Home

Awesome

<img alt="preview" src="https://github.com/rikodot/binja_native_sigscan/blob/main/preview.gif" width="800">

Plugin now available in Binary Ninja's plugin manager

(allows to receive updates automatically)<br> <img alt="plugin" src="https://github.com/rikodot/binja_native_sigscan/blob/main/plugin.jpg" width="800">

Extra features:

if there has been an update to Binary Ninja and this plugin has not been updated yet, please open an issue to alert me

Functional improvements against Binary Ninja python sigmaker plugin:

Advantages against IDA C++ sigmaker plugin:

Usage

RECOMMENDED: Download plugin directly from Binary Ninja's plugin manager in order to receive updates automatically

Build process

  1. get git link to currently installed version from C:\Program Files\Vector35\BinaryNinja\api_REVISION.txt (in my case, at the time of creating this repository, it is https://github.com/Vector35/binaryninja-api/tree/d2e0420679ad9cfc0a25ccf768cdfef7bb14c978)
  2. clone and build (change the hash in git reset command)
git clone https://github.com/Vector35/binaryninja-api --recurse-submodules
cd binaryninja-api
git reset --hard d2e0420679ad9cfc0a25ccf768cdfef7bb14c978
cd examples
git clone https://github.com/rikodot/binja_native_sigscan
cd binja_native_sigscan
cmake -S . -B build
  1. launch newly generated Visual Studio .sln project located in (...\binaryninja-api\examples\binja_native_sigscan\build) and build the project or use cmake --build build -j8 instead
  2. to load the plugin, copy compiled binary into the plugins folder
    • on windows copy ".\build\Release\sigscan.dll" "%appdata%\Binary Ninja\plugins\sigscan.dll"
    • on linux cp ./build/out/bin/libsigscan.so ~/.binaryninja/plugins/libsigscan.so

Building using Github Actions

Backstory

I have been using IDA for majority of my reverse engineering career and recently decided to switch to Binary Ninja. I work with signatures on daily basis and this plugin is a must for me. Although there already is a community plugin for the exact same purpose, it is frankly unusable for binaries over 50KB in size as it is incredibly slow and on top of that contains two bugs causing creation of signatures with wrongly placed wild bytes resulting in signatures not being compatible with different compilations of the same binary. I still want to note that the python version was a nice resource in creation of this version.