Ayrx's Blog

Windows (at times) use the int 0x2e instruction to execute syscalls. The following image shows a diassembly of the ZwAccessCheck syscall from ntdll.dll: Binary Ninja (as of Version 2.4.3050-dev) is not able to lift the int 0x2e instruction. The int 0x2e branch in ZwAccessCheck i…

Binary Ninja is a great platform for automating some reverse engineering tasks, especially with the headless mode available for commercial licenses. In this post, we will use Binary Ninja to automate extracting Windows syscall numbers from ntdll.dll. binaryninja.open_view is a co…

Binary Ninja has experimental support for writing plugins in Rust and the provided template is a good starting point for figuring out how to write one. This post will cover some (hopefully useful) getting started tips. A sample plugin can be found on GitHub. rust-toolchain.toml …

All vulnerabilities mentioned in this post were tested against firmware version V1.0.18, older versions might be affected as well. Affected devices should be updated to V1.0.23 to resolve the issues. Proof-of-concept exploits for all vulnerabilities can be found here: https://git…

The default method to generate Dash docsets for Binary Ninja does not work with a personal license as it requires the ability to run Binary Ninja in headless mode, a capability only available with the commercial license. Luckily, Binary Ninja ships the API documentation as HTML f…