Home

Awesome

Ariadne: Binary Ninja Graph Analysis Plugin

Ariadne is a Binary Ninja plugin that serves a browser-based interactive graph visualization for assisting reverse engineers. It implements some common static analysis tasks including call graph analysis, and can integrate block coverage information. This enables users to build interactive graphs and see exactly what they are interested in.

Demo Screen Capture

Quickstart

  1. Install this plugin via the Plugin Manager, OR clone this repo to your Binary Ninja plugins folder
  1. Open a binary in Binary Ninja
  2. Right click: Plugins > Ariadne > Analyze Target
  3. Watch the log and wait for analysis to complete
  4. Open a browser and surf to http://localhost:8800 to view the interactive graph (web UI)
  5. Navigate around in Binary Ninja; the graph will update when the current function changes

Graph Styling

The quick rundown on what the shapes and colors on the graph mean:

NOTE: the default graph is a 2-hop neighborhood of the current function BUT it will be automatically pruned to a smaller graph if two hops would include too many nodes. Use the context menu function graph to push the full context for the current function or use networkx to build custom graphs and push them to the web UI.

Motivation

Longer blog post on motivation

This tool is a proof-of-concept that was built to fill a gap that we observed in our own reverse-engineering workflows, with the goals of being highly configurable and to help make reverse-engineering faster.

The key insight we found building/using a graph tool is that looking at too many nodes is unhelpful and layout matters a lot, so we focused on just the analysis results we wanted in the smallest and cleanest view possible.

From there, we built the backend so any graph could be pushed to the backend and common graph tasks would be easy. Adding extra analysis tasks is also easy since there are places for per-function and target-wide analysis.

Common Workflows

Ariadne was built to handle some common workflows encountered in RE and fuzzing:

See the tutorial for detailed explanation of features and intended workflows that you can test out on an example binary.

Troubleshooting

If the web UI is unresponsive, check the websocket status in the upper right corner. If you push a really large graph to the web UI, the page may freeze while the graph layout is computed. In any case, refreshing the page should reset the UI.

Unhandled Python exceptions on startup or during processing are bugs and it'd be great if you would open a GitHub issue on the repo here and describe the problem (and include a binary to reproduce the problem, if possible).

Thank you!

To everyone who tries out this tool, it would mean a lot to me if you reach out and give me your thoughts on Twitter or starring this repo. I hope this helps you or gives you ideas on how to look at things a little differently.