something is assigned to something else like this it's the same here the same variable up here right so it's the equals hotkey um and there's actually a plus one so plus says merge these two things like this is an assignment I want these to not be split into two different variables like just make them the same one and pick pick one of the names I think it's the first one that the gets default to do and then equals says no actually I want to choose um which variable I even took a second there CU it's like there's a lot of possible variables what's changed is one you can search it which in this case is again super helpful if you have a bunch of search is really nice and two it's going to sort them uh and sort of like recommended or like possible ones or like probably you don't want this yeah like maybe they use the same stack slot but they're like weird parts of the function they're not the same it's considered an un unsound mergence so we differentiate and show you both of them um so that UI just got a little little tweak there it's a nice quality life Improvement uh what else do we got oh right the last one on Deb before we start looking into some of the test branches and the test branch is the ones you probably most those are going to be yeah yeah because those have only new content been internal so this you could have seen a lot of stuff uh this is going to be I just love how you have crazy bomb just chilling in the list there just waiting it's just waiting just waiting just trolling Fox um this is oh you know what I do I do need the old Enterprise you do need I do I got to show the before and after yeah you got to get it before and after this is the last one though you got to actually pick it I to on it um so this one again pretty huge change for people who are doing anything with um uh kernel kernel decompilation uh like driver entry here let's just just just look side by side here at these uh uh these two functions wow it's like the types are there it's almost like we know about type information and so we see like like you know parameter names we have en permission enums uh what's that enum oh wow it actually has the words resources that's nice all of the yeah so Windows uh kernel stuff just got super good um you want to pop open the types list yeah that's a great way to look at it now you can see what all the types are so we can see yeah so there's a there are types now and there's quite a lot there quite a few and I will say too this is Al another good example to just from performance you can see it's pretty you can see them all you can search for them and it's fast and you don't get drowned out by win 32 error excellent okay last of the of those now we're going to move over to I don't save any of these we're going to move over to test builds see as where I have to leak what I'm people are still pushing to death doing now are they doing new builds right now yeah right now right in the middle of this what are they people what are people working for they should be celebrating it's Friday pizza or something yeah uh all right so let's uh where did my there it is can we search fields in large structures yes yes you can absolutely that's a good question it's a good thing you've already quit so you can't demonstrate I can go back yeah check for other questions what else yep I'm looking can you bit mask the enum types um it will automatically yeah like it en has like bits in like like bit mask type fields pull show yeah it will automatically do that I have seen that searching for structure Fields so here for example let's like for example if you wanted to search for Ace count yeah you might have to set the search type yeah so by default you're search because for performance reasons it usually just searches by name but if you didn't go to the search menu you can pick M names yeah say a type I think you said count B count type too uh there we go yeah so yes you can you can search that as well although you can do full definition too if you want to like copy a string a text out of one of the structures and search for it yeah but that has to turn them all into text so it can search it so it's a little slow much slower to just search the the names themselves makes sense but it's an option yep so and like I said yeah as it's good that you pointed that out the default will just search the yes the the things you see here essentially but if you want to also search the member names or you know an exact textural representation you can you do that there Kyle is closing all of these issues look at him go what's the Mad lad doing now right he's celebrating en closing issues at the same time what is well I guess that's what he said in chat he's not he's not in the uh in the office so yeah he can't uh although I don't think I think they were going to get pizza I don't know if they they've ordered it yet but I think that's they better not get the pizza with without us I did I already put you might want to message Peter and tell them what your your preference is cuz I put my order in before we started oh no yeah make sure you don't get skipped up on the pizza all right so here are the things that are coming if I make ma water all right so let's start with the sidebar I think a lot of people don't even know this is coming because we we had this just kind of came out of left yeah this was this was a uh relatively last minute uh just like last month basically it wasn't like planned a while before something we've kind of talked on and off um and there's still some work before you see it on dev but uh it's made really good progress the rule is for anything to be on this stream and to be announced officially it has to be demo and we have to be pretty confident that we're that we're going to land it uh on dev and then obviously into the into the stable so we expect this for 40 you'll notice right off the bat I see some stuff on both sides of the screen yeah there well there's lot to CH those icons are slightly smaller icons got a little smaller and I see a horizontal line there's a line here there's some icons oh there's some icons down there what is what is going on here so what could this possibly be the the sidebar itself has uh let me just open any file um the sidebar itself has uh shrunk a little bit and we've got a lot of new features things we can do what's uh what is of all the things that are happening what's one you wanted the most in sidebar I think I wanted to have the symbol list and the typ list open at the same time that sounds nice let's do that boom and you'll notice in fact the typ list actually got moved to the right hand side now oh yeah that's a good point what if I wanted to put something on the right hand side well you can just drag stuff or if you want to take types and put it back here and put variables instead on the right no problem o yeah that's pretty nice you can have uh these views up you can turn them you can toggle them on and off um I've already by the way the feature map is still on by default I just happened to have uh hidden it earlier the I mean you just have that the top obviously and you can also move it to the uh to the Top If you prefer if you want the the idol look uh which is it's just kind of my mental model for where it goes do you usually actually run it up top usually I usually don't run it but when I think of it I ually that down top I'm I generally leave it on I'll leave it on the right but interesting um but yeah with with the new sidebars we we'll see that may we may have to you know I don't know what we're going to do with the defaults or how we may may change that um uh be very curious I mean all right uh so yeah so you can you can drag a drop yep uh also just being a dragon dropping we can just reorder oh yeah you can reorder them now if you what if you want them in a different that's nice you can you can do that there what are the ones on the bottom well the the very bottom there there's two kind of sets here first there's these which youall may remember that's just cross references and the minig graph which is not but yeah it's uh yeah the minig graph uh it's minor bug uh but I got it working before actually you did get it working before I just had to switch both the graph view there you go um and then once you've done that it's fine it St it's theing do widgets are dead long live the sidebar so you say that yeah like basically basically some of the things from Doc widgets are back it's getting a little bit more flexible you can move things around a little bit more there's more customization but we still have the sidebar in general which I still really like a lot of the like the toggle ability of yeah uh of the sidebar you can click to toggle the stuff on and off like the old dock widgets were really clunky yeah and a little too awkward to like get to a nice layout so I think that we've we've got to hopefully a sweet spot where you get both the flexibility that you had with do widget but the sort of like nice out of the box experience oh and in fact we um uh we talked earlier about how the type view you could put into a pane type browser rather that you could get both that that different layout um there's actually let's go down to the bottom here because there's another one uh that's joined the bottom view so you're familiar with like the scripting console and the python console which have been down there for a while yeah the log sorry script thank you the python console and the log the log which have been down here for a while we call this the global area and we kind of had this concept at one point that it was going to be like Global stuff that happens everywhere is here because like you're scripting console even if you have a different file open um yeah but it it not quite how it ended up didn't really get used that way a whole lot and so I think we're kind of like walking back from that sort of design Paradigm it's so definitely just kind of having like two different things that did the exact same thing yeah right the sidebar and the global area were roughly the same idea being used the same two different sets of code and then some of them some of them like log and python do like the python console does have context that is uh shared between multiple tabs and the log but the log even already has already started to move away from that sort of global log because it's kind of annoying you can actually have separate logs so you can control that by changing which you know do you want to have per J log or whatever so like that's was already kind of moving away from that that can I get left and right Global absolutely you can get left and right although it took me a little bit I did I did have to figure out you drag from here to here and then you've got your left and right so you used to be able to like grab here and and drag over but now in the side if you rearrange or dragging the icon back and forth so I don't and I don't know if that's the old feature will come back in again this is not done by any stretch this one's still under development Rusty is still kind of working on it um someone wants to know would you be able to move the python console or snippet editor window to the side as well oo so python console absolutely Snippets are not yet a a pain but that could be a pretty easy uh but now that this is a thing absolutely yeah yeah that's a that's a two do4 Jordan snippet yeah I'll probably once once this land or actually go on the test Branch um and i' one of the reasons I've kind of debated not done it is because the current snippet um isn't really well suited towards a really narrow VI I would have I would have had to like redo the UI a bunch it bece on the bottom but on the bottom it can totally fit right now so I could just make it a thing I think the minimum height is that's the minimum height why would I have done such a thing that is that's terrible y um I think I was fixing the default height and I accidentally did that let me make a note of that that's not even a feature we're showing off um that's it's the the first bug so far that I'm wow getting distracted by um so uh yeah actually Snippets to go down the bottom area would be easy that'd be really nice and that would be possible yep now it's doable with with the new uh with the new view so hopefully people who have have wanted a little more flexibility will like that there's a bunch more things like for example if you really want a floating U minig graph um you can you can do that now oh yeah and you can use your window manager you can actually so this is a a full native OS window you know I can bring it out but there's also this concept that you can change it to a floating instance and what's the difference well it's it's like an always on top thing basically now it's just like it's a part of this app um um so when I when I switch to a different app it's gone but it's just like it's become a ating window in this this view just kind of put it wherever you want and then just leave it there your your mini graph like somewhere over over your graph itself you know for example um although again it's not updating there's there's yeah still some some stuff to be back to Grass view it does yeah you weren't even in graph view yeah so I mean that explains it that's kind of to be expected but there you go um so yeah so if you like that behavior um and again these it to another screen absolutely yes you can float them all to another screen I only have one I guess you only have one screen connected to this yeah well I have two cuz they're mirroring but basically yeah I don't have I don't have it set up with two virtual desktops but you absolutely can I know Rusty's that's that's yeah he's been doing a lot of work to make sure that it like does all the things you would expect and that's one of them so I really like again it's a Memory map move down here strings view it's interesting too strings are now here because a lot of strings are very wide and it didn't work super well in the sidebar so that one a couple naturally got moved down memory map needs a needs a uh some changes because this it doesn't work great in either of you just needs to be a side by side it needs to be down here but then this needs to be over here but like we getet there it's it it's coming that'll um that shouldn't shouldn't be too bad I'm really excited too by the search search is really nice so here's what's nice about search if I want to search for for example uh hex string e08 right find all of those right um I can I can find that or I can find some more and so it's got these tabs now how this is not an x86 binary but you found one anyway that's hilarious I didn't even think about this nanomips like yeah what was I I think this is arm no nanomips no sorry this is this is mock so I've got it default to arm yeah yeah XX9 I'm amused to found something that's funny um oh and it's funny I hit the the python hockey and it put me on the right I'm like why isn't it focusing yeah because I'm over here you look at that on the side all right so I can move my python back down here split this that's a nice view got your find results multiple search results in the bottom yeah that one's really nice they used to be they would be like in a pain and it was It was kind of was kind of Jank kind of a pain oh hasht dead jokes uh so yeah this is this is a huge Improvement so pretty pretty excited about that one that's cool all right let me let me look at notes um right click oh there's one other little subtle thing that actually Josh suggested when we were just trying it out yeah without reading any of the notes which is if you shift click like right now the behavior if I hit symbols is I toggle on and off yeah but if you want multiple you can hit shift think you multiple different ones you can shift uh right if I want a different one yeah I want types and and symbols it will can you just get all of them yeah I mean if you have a big monitor you can turn them all on right or you could pick in Windows you could pop them out you could float you could do all that that kind of stuff that's real convenient so yeah that shift is kind of is kind of nice it's a little subtle there's no real UI for it I think we need to like I think shift should have a little plus appear over things when you yeah when you do it or some of like visual much like if youall aren't aware this thing when you hover in the upper right oh that one's real subtle but I love that one I know it is subt like I like it because you can know whether you're going to get a vertical or horizontal split based on shift and the modifier changes I think that's a super cool UI element that we should do more of all right so bunch of changes there also yes the the L and the P those icons are temporary or the L and the S rather for scripting console and the log window we are working on new icons for all of those um all right so I think we got there uh speaking of types new things uh let's go to type archives so let's you're up now you can tell us about type archives yeah so type archives are a new feature coming in the new version where you basically can have a archive or like a database of types and you can share them between different analysis sessions so for example if you've ever worked with some piece of software that has a whole bunch of plugins or like modules you can firmware maybe like a firmware with modules it's almost like we sent a firmware over here now I haven't opened this up at all yeah yeah so you want you want the lib directory all the library let's go look at all the all the libs probably the modules directory cuz that's where the modules are all right kernel modules oh yeah Kos okay so say for example you've got this firmware to something that has a whole bunch of like networking modules for a kernel right yep and they probably share a whole bunch of structure types back and forth between them yep so previously if you wanted to have them all like share the same types you would have to Define the types in every single one of them and synchronize them and like make sure that the definitions didn't diverge anything so now oh yeah it splits the your sidebar is a little bit weird after that you know what overs of the last uh UI changes in it I'm kind of switching back and forth and doing terrible things to it but basically it's a more efficient way of keeping track of your types between different analysis sessions all right so how do I make one so use the menu okay all right sorry the context menu sorry this one there we go it's also hamburger you want to create a type AR and I don't create type archive yeah it's getting a little bit beefy all right so we're going to put our type archive hopefully not in the the same folder here we're going to call it uh Network kernel types yes please all right I have an archive you got an archive now you make a type yeah uh where you go look at the type of a skuff I should probably yeah it's NF cont track ipv4 Doh maybe sure that works uh oh that's a structure with a whole bunch of more structures inside be a bunch of these that are like that probably can I get ones they're kind of yeah this might be more complicated let's see who knew Linux was complicated say skuff but skuff is actually like a 100 things oh my God yeah but as people in the chat are realizing there's no more insane copy paste and you don't have to export to a header then every time you make a change you got to go redo the same process exactly yep is there going to be a server for hosting and sharing not initially it's an interesting idea we might work at it in the future but for now these are going to be like well that's an interesting point because for the commercial version of the project or the commercial version of bja you will get like as a file I see we to get our visitor there's a dog going back and forth got got to get sidetracks dog it's dog cam time where is where's Dogo cam yes come here come here come here come say hi this is who going to lick it this is Pendle you say hi Pendleton say hi if he did actually say that it would be very concerning he's very friendly though he's saying it he's saying on the inside penin came to visit the office today and we thought uh I saw uh Sergey was on earlier I hope uh it's it's not quite the the full Dogo cam experience you have but we want oh man if you had a perspective of him leaning his head all the way back can see it I think yeah he's I think he's liking it there we go yes the most important 40 feature Dogo cam pendon okay thanks for playing buddy okay all right Bud he's a good boy in case it was getting too technical 11 out of 10 oh my gosh you named the OBS Source doggo cam I did I can't believe I did I was going to have it on a toggle so I could do it multiple times but turning it off wasn't working no dog incl no Penal p is you can you can get uh Mark if you come and visit our office you can get free Pendleton pets uh you just have to find the right day yeah multiple people in the office uh did earlier okay so yeah the dog is Enterprise only Enterprise only we'll bring Pendleton to you yeah um where were we at all right so I made I made a random it's not the right one but we're not going to look too close like that I've got a struck and I just maybe I can do I drag it no right cck to Archive yep okay oh AR got a thing yeah they got a thing they got an archive yeah but hold up but what if this file I want to attach a type archive yeah yeah go find it we got to make the fine dial I remember where you are Mac makes it easy maest does I think I think uh Windows now supports the like Dragon drop into like a generic file picker too that be good and then Linux is just Linux hey and now you can just pull it hold touch from archive there you go let's go oh hold on mistake this one it's actually not P22 it's it should be called net all right yeah I forgot that let's update that type what's this what's this thing so temporary icons until all of our icons are finished but it shows you hey wait you have changed this type you should push your changes push it through the archive and then you go back to the other one it's like hey hey you got to get your changes you can that is definitely a letter V don't think about it too hard it was a V with a line or two but you know you know what it's fine there we go but yeah you can now synchronize your types back and forth between your different analysis sessions and in uh Enterprise version it will also go back and forth to the server so anyone else on your server can get your types yeah but like that helps me organize you know types between two files but cross references are still kind of a pain you know is this a segue sure would be nice sure would be nice if we uh I'm getting good at detect the Segway yeah I think I think you saw that one coming um is there anything more about uh type archives that I should mention while while we're here uh I think that's about it there's a whole bunch of use cases we could iterate but like I think people can pretty much see the like appeal of this yeah hopefully people are are excited about this one if you've done any like projects with multiple files and things that's or if you've reversed different versions of the same game across yeah multiple different compiled yeah and I know that like we're still I know I've heard some discussion about like like pushing and pulling is basically equal with the saving it's automatically going to put in there so I don't have to separately save it because that would be pretty awkward if you had to like both push and save and load and pull or like you know vice versa so I think that I think that makes sense um but like yeah what if I want to like actually like open up all these and do some analysis between them Let's uh oh man what is this other very suspiciously named version of bja doing door side projects let's go take a look and this is yeah these are all all like on their way to Dev they're going to be there in fact I think projects is like SED for Monday like it it could go during this call I think as the plan it's basically been I hope it doesn't go at 5 on a Friday yeah that that's a very bold choice if it does might be a little risky there so like let's let's uh let's talk about this we've got a new project option now yep um and actually I think this one this yeah this one is is reasing the latest step so we didn't have the new the newest UI but let's make a new project oh you know wait wait you want to see if if Josh wants to uh oh yeah we can see if Josh is here Josh is here or at least he was so if he wants to come and so let's do a um uh Colonel mods so let's make a new project and oh we got a brand new UI here oo and actually the only thing I want to point out that uh we should mention is the default file name was still bnta staring at her door we need the doggo cam for you you need the dog cam for you can come in um not too yeah I I have it's only two people yeah three okay hold on let me turn the volume down and hundreds of Ls of computation well and it's set to Tim volume level oh so yes you're much louder than T also the headset bands are real tight it goes your ear you gotta got to rotate yeah yeah there you go we did to make sure it doesn't was hitting my like uh my my Scruff very sh today yeah say some words I think this is a stream record by 89 concurrent viewers if that's right this is definitely a stream record our words all right here yeah face cam okay there we go yeah hi I'm trying to fix my glasses yeah we um we turned off the uh the face cam just because we're trying to get good recordings where we edit down some of the features and you got to get the good uh clips for later that's true going to get good content so okay we're good cool all right what am I talking about we're we're talking about project we just show off what are project project I don't know um you got some time you want to implement a feature that we can yeah what do you project that they're going to be oh nice I like it it was not a nice that's pretty bad that's even worse than painful all right uh so let's see so long have people wanted the ability to use multiple files in ninja in the beginning a single file and it was good um but it couldn't cross reference and this was not good you couldn't you couldn't uh do cross references between them you couldn't jump between uh related files you couldn't uh keep sets of of similar files together or if you wanted to dump an entire I don't know router firmware somewhere if only could be any sort of firmware who knows yeah it could be does it do analysis on the mall if I just drop allall in no let's see what happen let's do it yeah do it so you got all these Colonel modules look at that you got all those now if you wanted to you could select like a little subset of them get a couple of them yeah just select those right click and if you want to just you know analyze those or open oh yes just go for it just yellow look how fast that was so good I love router firmwares all right and then actually like these are kernel modules so go look at the exports yeah for it you got some exports it's uh so this one all right what else we got init module that's probably the star function you should look at the uh the net filter ones all right let's let's go back to our project browser and you got so which one those are a bunch of net filter ones connection track ones netlink uh so here's the net link one see if they import anything that's a good that's the real question get somebody who Imports stuff so these ones possibly not so this is for watching I'm I'm using the tree uh the command pallet choosing trios summary and then just tabing next to like quickly rerun and do the same thing so let's maybe go IP tables interesting something I wonder if it's because they're myips files interesting what that they don't we're trying to look for one that imports from another one uh or is there a different so certainly if you grab one of the like nfn files well hold on but this one's into the net so I want to make a folder here let's put this as oh I don't want add a folder sorry I want to add a folder to make a folder right here a new folder and we're going to make one called net and then let's see can I add files to this and add all these I don't know if I can do multiple or not let's see see if we have questions while you're poking it yeah we do yeah even just add the folder now you didn't have to make one yeah just add the folder right dragging the folder might have been easier yeah uh nice description box I can add in some notes save it in here then save and cancel pop up down there does this have Imports I hope so let's see all right so let's open that one all right yeah it may be this I bet it's cuz it's mips yeah uh we may not not but it's got lots of externs what if you grab one of the externs yeah I mean you could link whatever yeah yeah go for it choose a symbol choose a symbol that you like more in a different binary grab one of the orange ones uh panic panic panic panic let's go grab Panic go panic over there all right so Panic comes from we got a Libs somewhere around here probably well it's Colonel uh that's right it's the colonel so uh what is the Colonel's Libs called what a good question where's the colonel itself let's see there's a Linux RC yeah what would be the kernel here it's in here somewhere yeah so let's let's just in instead of trying to actually reverse a kernel instead of panic why don't you grab one that comes from another Colonel thing oh okay there we go like register net Dev that's probably coming from somebody that definitely comes from somewhere so let's see I wonder what the fastest way to figure out where that comes from probably just Google colel and you oh boy net device. net device so where do we go we were lib modules let's see lots of lots of chronal modules so see what it was in see what I would have gone with is one of the uh like net filtern files all right I'll I'll I'll you you tell me I'll I'll let's close like hey wait I thought I had a how this might work all right you got a you got a plan let's go follow that one so open up uh just some one of the nfn files okay so N I say that because FTP yep I feel so fast too by the way so you've got all these various NF like external symbols so grab I think was nfn do KO okay let's go y yep oh there we go and now we're going to look for now you can find all the different exports that it has and all the Imports for the other one say yeah does this one let's see if that one is oh wait was in the wrong one no there's the KO yeah so yeah there we go so nfn KO exports this this one it Imports as an ex turns so all right so all right so you might notice a little like chain link on the side over there in the sidebar oh yeah what links oh no Library what what is in no Library oh there we Go's a bunch of symbol we can even search directly for the one that I want yeah so if you want to you know say oh wait a minute this uses a library go ahead and create an external Library yeah and oh I already just kind of nfn direct in here KO yeah you probably want link to a B&B honestly okay so if you go back to the other one just hit contr s just save that now now go ahead and extra Library oops yeah yeah all right it's probably not in the search results though oh yeah yeah I was like I was like where is it oh you got sech filter still okay and then just go ahead and drag the nfn whatever was in there to the library probably can grab the other ones too I wonder if it'll not you can multi select it's well it's at least these though the ones that say nfn seem those those are pretty safe yeah so we've got them there I mean you want just double click on one I mean let's let's come here oh wait why am I why am I over here now oh look at that oh whoa what wait is that the same one yeah that Mangal TP packet follow Master follow Master look at that what there we go are you telling me you can so how does that work if it's in like linear view if you go to something that uses one of those oh yeah that's a good question so it is yeah so if you don't cross reference yep yeah so like one of these here yeah so it's on symbol right now so the one he created is on the external symbol so when you try to navigate to that symbol yeah when you try to navigate to that symbol it'll just go uh and you can do this at any level so if you have like three levels of indirection of import you don't have to drill all the way down to the bottom it'll take you right there yeah that's pretty cool so nice so nice yeah and you can link um like any symbol so it doesn't have to be an export doesn't have to be a function you know you can link uh like data variables if it gets populated with a function pointer from another Library like do that that's totally fine um yeah and it can go to arbitrary uh symbol name name in the destination or also if there is no symbol and you just have an address like if it's just a Rob blob then you can just have it go to the address do I have to manually map all of the external symbols uh so anything we detect as an extern in the beginning like on analysis is automatically at it so like all of these for example yeah uh were just created if you have like a PE where we know where it came from it'll also create the libraries for you and sort them appropriately cool yeah and I think I've seen um like the the PE if I if I link up one of the ones that belongs to that Library does it just do all of them or do I have to add each one for that whole Library so I thought at one point there was something there maybe I misre now oh yeah no that's yeah if you associate the like library with a file you know everything sorted into that Library will work it just automatically does yeah it does all of them yeah so it's it's and it's a little bit nicer on PE files because they already that mapping is there you know it's not just like oh go find the name G loader please figure it out for me yeah but you have a library and a and a method and it will it will do all like it'll do all of them plans are in the future to automatically pull in you know dependencies of files you put in and allow you to kind of set a system like Library search path or Project Specific Library search path stuff like that yeah it's very cool yeah so this is this is uh you know MVP first version there's definitely list of things that that we would like to improve to it I yeah I'm looking forward to like to drop like a rter image and just like everything just like gets done but we have a couple very entertaining questions in here we get ways yeah what's what's I say someone says Jordan do you know I have a crush on you a where's my face cam someone wants to know if they can Auto share their type archives between project files the answer is soon yes yes we have to go through a big merge process with all these different features on their different branches but very soon there has been some testing and they were designed to work together and that's the plan that's also part of why they're not on Dev is um they're going to kind of like and some integration yeah a lot of moving Parts in both of ours but but that that's the design and that's the plan for for both like for Enterprise for commercial like even Enterprise we were saying earlier like the sync stuff like having these this project you may have familiar familiar with Enterprise has a a similar project browser and so kind of combining those those two systems um we actually had like projects in the setting system we had projects in the Enterprise and then we're like no no no this new project thing that's actually like a super set of all of that yeah the old projects uh were a feature that most people didn't really know about cuz they weren't super no they this is going to be good yeah this is going to be really nice if you want to just select a range of files like right click analyze oh that's Co create the b&bs yeah go for it oh ask for confirmation but interesting oh you might have to so there's a bug on Mac with accessibility options where you have to keep the mouse on the window oh look at that oh wow yeah I cannot Repro it for the life of me it's like a um cool so we can see why it's not quite done yet yeah not quite un because I am but that's neat you can just you can just analyze a whole bunch of files you can also if you want you can export a range of files from the project back out somewhere and I could yeah so if I want to switch over to it waits for every single UI update that's weird yeah oh you have to actually move the mouse you like wiggle it to keep it even if you leave it here oh no now it's going so it I don't know that's yeah that's interesting and then in Enterprise it'll be automatically yeah an Enterprise it'll but if you want to like export all of these those binary or those being yeah just hit export put wherever you want put them in some folder and you just got them yeah then you just look at that yep and they're exported from the project all clean and Ice um excuse me yeah so I think we'll save a lot of time I think navigating back and forth was always a hassle it is super important to clarify this is the first feature we've added to Commercial and above only yeah I was just going to say someone has asked the history of the product actually yeah so I apologize if you were super excited on a non non-commercial license um we have a a long history of only adding things from commercial to non-commercial and we were running out of commercial only features and so this one is one that we've decided for now anyways uh is going to be commercial only uh commercial and Enterprise Commercial enter yeah commercial and above I would say yeah so anything with with commercial or Enterprise they both they both have have this but um so not in the free version not in free and not in the um and I think that makes sense yep yeah so we we we really try to be careful to to have as many features that make sense for um per you know we try to add everything as much as we can like I said we're adding nanomips and we're throwing that I sry we're adding risk five we're thr that in all of them but um they're all the paid ones yeah yep that's that's projects this has been if weot any more questions Joe was asking are there apis for it and Jordan if you want to go ahead and open yeah open a file one of the ones you already have open works okay just I was so ready for him to open all of them yeah so there are oh oh this current project yeah so project API full anything you can do in the UI can do in the API you like do files yeah look at that yeah oh yeah do files there we go yeah you export and you can do everything like treewise walking files that's clean but yeah no that's still really nice that would be very cool and and again likewise like Enterprise has a similar sort of like you know API as well for like a lot of automation things but yeah this almost feels a little bit like we're bringing some of that that project automation that was on Enterprise to to commercial almost that'll be because like you could have previously like do a bunch of automation that would that would batch process and put things in folders and put them in the Enterprise project now you could do the same thing for a for a named commercial or for a commercial license as well and this also brings a lot of like quality of life improvements and just general usability improvements to Enterprise especially yeah with like performance alone is I I switched back to Enterprise Dev and I try working on some of the like my big big test projects where I have like tens of thousands of files and folders and I'm like oh my gosh how how did we think and having one unified code base for both where Improvement will benefit both the Futures that that was a blessing and a curse during development but U but also the external links will be very nice being able to go back and forth between like different project files oh yeah sync up where the functions go just not having to like alt tab copy alt tab alt tab tab tab t tab G paste enter like you know and I'm sure with the apis people will script up entire like crazy workflows involving automatically win R up and yeah yeah I agree exciting okay one last one last one here we've got a last test branch and I think I even saw uh cat was on stream for we told you new UI stuff coming the one of the things that we're not demoing is uh we plan still to have a new theme so for will probably still have a like a new UI uh a theme slightly different so like all of these changes well not just I mean like color scheme like actual theme like this is the this is the new tab and thank you I saw this earlier uh she left a message for us here so um this is like there's there's a couple of different like you know not just that like the tabs up top that we saw before not just the sidebar but the actual like whole new tab thing here itself is going to have you can see you've got both the files and projects so you got both these views and I like this a lot oh man once I saw that I was the breakout Tabs are so good that's really nice having up both both of these here y um so again still still a design draft we're still working on on some specifics but you've got like new open over here and then kind of you know change log uh on the right where you can see all the the notes for for for version which right now is just just all the dev um Dev is it Dev this looks like a no there is L Dev that's right Dev uh no is it yeah soor I'm misremembering build num T the 5000 yeah yeah yeah exactly um so you can see all of our commit messages there so change log um there's a a couple things like again uh we'll have some sneak preview St prev and also I bet a lot of people didn't even know you could do this before like you could hit command uh you know six and do that but like or control six or whatever depending in your platform yep so it's nice those are hinted so that's a that's another nice Improvement that's very cool so I think that's is that my list is that your list we have a bunch of questions about people wanting C++ decompilation please solve C++ decompilation things yeah yeah we'll get we'll get right on that um look we did all this all this stuff uh yeah we it's it's something we keep thinking about it's definitely something you know you'll notice that you got uh class and inheritance support which is really nice uh last last stable so clearly it's something that we're that we're thinking about and working towards but not quite soon so yeah this is the by far and way the largest uh there's a lot of stuff going and like the 40 feature is is just got a a huge list of things uh but I I think it's time for for one more you got some your one more thing Let's do let's do one special guests maybe yeah why don't uh don't you guys head on out and uh send in uh send in this you want gu the mic so we don't deaf everybody taking them off too late okay apologies see I think I did it right I think I muted their mics all right the T testing testing IED up something no I'm not sure what I did but I think I my oh I know what happened I've been unplugged I think my mic just unplugged all right let me try this again all right okay my mic is not working sorry everybody thanks um okay so let me repeat what I said yeah come on come on in come on in folks um the uh while I quickly uh set this up um we we have a a feature freeze excuse me feature freeze the mic in um week two about two weeks I think and then a bug freeze a week after that then we moved into testing I know yeah Cindy I know that's that's difficult but uh we do what we can um yeah heeso actually we already have arguably better C++ support than ID Pro in some ways like we could do virtual inheritance C++ classes and some other things that um our support is really good Galen says hi to y'all he's he's in chat um I'm in chat too it's so sorry everybody else's M yeah I gota I forgot we gota like mute the mics when they're not when they're not uh uh not when we're wearing them I noticed earlier it was like super scratchy because I had it hitting like my my facial hair and it was really annoying um so let us know if you hear any kind of scratching stuff we'll try to we'll try to fix it ASR yeah welcome to the binary ninja live stream we're going to be rubbing some paper today the feed here is like really behind so if I'm going to follow here on messages they're in chat it's gonna be like oh there's yeah there's there's a bit of a delay um uh in in that I might just look at your screen because um yeah it's definitely behind oh and and Mike says he misses playing rocket League by the way with you oh really well else yeah dang see look you get a whole whole bunch of PR here I haven't played that there so Cindy that's a good question um also could you all see is Tim is Tim intentially hiding off camera but Tim's over here he's he's off the side over say hi to Tim um you can hear him now he should be should be live actually let's go ahead and do mic check for for PK yep so um I'm talking to a mic it's very exciting it's the first time I've done live stream I feel like an official Sports cter now um keep going oh yeah keep going okay so let's see what can I talk about all right you're good you're good and Tim testing testing one two three cool all right so hopefully hopefully everyone's audio is now is now good um uh so real quick s need to answer your question while I close all this stuff down um there is a there is an example in the user manual types it C++ types there it is so if you actually look under uh just the regular docs and then user manual and C++ types this is the uh the documentation on that we was some kind of samples and examples of of how to use that thanks Serge awesome thanks Julia too okay so audio levels are good and we've got uh you should one more thing I'm excited this is the sidekick development team here with me everybody so um I I did a poor job um showing off things um I think it was last stream in December right beforehand uh when we were just kind of doing uh doing the beta still yeah you're welcome Cindy so you brought in reinforcements so I brought in reinforcements and we're going to we're going to the you know my job is to uh is to not flub as much and we you know actually tested things kind of beforehand this time which was my fault and not not their fault uh also um do you do you want to describe the current state like where what is the state of psychic where we at in the um yeah sure so um Sidekick is a uh a plugin and a service that we have been developing for some time now um the plugin is freely available for download through the plug-in manager within binary ninja you can download it take a look at it um paired with uh the sidekick plugin is a backend service that enhances the capabilities of the sidekick plug-in and in order to access that service you need a plan and um this week we have started early access for people to purchase plans so over the coming days uh weeks we will be opening access to that more and more um in the meantime you can go to uh sidekick binary. ninja in order to sign up for a sidekick account if you have not already done so um to to get your opportunity to uh join the Early Access and then start accessing the full features of the uh of the product so I had it and it's now disabled and I don't know if I did something wrong I'm just making sure I'm this is and this time I swear I tested it so I was I was using it because I literally recorded a screen capture of it just uh just earlier and was testing it and that is the correct version version 90 yeah it's 90 the latest version so let's make sure the the to it may maybe it was just disabled we'll let that go for a second see see if that does it um I'm trying remember there's nothing with the Mac version what happened um loaded plugin okay there we go okay so I don't know why I don't know why I freaked out for a second I'm like what what I do all right so we already sacrificed one of the these for the demo Gods how many yeah exactly the yeah uh let's let's see so now we've got several new icons uh we can see on the side here um I like to use my favorite demo and I think Tim you first uh pointed this out to me um when I because I said I wanted something that was a real binary I didn't want something that was just like a CTF or a test binary I wanted something that was like an actual like decently sized thing that had real functionality and so I've been doing uh um light htpd and uh so again I'm opening it for the Enterprise server um I really like the the component view here especially for this exact reason yeah ignore the the thumbs we're fine um because I like to be able to like see like what's what's like a large function like where is like most of the code uh in this this kind of binary so you can see there's a couple of really large ones um and so I've been using connection State machine um as one sample and just looking at the the decompilation uh like this is a a non-trivial function so I've got symbols right we can see uh some of the the functions have symbol names but there's no dwarf there's no debug we don't have types we don't have structures we don't have anything like that um and it's a it's a pretty good size uh uh function I think it was like 700 lines of of decompilation let alone um you know byes oh somebody somebody may be rubbing their mic so careful if your mic is not it's really easy to scratch your have scratch your face was doing it earlier so hopefully it's not it sounds like ASMR yeah so don't touch your face or the mic if it's if it's it's hard I noticed that earlier when when we were on here it may even be like yeah I don't know hopefully we'll hopefully we'll we'll cut it out sorry about that um yeah let us know if you hear it again uh it might be yeah we'll see if we can figure out what it is so okay so there's a lot of features um the first one up is suggestions I usually go through actually you guys you guys tell me if you want to drive a different way cuz you guys are the experts here show up your baby no it's it's uh we we we'll chime in as as you're going through it um since you've demoed this a few times and work through it we'll we'll stick to your workflow yeah I think it might be worth mentioning too that there's different ways of approaching a problem so you could start with the suggestions you could start with the indexes and the high level functions and um so there's actually you know multiple ways to sort of approach um the problem and I think people are going to choose different things you know like for example the code ins sight map for some people is just the place to start yeah and I think even indexes you know if are you the kind of person when you open a binary you look at all the strings you find one you look at the cross reference are you the kind of person that goes to Main and just starts going from there you know there's same same way with with this there's no like you know wrong way to do it and they can kind of all feed into each other too I think that's the most important thing is that none of these features are meant to be a standalone single shot just does one one trick pony but rather they all all get better based on everything else see Cindy Cindy's a a strings person I am also a strings reverser the other thing to mention too I don't know what you have planned but um it's easy to forget about the documentation view yeah because that's a really great way when you're dealing with like a large function to um basically get a nice concise description of it and that again that's J yet another way to approach mhm yeah many times when we've done either development or working with a binder with sidekick what we'll do is we'll split our view and we'll have linear view on one side and we'll have the documentation view on the right side um so that you can see them side by side as you're going through so I I just uh opened up suggestions and this is you know a kind to clippy it is the help me understand this function better give me extra information without me having to go through manual reverse stuff and I think one of the most powerful features it has and this is also um you know we've mased before some of these features have some apis we're using from open AI some of them are are tuned versions of actually they're all tuned in one way or another um but some of them are uh it's not just like it's chat gbt there's a lot of different kind of models a lot of our own stuff um this recovering and defining structure types I think is one of the most powerful features uh and it's a result of of several years of of research we've been doing kind of internally um so I and I think this this is a great another reason I like this this particular binary um what did I do oh know all right what happened my license key went away so hold on a second let me oh I might have to get you one real quick no I think I have one uh oh you're now an offline hey that worked that worked correctly so exactly the the offline status is doing it's doing its thing and actually this is that's a good point what don't you talk about like the online versus offline the credits how what people can do right now because there's a lot of these features they can already already do y so one feature that we have in Sidekick is the notion of um online or offline mode um so we know that some users they don't want to really interact with the internet at all when they're reversing a binary so we added the ability and Sid kick for you to turn off the um the ability to talk to our backend server so on the lower right hand side there's that status indicator where you can click side kick and then have it disconnect um it's a setting that you can set on Startup whether sidekick connects to the internet or not so you can if you set that to false then you can just always be in offline mode and then reenable it whenever you need to per session um so I'm copy my API Key by the way which is why I have the uh uh um putting my API key into the the settings without people seeing it was my okay there we go so my API key is in yep uh and I'll I'll now that I have it working uh thanks Brian that you can um you can have an API key that's masked out so once I've got it in there uh it's it's good so yep yeah and what Jordan did did this is going back to once you once you have uh once you purchased a sidekick service plan um you gen an API key is generated for that plan that you then put into binary ninja and that gives you act that gives sidekick client access to the backend service without that API key you won't be able to access the additional features um for bin or this for sidekick um you have a limited number of features that you do have access to for free without being online and without having an API key um and we'll go through what some of those are but at a high level some of those are the ability to manually create your own indexes which Jordan will get into um the ability to create your own documentation manually um and also the ability to um you can you can do structure recovery but you have to do it manually um through the sense of you have in one Fe One Step that is required in order for you to do structure recovery is to create components and you would have to perform those manually before running structure recovery and then the other feature is the code Insight map um which is another view uh is something that you can use with without having access to the backend service and yes ninja The Notebook does uh work offline you can use that as well you don't get the the chat features but you can use it as for literally just for notes for yourself or same that documentation as well is also useful yeah there's two types of messages that you can record inside of the notebook the chat interface um you can send messages to the uh sidekick AI assistant um which is the backend part that requires the service or you can just record sort of private notes um and just have them be recorded um in that that history so if you watch me I'm accepting the suggestions down here and I'm doing kind of a couple of one shot shot suggestions I can like ask for it and say yeah I want that go ahead and do it um what what what's super important though is it's not always it's not intended to be just fire and forget you're supposed to actually um at least look at it review it or at least it it's more powerful when you do and it's meant that all the uis allow you to to sort of review what it's doing and to say yes or no I like that or I don't um and so that's that's uh that's actually super nice you can even specify specific uh things that you want it to do if you just let it make suggestions it will propose um what it would do oh and and and by the way uh Crush gentics uh yes it's it's totally still in memory it's not meant to be like a memory safe key store it's meant to be stream mode so I I don't leak Keys same thing like with the serial number it used to be that if you actually went to the about dialogue um it would show the serial number of the user but if you accidentally brought that up and you were a streamer um you would leak your serial number other people so now it just copies it to the board um so um if you're wanting to recover the structures you you're you can also do that through the uh main menu right there yeah this is also uh so you can manually there's a bunch of things up here so for example if I want to recover structures and I think like I said structure recovery we can look and see here we do have the new the new type viewer um but there's there's no user types there's a couple of system types in some libraries that are loaded for this file but um there we go now we've got now there's there's two things to note first um we've got this new folder that was made called HTTP response and so this is a component uh that again you can you can make your own components I showed earlier that the default naming is improved but the naming um uh the the what is put in here has been done by psychic for me where it's tried to automatically identify related uh functions uh and this is this is an important part of creating the the structure uh because it needs to sort of you know it can find the functions that access the the similar structures you can find member aises in one function but not in another and so it first does this step identifies all of the the related things and then I just that alone right just looking at all of these structures with sizes that were made and types like that are already made for me it's also I think really useful to note that the the the types here are actually created by sidekick right is actually said this is a 32-bit field this is a 64-bit field but there's also binary ninjas is even showing I see offsets where there's something that like I can click here and look at the cross references something accesses this offset in the structure and and sidekick maybe wasn't confident enough to make a type there but B just showing a reference there for whatever reason maybe there's a bigger structure maybe this is actually not 64bit maybe you know there there's a lot of reasons that it may or not be but you can see both of those here so it's super nice that you get both this and again here this is actually really nice too look this one's already identified as a structure pointer to another uh another structure and so you can go and see that uh that structure as well over there right so these are um these are super useful it's doing all for you but they're still just kind of not named uh and so I do think it's useful that when you combine that with like oh what if I want to now um ask for for field names like actually go name those members uh of the structures uh we can also see that this uh structure here takes or this function takes uh these two structs uh on on each of the the arguments um I was going to add one thing to what you were just demonstrating Jordan was that sidekick has the ability within the suggestion Side bar for you to make a general suggestions and to have sidekick determine what it thinks is the best thing to do next in order to suggest for you you can also manually select or manually execute any of the specific suggestion types so Jordan originally just manually recovered the structures and then just then in the that hamburger menu he dropped down and he selected manually give me structure names and struct names for structures and Fields so it has you have the convenience of individually selecting the different types of suggestions that you want sidekick to show you or you can just say hey show me all the suggestions you think are applicable or most useful in this current in the given the current context of the function yeah and if you don't maybe you don't like one of these suggestions too again I mentioned earlier it's meant to be interactive right I could actually just say don't don't apply one of those which I think is is uh really important to point out it's not meant to just um you you know you don't have to think like you can review them you can look at it you can you can look at one of these one of these members and you can then find you know let's take this one and again this also you'll notice I'm kind of fighting where I'm going back and forth between suggestions and the cross references right in the current version but that's why that whole refactor with uh the sidebar where you can actually have both of these open on different sides of the screen it would be really nice we both keep your cross references up and you can have the sidekick suggestions so that's one of the things I'm actually looking forward to most um when those all all get kind of merged together uh you can also just like manually apply one of these I could make one particular change or I can just say you know go kind of do do all those things and so now we've already got we've got a state machine uh parameter we've got a connection parameter uh and we're starting to see like these uh these member names these variable names uh start to propag get through which really really cleans up the decompilation right just having the structures alone is a huge boost and then starting to these names here and even just having the structures there lets me manually name some of these um and when I start naming them uh psychic will take that new in account right it actually not only will um you know not know that it doesn't need to suggest it because I've already I've already kind of named it um but I think in the latest setad of changes it sort of like your current names are actually used to inform like how it uh how its naming happens right is that a good what's what's the right summary of the sort of more recent changes you made where it sound of like the the is that is that a good way of putting it or what's that yeah absolutely I mean as you start naming um variables and elements in the in the binary it uses that as context to uh help it uh understand um the rest of the code you know it's basically um you know some kind of uh internal consistency type of analysis yeah that's particularly helpful when you have binaries that don't have a lot of symbols or additional information if the user is able to determine on their own what to name something getting that information as context to help sidekick figure out better names for other things um like it improves its overall cap its overall capability to name things yeah and I will say since you've made that change I used to get you know and because there are you know llms in the background of some of these they're not you know it's not repeatable deterministic the exact same result every time so you do can get slightly different names um but you used to occasionally you would see like um uh status1 or variable _ one you see a name that wasn't really super meaningful and maybe it was just like a copy of another one um and I I do see that I don't see any of those it was it was nice to demo cuz I could show like oh I don't want this variable and I'd reject it and clear it but like there all of the names I saw now all look like good names right CU are actually things that I wanted and so I don't get the demo of that feature as much anymore without kind of like just describing it um yeah and one thing that's interesting to bring up too is that the tempo on Sidekick is going to be a little bit different than the tempo of releases with the um main product binary ninja so um for example you were asking for the names of fields and structures in this very large function and one of the very recent changes that hasn't yet been pushed out yet but will be relatively soon is we're we're able to uh analyze these different scenarios and then choose um appropriate um models that are better able to handle some situations rather than others um and the net effect of that which you can kind of see off screen is we basically get everything uh all the fields struct to I can show you the put the camera or something but yeah but the main the main point really that I just wanted to bring up is that um there's just going to be a a sort of a continuous rhythm of improvements yeah one nice thing is there are some improvements that we can make on the back end without having to really without the the clients the users on on the plugin side being aware of them so that it's just better doesn't require an update on their side um so that's that's one aspect that's in which the art Tempo can be somewhat dis different we have a question from somebody in the chat yeah so I see Ser is asking about um I really want to do that I'm going to go through the rest of the features just on this binary first and get that out of the way but I'm absolutely going to go um and and look at one of those next in particular because I I realized I forgot to point out uh wind main identification is actually another feature of um of this release we actually added wind main automatic navigation on wind Main and I haven't um uh I haven't tried that recently so that's something else that we should uh that we should we should show off so um let's see the next feature I usually I usually go to indexes next um indexes are and this is actually the most useful feature without a license I would say potentially uh because this is really just kind of a new the index picture and the the Cod ins that maap together uh let you I I like the way Tim explain this to me where an index in the back of a book has some topics and they have page numbers for each topic and so it might be the cran war and in this book The cran War appears on these these pages so that's the the idea here is that just these are offsets these are locations whether it's a function or uh a call to a function I instruction or string any of these things that appear in a file uh here's where they appear uh but what finds them is just code and so the default one that runs is this high level uh functions um one and there is no Magic Machine learning this is this is just math and using the B API um although what's the the outdegree um like what's the sort of intuitive understanding of what outdegree means here too I could use a better explanation of that so I think you built this one right to uh yeah in terms of a call graph the out degree just corresponds to the number of unique um call E okay and and it just tends to correspond with with um functions that are involved in you know integrating a lot of different functionality or coordinating amongst a number of different functions and so those tend to be interesting places to start so instead of like a whole lot of calls that may be to the same function over and over it's it's the uniqueness of of the calls that that are happening yeah there's an integration and coordination effort going on and then and then there's just sort of scaled I guess into this like arbitrary metric uh but allows you to sort it and filter it um yeah there's there's a uh threshold there that um you know can be can be modified but it's just sort of set to what is generally a good value because it varies based on the number of functions that you have if you have a binary with you know 60 functions in a real small thing or one with you know 60,000 functions different you threshold then how you calculate it has to be a little bit different we have a question from the chat I think was probably good for you to answer Tim it says will sidekick also identify those structure alignments that are made in and distinguish between them and actual members structure alignments I'm not sure I understand the question psychic does have a uh a non-commercial discount Julia it is not a um student discount yet but it is uh there is a commercial and a non-commercial pricing uh if we do a separate student discount it would not be 75% off I think we would we would lose money on like our some of the backend apis are having to pay for potentially um or we'd have to be be careful about that so um we yeah we have we have not yet um uh and you can you can see the actual pricing here there's the the non-commercial versus versus the commercial yeah so Tim I'm not sure if that are we getting clarification no there yeah um I haven't seen it yet yeah so so M Source when you may say structure alignments um I mean the whole idea is that it's supposed to be identifying as it's it's trying to identify the actual structures but it is not a perfect recovery much like decompilation itself is not so like padding in structures I think potentially having structures that are that overlap the same memory locations where you're using a different field a field name from One structure and a different field name from another structure that course that overlay on the same same memory are we able to make differentiate those typically um we are I don't I don't think so um I think that uh like for example we're not doing unions defining those well B itself doesn't have support for them really so yeah right right a limitation um and that's closely related to to the question I think as well yeah I think also too sometimes there's just some level of indeterminism where you might have two structures that are very close to each other and then you're doing some offset from them and it's unclear whether or not you're accessing a member of of one structure versus the start of another structure that's well I there's also is something an array is it a structure is it you know there's there's certain things that are completely ambiguous and and undecidable from a from reversing standpoint and and they're arguably like arguably it's correct to just do pointer math and all sets you're not wrong that is the CPU is doing it's just not as useful right if you're trying to recover what the original source code looks like trying want to match the original source code so um I would add that um that I think that it's important to sort of see this as a you know kind of a a ripe field for a lot of um a lot of um growth and so these types of capabilities that in the past have felt like they were sort of undecidable they start to become more and more decidable because you're able to draw in evidence from different aspects of the binary as well as bringing in outside information and integrate all of that and make inferences with these language models yeah a good example being if the model is seen open SSL source code and op SSL is used and it doesn't have context to recognize it of course it can match up the same structure at the same time so like there are yeah that's a and then likewise just in general if it's SE enough code I mean how at what point does that give it the information it needs to to make better uh to disambiguate these things which are otherwise U you know impossible disambiguate so I think the questions that are um of the form like does sidekick do such and such you know it's important to know what it's able to do right now um I think it's I just want to add the additional context that um things are moving very very quickly it's it's not worse yeah things are moving quickly and things that aren't in the product right now probably will show up um quickly yeah we have we have one quick question from the the chat which is is there a plan basically for people to do offline Standalone networks basically on premises deployment there is it's on our it's on our road map our product road map um but we haven't gotten there yet so we first wanted to get our feature set and everything right for this this particular deployment type yeah I mean we're I mean just full disclosure I mean we're using a variety of models um but we've already demonstrated that uh capability inhouse with um some uh accessible models that um are Advanced enough to be able to handle the types of uh prompts that we are using and so we actually have a um an environment variable sidekick on Prem if you set it to true then it uses a sort of a different Suite of of models and provides the same kinds of capabilities and and but it's not something that's in the productization phase yet yeah so we're testing it it's on the r map we want want it to happen our sort of nominal goal is if it can be this year um that would be great but you know we we'll we'll see what happens and and the other the other thing I've been telling a lot of people too is that we know there's customers that absolutely need it on Prem and just for whatever reason you know they can't use online service makes total sense um but until we've got the quality like we really want to make sure that it's as good like we're we're just we're using whatever the best thing out there is and when we've got the offline ones working to the the same high high quality degree I think we're going to yeah we want it as much as as much as folks do to be able to throw on an Enterprise you know module does the same thing uh let me let me go on to the the indexes now because like that one was just an example of of just python code that ran uh I'm a big fan of these other ones though for example like cryptography calls and this one you'll see uses a separate set of the the psychic apis where it's do doing um some categorization so it's actually able to to filter and just say find me all the symbols find me all the things in the binary that have to do with cryptography uh find me all the ones that have to do with uh file IO and like maybe Network it's a web server so it should do probably file IO Network IO and cryptography those all seem like things that you know knowing this is a web server might be relevant and so I can kick off all those and that's going to again it's going to use um the actual service to to try to identify all of these things and uh this is useful kind of on its own right like there we go let's take a look at these these uh Li to okay B 64 May maybe maybe it's not actually encrypted it says encode in this thing and I could see how it absolutely would be a reasonable thing for something to guess but maybe maybe I look at this and say no actually I don't think that's uh that's actually crypto so again much like the the other views I can I can remove that I can say don't do that method key I think it's using key here in this context of like uh you know maybe a key value also you notice it's going to continually request suggestions as and never get around that's a setting you can control that you can make it only do it when you manually do it if you want or you could just keep Contin you know accepting them because even a hooty you can accept all all all the requests obviously SSL so let maybe let's clear this one out let's remove that one uh the rest of these though yeah there's obviously some open SSL being used and there's a bunch of of crypto stuff that looks like right to me those all look look very good um so that's useful on its own and I can kind of go through I want to see all the crypto uh navigate and see where all it's where it's all used in um in in this this this binary uh but it becomes especially useful let me actually navigate back to um my uh was I connection State machine um uh function because I I like I like the state around this one and I can uh use the code Insight map and the code Insight map it starts as just a a call graph right like so for people who've been asking for for a Binga call graph well here you go there are several plugins that will do at the sidebar and some some other ones but it's it's essentially a a a call graph uh but what makes this super interesting and again this functionality Works offline just fine you don't need the the API the the service key um you can you can do this and you can even add these indexes and this is where it becomes super interesting so show me all of the file IO and crypto between Maine and this connection State machine and you know the call depth of controlling the the the parent so con main is going to call into connection State and then the connection State calls uh two levels down here right we're going uh this is a good example this particular function FD Q append didn't um have any elements inside of it there were no I instructions and strings or whatever reference that matched these things but it itself looks like a file one or maybe where it's calling um that function that it called uh log fail assert for example has uh has a flush and so that shows up as as as a file IO right so um oops take me back to uh I I was gonna say Tim you could probably uh better um describe some of the in or like the how that works exactly but my gist of it was that the traditionally when you look at a call graph they're typically unwielding because you're looking at the entire program with the full call depth and it's very hard to to digest so we tried to tackle that problem by one actually controlling the depth of the call graph itself so that you could really only focus on a proximity or like your locality of a function that you're looking at but in addition that most call graphs you either have just the the name of the function that was called um or you have all of the instructions in it in which case it can then become even more wiy but in add in in addition to that we tried to filter out a lot of that information by only focusing on the topics or the functionality or behavior that you're interested in looking in so that you could very quickly get a handle of what the function is doing from a functional perspective um by F by including or excluding certain topics that you're interested in and seeing how those sort of components or behaviors relate to one another yeah you're allowed to prune the call graph you're allowed to explore to a call depth of six seven eight you know things that you would never think to do um before with the normal call graph because you're a fil are pruning out all the functions that are not on the path and that have nothing to do with the topics that you're interested in yeah I I say that it's you know control flow graphs show you everything a function does call graphs show you relationships between functions this is both in in between it shows you some of the things inside of what that function is doing but but only the ones you cared about only the the the topics you chose and so I think that's that's that's super useful and again you can download psychic right now and you can you can be playing with that so I think that's what we had a question from somebody in the chat where does this feature does this require symbols um or functions with we that are basically strip the binary to find these types of calls in order to find the types of calls we rely on the names of those functions that are called in order to do the classification as to what type of category they at least our our index scripts do that some of some of these not some of them some of them don't there are other indexes yep um that that don't require it right um yeah this is just a um an initial and this isn't all of them I mean if you search you know it'll bring up different um index es but um this is an initial catalog of of basically uh you know examples um that that are useful but um you can you can add your own you can create your own indexers um and um and those can use you know um patterns or basically any any uh Bic code at all to to find whatever you would like to find find whether it relies on symbols or not I just had a good idea that I kind of want to go off script maybe we can uh well let me let me write it for this and we'll see if we can find a separate Windows sample to try it on later um but yeah one things we haven't shown yet that we're we're going to anyways is we want to show that you can write your own indexes and so if I want to show an index that doesn't require names or symbols um something you might see a lot of in um uh in in an opusc uh binary be some exor operations right and so if I want to add an index and try to find all of the places where there's an exor happening so let's let's actually create a new one we're going to call this exor finder uh find all exor operations right and and what I'm going to do is I'm actually going to write that natural language text and then have it write the code for me I've literally never tried this we'll see I tried this exact prompt so I'm curious what it'll do um but that looks spoton CL yeah uh I think that might just work uh so it's looking for um any I you know I could rewrite this code to be a little bit more efficient maybe for example you can actually just do bb. uh L instructions right from the top here and go straight into this uh if I was if I was nitpicking it's code but this this looks this looks about right to me um and so you can use the AI to generate this but again the point is I could have just written this by hand as well and I don't know if this will actually anything in this I don't know if this this is a web server I'm not sure if there is any any crypto in or not so there's there's there's no exort here but I want to run this this index on a you know on an ausc Windows binary and I might find um you know some locations where it was was using xor and so uh this is a good example where the categorization specifically find all crypto things is using the symbols that were um uh that that were so it's using our service to do the classification on the symol but the this concept can can apply so uh Stephen the uh you can write your own indexes in fact actually of these current ones I think there's there's a couple other ones that I think we intend on putting in the you can actually kick yourself offline and then relaunch that window and you can see exactly which ones are free oh that's a actually if I just click the offline button right it will do that oh yeah no yeah you can or you can just keep those would be um ones that you've written yourself if you're no yeah yeah um so so there is uh there there are some that um that don't require the this this filter inspection category and that that symbol uh kind of kind of magical here's a good example dynamic dynamic allocations this is a great example of one no no magic AI it literally is just looking for these common allocators and in adding them it's going to look for all the times there an it's an Alec um kind of operation right that's another useful in fact this actually probably I would expect to see some of these in this binary so yeah there's a bunch of Alex right super useful uh you could do the same one with freeze you could pair those up you can look for just show me the call graph of just Alex and freeze if you want to kind of identify the flow of uh a functions yeah you can modify that view right now it's yeah let's turn these off and let's go look for just Dynamic allocations so there we go so there's actually no dynamic allocations in both main or connection State machine which is super interesting but we can see down some of these other functions this is where the allocations happen so yeah that's uh and again those those don't require any any the kind of magic yeah so to answer this question the ability to write your own index is something that is free it does not require subscription the natural language I give it a prompt and it produces it for me that requ the ability to autogenerate a script from your natural language description that feature requires a subscription and there are some indexers that we have written that we that we provide to you um if you have a subscri subscrition so it's consistent it's not that you're going to you're not going to stumble upon one right just using it for free that you can't then run correct y thank you for that clarification that's good yep there we go um yeah so now I want to go try that exor finder on on a piece of malare so let's let's uh let's keep going through the list here so again just this alone this this custom call graph being able to turn on these indexes just I I think that's fantastic and I'm I'm super excited that that's part of the free offering of it that that people get to play with that even without all the AI stuff I think that's that's really cool again we we wanted to um to make you know make that part available um while still you know having these these kind of extra bonus features that they can really take advantage of it even more with with with the the service so um is there anything else on the uh oh create a component tell me about yeah so that's I mentioned earlier some of these things kind of can can can go back and forth that the components can be used for structures I can use the code inset map then do I to create a component of all of the uh the the functions I found or is it based on actually I haven't seen that one before so I'm not sure actually I timum I don't quite remember how that one works if you recall if it grabs all of the functions that are represented inside the map oh there it is it's probably this one here create components for functions in the index yeah yeah there's a couple of different things um you know we want to make sure that um I I mean you know there's the documentation and and um there's there's the features that are very visible um and and sort of easy to use very accessible but we do have some that are a little bit more um you know off the beaten path if you will so like creating a component for all of the functions that are on the code Insight map at that point in time is one of them right so you do that and it should create a component that has all the functions that are present there um and then um if you were to create a component for here we go yeah and if you were to do one for the um functions in the index that's a little bit more of a um complex operation that um don't want to really yeah explain at the moment yeah because this is this is an introduction and there's some depth to the product um I don't think that we're going to go into check the do check yeah there's a bunch bunch of things that can that can uh happen here and again I just to me it was important that like sort of philosophically these things are like work well together yeah um as you get more symbols for example the summarization the comth that ads can get better the documentation gets more accurate the more it's got good names and variables to kind of kind of work with and as you yourself mainly reverse engineer and then ask it to do the namings it will continue to get better like it's all kind of like this you know it's meant to be a a positive feedback cycle right incremental refinement yeah um that's that's part there okay so we've got the Cod map um I haven't shown documentation and we haven't shown the notebook yet so let's uh which one do you guys want to do next do documentation because the once you do the notebook there's a feature within the notebook that will allow you that tags on to the documentation cool all right so I've asked for documentation again this was a fairly large function like I said it was around I think 700 lines of of decompilation um several thousand bytes of um of of native machine code not massive though right again to be clear like this you know very very large large functions can can be um oh interesting there's the errors it can that's really nice I don't think I've uh noticed that one before yeah so it's describing the different types of errors that function can have uh side effects it has just the sort of return so it's kind of like a man page kind of like a function summary um but I like this feature right you can come in here and can edit it youve got a little marked down editor and again this is one one of those that works offline um where you can yeah virtual cycle thank you J duck um so uh yeah this is this is just kind of another useful little little notebook thing the fact that you can you can add your own information you can um you can save that and keep your notes per function then once you've done that too if you're back doing uh disassembly you'll notice that there's a there's an icon there so it just lets you know that there's documentation for that function or again if you've if you've split it and you leave one of these in documentation View just as you navigate around right you'll see that just automatically up and it's nice with the splits and the paints yeah actually I say if you some variation um I guess too I I think people should generally you know understand if they if they don't already that um you know there's going to be non-determinism with the information that you're getting so partly because you know the models aren't always going to get it right the first time and if you don't allow for any uh non-determinism then you know if you want to try it again you're just going to get the same result which would be unhelpful so for example if you were to generate documentation again you might say man this this uh description was a little Spartan um maybe you can help me out a little bit more then you can regenerate and you know the next output hopefully will you know be more to more helpful more to your liking and so forth um same thing with the suggestions that we started out you know it will suggest names for variables and you might say man this set of variables I just don't feel like it's um great you know it's not perfect whatever let me clear those out and res suggest some names for variables and you get different ones and so you might say man I really like the way you interpreted it this time that seems spoton and then you can accept it so yeah that's one thing to keep in mind as you use a product that is um based off of these models yeah so as you see now the description is different much much larger but we missed maybe the errors that we saw before or maybe they got summarized differently so yeah um there is the capability to actually preserve information inside of the documentation view so that when you go to generate it using sidekick again it won't overwrite it it'll just oh interesting so if I have some user notes in here if I go put in there's a special section there called an addendum which isn't currently in there but um we'll be able to show off that feature when you get when you uh go off notbook you do the notebook okay all right so let's let's go ahead and do the do the notebook now um and this is the uh I think this is some ways what people think of more when they think of a a chat AI assistant right like it's it's it's it looks and feels a little bit like that you got your kind of thing here except I like um you know notice that the current location here this context is is in the the the system as well it's not just uh not only in this function but like where I am in this function that extra information is kind of available so like um uh I don't know what's what's a good question here I can ask um let me suggest a couple of things on the Fly um hopefully it will lead us to a uh to to a positive score but um start with a a slightly smaller function yeah and try using something other than high level I oh interesting all right let's go let's look for something connection accept that seems like a decent size that's pretty because not everybody wants I mean you know there's different times where you are you might be using high level I but you might not you need to drop down so um what's important with when you're using the notebook is that it knows what you're looking at and um that that way when it um analyzes your questions it's going to answer them in reference to the IL view that you're working with all right so we've got l v we've got uh medium level hey even go to disassembly go to assembly a lot of people are more familiar with that um so oh no I see an exor did we miss that for no cuz it's a little while maybe there was a bug in that code actually I have to go back and read that index again see if I didn't find it um so let's ask um how many arguments does accept take I don't know I'm not very good at coming with some of these questions on the Fly uh and actually it's it's except for so we'll see if it's it's forgiving enough to to recognize that oh yeah yeah I did okay so we got that even though I asked at the the low level of of I um one thing to point out is that the notebook tells you what information that it's using um as well oh yeah disassembly ATS right here yep yeah and each message in this um chat or this notebook is tied to the address that you were at when you as the question so in some sense it it it's like a transcript and one where you can sort of follow along in the binary yeah which means that if you click one of those messages in your chat history it'll take you to where you were at when you that command if I'm here but then I actually come back to to here yeah it takes me right oh that's interesting too I had actually seen that before now for the documentation bit um if you rightclick on the message that came back should I generate some documentation first or just sure sure go ahead so let's ask it for its connection accept which I expect to be not nearly as um I'm just looking it's interesting that connection except does take that same connection struct as the first Arc um that we saw the the state machine one which makes sense it was probably part of the same component yeah it was that's how I I picked it because I wanted something that was that was related um and it was also in that component so we're generating documentation and you can by the way the very bottom right where youer earlier when I was going offline online um that's its its thinking indicator you can tell it's it's still going down there yeah so we have this nice description but if you wanted to record something about the function that you had asked then you rightclick on that guy right there tend to documentation yeah now we have a little addendum there's also a link theet yeah so again same thing that'll take you there and if you try to regenerate the the the documentation for this thing it'll leave the addendum it'll leave the addendum yeah yeah so as a as a user oh yeah someone else suggested pseudo C absolutely it'll obviously work on P there interestingly pseudo oh just because there's a lot of nesting on these so a lot of the new lines EMB braces why is so like pseudo is actually about the same total number of lines as the disassembly which is unusual usually it's much more concise um that's actually a little bit more um certainly more readable though I think as as a higher level language but um I mean we've got so many things I don't know what what people are interested we're running low we've already been going for over two hours now so um I mean you can select a little block of code and you can hit the shift C and you get the summarize well you just get a little block comment right right um so requesting code comment yeah which is in is that in the plugin here as well as yeah there it went so it's and and the fact it's duplicated is a binab bug is because bja does comments on addresses that can be repeated um there we go so it's summarized uh the switch statement yeah if it matches these values it goes there yeah get in line and then the function summarization as well up here was one of the things that was suggested before on the connection State machine oh that's funny it's right below it or right above it I didn't realize that uh so that's okay yeah document notebook I think that's yeah again not exhaustive there's there's other features there's a lot of other things it can do um and the documentation is online right so people can go here if they want to see more there's a lot ofation in there yeah one thing to um I think highlight too because I think it is it points in the direction of where things are going for sidekick more than some of the other features which are just you know use them interact with them as a user um and that is the function naming so actually if you were to go to well go to the high LEL index the sidebar uh this will just be for something to talk to if you're in a binary without symbols you're going to have high level functions right and it's just going to be subcore hex address yeah you're going be like what am I dealing with so in that menu bar with that little hamburger is you can say um name name the functions in this index and what happens is it actually does a bottom up analysis of the binary naming functions until it gets up to the functions in your index to give them an indication what the functionality is and it names them all accordingly this actually answers a little bit of circus question from earlier I was going to show off on a on a Windows binary like what if you don't have any symbols like here's a great example of of what you can do and so you you know one of the reasons why you start from the bottom up is because um a lot of your Leaf functions are going to give you more clues right you're going to be interacting with the environment with the system um and so those are important clues that we can use and propagate up the call graph so that when you're trying to name the functions in your high level index you're doing it in some ways based on an aggregation of all the clues that are available in the binary and the other thing to point out is even if a fun unless a binary is both you know statically compiled and has no symbols the Imports alone often times will give you useful symbols enough right in fact we can even see here on this particular one even if the none of the built-in functions had symbols we didn't have this or this we'd still have these we'd still have the op SSL Imports right which still gives us a lot of this this context um that would all all those orange symbols would still be here and so uh it's it's certainly possible that you can cover useful interesting uh names uh from from that alone but yeah but but again the less information you have you know generally the harder problem is for sure I hadn't seen the the the name function one that's nice or the the name uh name functions and index yeah there's always always uh new ones to find uh you can you can have common sets to these indexing suedes like if you have a bunch that you commonly use you can kind of bundle them up um yeah there's there's favorites in them there's there's there's a whole bunch of uh of other things like I said that we haven't haven't kind of covered let me see if I can find I was thinking trying to find a good Windows malware sample I don't know if I have one yeah while you do that I'll answer one of the questions in the chat um one of the questions was did the do the type names and member names it references this is in the documentation review um update when you rename the types in the normal View and currently they don't that is on our um to-do list yep yeah we discussed that when we were developing the feature so it is on the road map does it use strings for naming as well yeah I believe that's it right there's in fact I've seen it pull out like names from a function because there's the effected the great source of of if you have an assertion statement that tells you yeah um and actually this is kind of an interesting thing uh just sort of a side note like um I was working with a binary and it had these assertion statements which were giving names to the um parameters of a function and you know you know I didn't agree with the programmer I thought that his name was a little bit uh um short and so um I didn't accept the suggestion that came out you know from the model because the model's like well you know this is clearly what it was called in the original source code this is what it should be so I changed the name in bja you know I just you know Hit N you know named the variable or whatever so I picks up on the fact that you chose a different name than the one that it suggested so then when I went to analyze other functions that were related instead of using the name that was in the um assertion statement it recognized that um I preferred something different and generated you know the the name that I had chosen yeah um there was another request can you inline the addendum or link to the addendum from a section of the documentation and right now I think it that is a no it's just at the end that you can that that information is put but it's something a feature that we might consider doing uh do you use something like flirt signatures to detect functions and also do you have something similar to how Lumina works that Ida has so uh no there is not currently a a Lumin like feature that we are building however there are binary ninja plugins that will work with the free and open source luminous servers that are out there yeah yeah so you can use the existing uh not not I technically you you probably could use idas I suppose if you wanted with it but you think you need a valid uh hex-rays serial number uh to to go with that yeah um and I don't know if they're what what their terms of service are in it so I'm not not advocating for it but um but there there is a plugin that will speak the luminar protocol that can talk toer ninja okay um yeah it looks like Kyle said that too I mixed that yes and there's also um a we have our own built-in system called Signature kit which is the same as or similar to to flirt and functionality there's also a plugin called Nampa in the plug-in manager that will literally use flirt uh rules specifically in in binary ninja so it's meant to actually work with if you have an existing database um of I guess it's technically is it flare is the flare generated Sig files flare is the component I think that makes the makes the signatures uh so I I am um pulling up Aimbot from from um uh from Flareon because I thought of something that would that would have uh uh and I'm trying to figure out um something is wrong with that exor script and I can't tell what's wrong with it because it looks right to me okay no that makes sense in high level aisle but what about lowlevel aisle oh no hold on is that right sorry I'm using easily nerd sniped and now I'm looking for um the exor operation the low level operation yeah okay so this is it so um oh I see ah the source that's right that's why it's not it's not coming up so let's actually try this go back to our indexer and let's add uh let's actually create a new one I wonder if I can tell it to like it's got to deal with the the tree structure um see if that works um there is actually a um a visitor class built into the API now that I can never get the syntax right on um oh and it's it's trying to use it yeah I recognize this so this is It's using the visitor I have to go look at the docks on it all right um I don't know so let's see if this works is it still running or is it already it finished finished but didn't find anything didn't find anything okay so there's there's still a bug a bug in this it's um oh no I'm in the wrong one oh I think I didn't hit save I've done this before hold on let me remove this one um yeah okay so actually no I can just add this one it's there okay yeah just add that one oh there there we go perfect that that was perfect then so yeah there's a good example I don't know that AP have the thought my head either so I'd have to go look that up so that's that's great but again I had to I did have to prompt it a little bit I did have to go kind of look at it and be like I think there's there's exor in here so uh no symbols in this binary but I've I've already identified uh the exor and actually the full register with exor I'm less interested in I feel like you're more likely to see um uh something interesting with uh these uh I'm just I'm just out of C yeah so actually I wonder if anybody in chat has actually um done this particular um this flare on Challenger if they have it like a different Mal sample or a different Challenge from there there might be one um but this would be a nice easy way to just Define really quick uh uh simple Opus skaters right with fixed fixed xor which I don't think is this common anymore but uh even even this just be able to kind of go through it use that as an indexer or okay like let's go look at uh all of the the call graphs so let's look at the code and so let's go back to the code Insight map and let's turn on that exort finder show me I'm sure show me how level out functions so that alone again now we're looking at the call graph oh it's all it's really mostly occurs in this function um that's very interesting actually did you increase your call depth I didn't uh um yeah let's Crank that up a little bit yeah it just shows you what's in between in that case right there's there's very so that really is it that's super interesting right so it's something that I think is not at all immediately obvious um oh just by like looking through all the decompilation or if you go back to your index sidebar yeah you can see how many functions the entries are cover oh two entries two functions right right so there's only uh sorry it's high level uh there nine functions y so there's only nine functions with any of these so that means there are you know some other ones that are not um they may in this cult part of the cry right so that's interesting too like it's kind of partitioning up the whole the whole binary but like I do like that this this one function here um right clearly has the majority of the the exors um this we're missing some structures right there's some some math going on one of our chat users is curious to see structure recovery perform on this binary oh well I mean here that's the first thing it wants to do so let's yeah let's do it let's look at this uh at this particular function I mean it's already cleaner um you can try to give it names as well H the plus sign see what happens yeah the plus sign sorry the M the in this suggestion sidebar oh yeah yeah sorry the I I always hit the drop down thank you it's much faster that's why it's good user study to watch somebody else use your software um see okay here's a good example where these are not as as useful names anymore right so that I would reject all of so that one I don't think was a good suggestion um but the struck that it's named from and it kind of makes sense there's not a lot of context here it's just a bunch of of exor there's no other function calls MH um so let's um let's try something adventurous uh let's go to the notebook oh yeah and uh ask it if it can tell you what this is doing I'm curious uh yes pasta you can absolutely do that um if you go to the type viewer um and then you can um uh create types from C Source you can paste stuff in you can also just import a header file I think it's uh import header file and you can point it at any header file in fact it use this CL do the parsing so any CL build options whatever if it's got compiler defines a lot stuff you can do all that you can import all those types from there um where we back on uh Notebook thank you sorry uh bitwise exor operations with the values derived oh from Arc 2 swapping and shuffling oh interesting huh wonder if that's true AES oh hold on I think this this binary did do something with AES I think this was uh which one was this Aimbot was Flareon 4 I have to go read it right up now I'm curious is that so there's actually another plugin um called yeah crypto scan um that that specifically um looks for certain constants that are used in different uh encryption operations uh you can see it supports for example the the constants used in AES so I'm going to install that plugin I don't know why plugin was disabled by default something something's up with my my test box here um and I think it doesn't yeah it doesn't open up by default so I'm going to uh save a database and reopen it and I think now if I scan for crypto let's let this plugin run and if it finds it yes then that's certainly a a pretty good feather in the and again you'll notice I I reloaded the whole thing and all this context is still saved in the database 2o right I didn't lose my conversation and um kind of even where I was all that stuff all that stuff matched is snare in the Plugin or is it something else something else some in the chat was asking is it possible to do auto structure recovery on the main function in that one uh binary and then the SE structure yeah setup function and show the results in pseudo I guess they're curious to see how well that Rec structure recovery would perform on those functions in the Aimbot function or aot or is that the one that you had before well the lightest gdbd was the first one no no was the second one then okay this this Windows one yeah let's see where is um this actually one I don't think we name we did ID ify main yeah we did yeah we can let the the crypto plug and keep going oh so this is GW interesting oh okay so that actually explains why we didn't get like a wind main um because I don't think we've we've tested that on on MW but that is the so where's the start but no this must be just is this a symbol curious to see if uh high level functions would potentially identify it the index or high Lev functions oh wind sure let's go check it I wonder if either one over those are in no I don't think so because the well the actual wom uh good point it's probably one of these I know these are all just pointers is it probably this then yeah I wish it was working with a binary that I'd actually used before um so I had a little more context but the crypto scan is not the fastest uh uh plugin which by the way um was the status there saying that's 25% through yeah yeah if somebody wants to uh rewrite that in Rust it would be a it's a python plugin right now so it's it's not and this is not the biggest binary right like how big is this thing oh I guess I mean okay so it's yeah that's large that's very large the person in chat realized that it wasn't not M or was not msvc when that it was MW and they're like oh yeah so I don't think that's going to be that's going to be useful um yeah it's a big file but most of it is actually it's it's clearly compressed right so it's got like an unpacker or something which again I'm pretty confident that's the function we already found that indexer the exor finder yeah um I uh where was it right here right no your Notebook thank you notebook is a better way to look for it just go back here not even used to it yet yeah this one here is really interesting because this this here where just doing a bunch of bitwise uh exor yeah that doesn't feel like normal code this very much feels like an unpacker st yeah which comes from a struck second member all right I'm going to keep myself from getting too too sidetracked because I will sit nervous this all all all day but no and I I picked that binary so that's my fault for not um not finding something something else potentially but um yeah we we also I think are planning on giving out some uh free credits at some point with sidekick correct I don't think we figured out specifics but so for people that are curious um also uh Sergey I'll send you a I'll send you a um thing to to eval your we come to kind of play with it um it is it's very fresh so so be gentle but um I'll I'll uh like I said you can you can install the plugin right now just from the plug-in manager and we can can send you some some stuff to to try out because yeah you'll have much better things to to think of to try it on than than I would even but yeah that's that's sidekick that's we said one more thing it was like eight more things but it's uh yeah there's a lot of features in the product and we're we're very excited about it even to to have gotten to this point so um if you like what you see then if you haven't already signed up for an account um like I said go to sidekick binary. ninja there's a link to it from the main page of the binary ninja website as well and then you can go uh create an account get on the weight list again install a plugin now check out the plugin play with the indexes play with the code Insight map play with all that stuff ah Duncan is on yep and in the coming days and weeks we will be uh expanding our user base for signing up for plans more and more so uh if you didn't if you don't get it immediately the wait uh you will be soon hopefully will structures that use types from ndl be applied to these structur members automatically um if I if I understand the correction the question correctly um if if Binga has already determined the type for a variable for example um then sidekick uses that yeah it doesn't ignore that information I think it's a solid Maybe because if our yeah if we have already identified function calls that have no types and our type libraries have already got it um if the type propagation has that length then yes but that that said there may be times where um you know it's it's layers of indirection and and our data flow doesn't track it and psychic may or may not at that point like so it can yeah and and again um um lots of improvements to make um we're definitely uh you know version one and and we expect lots of new things for example um incorporating types information when we're trying to recover um structures in other parts of the code yeah you know that's additional context um that we can draw on and then I think there's been a couple of you know the questions like flirt and flare and lumina and one of the things that we've been debating a lot internally is how much do we do do we try to solve those type of problems with things like flirt and flare Lumina and how much do we try to solve them with something like psychic because I think there's a place for both Technologies to kind of coexist and work together um and so you know we're also looking into things like um you know automatically uh you know as was saying you know earlier where we want to take it where it even recovers some of those those things that are ambiguous um likewise for things like can we use it to identify um static libraries right right now that state-ofthe-art is you have compiled a version of that library for that platform and you you know got it working right which by the way is a real pain like just because you have like for example a doso or something and then you've got another version that statically compiled with it it's not the same thing so to actually get good um symbols is is a real headache um but you have to have exactly matched it right that compiler and that thing and so that kind of technology is very brittle but when it works it's great um and so how do we use something like sidekick to try to like solve that problem I think a little bit better could you train a network to identify functions all machine learning that's been oh uh yes by the way it looks like it this the plugin did eventually finish and it does see the ases boxes right here oh yeah so uh Kudos on the notebook I think it like that function I just said I see a bunch of xor and it actually says that looks like the mixed column step of AES think it was right so no symbols at all and it correctly identified the the crypto manipulations um so that's Yay good job uh yeah that was uh that's a good one um so so back to the the function identification lots of people have tried that um and and yeah I think there's um uh I think that's a possibility but I think there's a lot of questions in terms of like where you do that do you do that on machine code like a lot of people literally just fed in a bunch of bites and been like you know figure it out some people feed in disassemblies some people feed you know there's um I think there's a place for for both heris and for from like you know machine learning to to soling problem so all right well that was a long day man I can't believe thank you everybody for for hanging out and go back to the white cameras here so let's are we still working um so uh yeah thanks everybody that that that hung out um I AP if we missed a question I wasn't watching chat as much as I normally am on this stream um so feel free to to hopefully the the other Vector rites Vector 35 people that were in the chat answered anything that we missed but if we missed something hop on our slack or or go go to binary. ninja in a browser we've got like a chat box you can ask stuff there if we if we missed it if got anything else but um yeah thanks everybody for for hanging out and we look forward like I said so timeline we mentioned earlier it's about a month February 21st um somebody pointed out is is the official uh official launch date for 4.0 but you can already get again half these features are already testable on dev and the other half will be there in the next week or two so you can get them early if you want to try Dev Branch you can install those those kind of side by side and uh yeah me look forward to it cool all right everybody uh have a good weekend and we'll talk to you later bye-bye [Music] w [Music] [Music] [Music] o [Music] [Music] a [Music] [Music] oh [Music] oh [Music] [Music] [Music] he [Music] sh [Music] why [Music] [Music] Bo [Music] [Music] w [Music] he

Info

Channel: VECTOR 35

Views: 2,761

Rating: undefined out of 5

Keywords:

Id: 4nskle8sMKQ

Channel Id: undefined

Length: 167min 58sec (10078 seconds)

Published: Fri Jan 19 2024