FirmwareNinja is a class containing features specific to firmware analysis. More...

Detailed Description

FirmwareNinja is a class containing features specific to firmware analysis.

This class is only available in the Ultimate Edition of Binary Ninja.

Public Member Functions
	FirmwareNinja (Ref< BinaryView > view)

	~FirmwareNinja ()

bool	StoreCustomDevice (FirmwareNinjaDevice &device)
	Store a user-defined Firmware Ninja device to the binary view metadata.

bool	RemoveCustomDevice (const std::string &name)
	Remove a user-defined Firmware Ninja device from the binary view metadata.

std::vector< FirmwareNinjaDevice >	QueryCustomDevices ()
	Query all user-defined Firmware Ninja devices from the binary view metadata.

std::vector< std::string >	QueryBoardNames ()
	Query names of all boards that are compatable with the current binary view and contain bundled device definitions.

std::vector< FirmwareNinjaDevice >	QueryDevicesForBoard (const std::string &board)
	Query Firmware Ninja device definitions for the specified board.

std::vector< BNFirmwareNinjaSection >	FindSections (float highCodeEntropyThreshold, float lowCodeEntropyThreshold, size_t blockSize, BNFirmwareNinjaSectionAnalysisMode mode)
	Find sections in the binary with Firmware Ninja heuristics and entropy analysis.

std::vector< FirmwareNinjaFunctionMemoryAccesses >	GetFunctionMemoryAccesses (BNProgressFunction progress, void *progressContext)
	Find functions that access memory-mapped I/O and other non-file backed memory regions.

void	StoreFunctionMemoryAccesses (const std::vector< FirmwareNinjaFunctionMemoryAccesses > &fma)
	Store Firmware Ninja function memory accesses information in the binary view metadata.

std::vector< FirmwareNinjaFunctionMemoryAccesses >	QueryFunctionMemoryAccesses ()
	Query Firmware Ninja function memory accesses that are stored in the binary view metadata.

std::vector< FirmwareNinjaDeviceAccesses >	GetBoardDeviceAccesses (const std::vector< FirmwareNinjaFunctionMemoryAccesses > &fma)
	Compute number of accesses made to memory-mapped hardware devices for each bundled board that is compatible with the current architecture.

Ref< FirmwareNinjaReferenceNode >	GetReferenceTree (FirmwareNinjaDevice &device, const std::vector< FirmwareNinjaFunctionMemoryAccesses > &fma, uint64_t *value=nullptr)
	Returns a tree of reference nodes that reference the memory region represented by the given Firmware Ninja device.

Ref< FirmwareNinjaReferenceNode >	GetReferenceTree (Section &section, const std::vector< FirmwareNinjaFunctionMemoryAccesses > &fma, uint64_t *value=nullptr)
	Returns a tree of reference nodes that reference the memory region represented by the given section.

Ref< FirmwareNinjaReferenceNode >	GetReferenceTree (uint64_t address, const std::vector< FirmwareNinjaFunctionMemoryAccesses > &fma, uint64_t *value=nullptr)
	Returns a tree of reference nodes that reference the given address.

std::vector< Ref< FirmwareNinjaRelationship > >	QueryRelationships ()
	Query Firmware Ninja relationships from the binary view metadata.

void	AddRelationship (Ref< FirmwareNinjaRelationship > relationship)
	Store a Firmware Ninja relationship in the binary view metadata.

Ref< FirmwareNinjaRelationship >	GetRelationshipByGuid (const std::string &guid)

void	RemoveRelationshipByGuid (const std::string &guid)
	Remove a Firmware Ninja relationship from the binary view metadata.

Constructor & Destructor Documentation

◆ FirmwareNinja()

FirmwareNinja::FirmwareNinja ( Ref< BinaryView > view )

◆ ~FirmwareNinja()

FirmwareNinja::~FirmwareNinja ( )

Member Function Documentation

◆ StoreCustomDevice()

bool FirmwareNinja::StoreCustomDevice ( FirmwareNinjaDevice & device )

Store a user-defined Firmware Ninja device to the binary view metadata.

Parameters

device Hardware device information

Returns: true on success, false otherwise

◆ RemoveCustomDevice()

bool FirmwareNinja::RemoveCustomDevice ( const std::string & name )

Remove a user-defined Firmware Ninja device from the binary view metadata.

Parameters

name	Name of the device to remove

Returns: true on success, false otherwise

◆ QueryCustomDevices()

std::vector< FirmwareNinjaDevice > FirmwareNinja::QueryCustomDevices ( )

Query all user-defined Firmware Ninja devices from the binary view metadata.

Returns: Vector of user-defined Firmware Ninja devices

◆ QueryBoardNames()

std::vector< std::string > FirmwareNinja::QueryBoardNames ( )

Query names of all boards that are compatable with the current binary view and contain bundled device definitions.

Returns: Vector of board names

◆ QueryDevicesForBoard()

std::vector< FirmwareNinjaDevice > FirmwareNinja::QueryDevicesForBoard ( const std::string & board )

Query Firmware Ninja device definitions for the specified board.

Parameters

board Name of the board to query devices for

Returns: Vector containing Firmware Ninja device definitions

◆ FindSections()

std::vector< BNFirmwareNinjaSection > FirmwareNinja::FindSections	(	float	highCodeEntropyThreshold,
		float	lowCodeEntropyThreshold,
		size_t	blockSize,
		BNFirmwareNinjaSectionAnalysisMode	mode )

Find sections in the binary with Firmware Ninja heuristics and entropy analysis.

Parameters

board	highCodeEntropyThreshold High threshold for code entropy value range
board	lowCodeEntropyThreshold Low threshold for code entropy value range
blockSize	Size of blocks to analyze
mode	Analysis mode of operation

Returns: Vector containing Firmware Ninja section information

◆ GetFunctionMemoryAccesses()

std::vector< FirmwareNinjaFunctionMemoryAccesses > FirmwareNinja::GetFunctionMemoryAccesses	(	BNProgressFunction	progress,
		void *	progressContext )

Find functions that access memory-mapped I/O and other non-file backed memory regions.

Parameters

progress	Progress callback function
progressContext	Progress context

Returns: Vector containing Firmware Ninja function memory accesses

◆ StoreFunctionMemoryAccesses()

void FirmwareNinja::StoreFunctionMemoryAccesses ( const std::vector< FirmwareNinjaFunctionMemoryAccesses > & fma )

Store Firmware Ninja function memory accesses information in the binary view metadata.

Parameters

fma	Vector containin Firmware Ninja function memory accesses

◆ QueryFunctionMemoryAccesses()

std::vector< FirmwareNinjaFunctionMemoryAccesses > FirmwareNinja::QueryFunctionMemoryAccesses ( )

Query Firmware Ninja function memory accesses that are stored in the binary view metadata.

Returns: Vector containing Firmware Ninja function memory accesses

◆ GetBoardDeviceAccesses()

std::vector< FirmwareNinjaDeviceAccesses > FirmwareNinja::GetBoardDeviceAccesses ( const std::vector< FirmwareNinjaFunctionMemoryAccesses > & fma )

Compute number of accesses made to memory-mapped hardware devices for each bundled board that is compatible with the current architecture.

Parameters

fma	Vector containing Firmware Ninja function memory accesses

Returns: Vector containing Firmware Ninja device accesses for each board

◆ GetReferenceTree() [1/3]

Ref< FirmwareNinjaReferenceNode > FirmwareNinja::GetReferenceTree	(	FirmwareNinjaDevice &	device,
		const std::vector< FirmwareNinjaFunctionMemoryAccesses > &	fma,
		uint64_t *	value = nullptr )

Returns a tree of reference nodes that reference the memory region represented by the given Firmware Ninja device.

Parameters

device	Firmware Ninja device
fma	Vector containing Firmware Ninja function memory accesses
value	(Optional) only build reference trees that originate with a write of the specified value

Returns: Root reference node for the tree

◆ GetReferenceTree() [2/3]

Ref< FirmwareNinjaReferenceNode > FirmwareNinja::GetReferenceTree	(	Section &	section,
		const std::vector< FirmwareNinjaFunctionMemoryAccesses > &	fma,
		uint64_t *	value = nullptr )

Returns a tree of reference nodes that reference the memory region represented by the given section.

Parameters

device	Firmware Ninja device
fma	Vector containing Firmware Ninja function memory accesses
value	(Optional) only build reference trees that originate with a write of the specified value

Returns: Root reference node of tree

◆ GetReferenceTree() [3/3]

Ref< FirmwareNinjaReferenceNode > FirmwareNinja::GetReferenceTree	(	uint64_t	address,
		const std::vector< FirmwareNinjaFunctionMemoryAccesses > &	fma,
		uint64_t *	value = nullptr )

Returns a tree of reference nodes that reference the given address.

Parameters

device	Firmware Ninja device
fma	Vector containing Firmware Ninja function memory accesses
value	(Optional) only build reference trees that originate with a write of the specified value

Returns: Root reference node of tree

◆ QueryRelationships()

std::vector< Ref< FirmwareNinjaRelationship > > FirmwareNinja::QueryRelationships ( )

Query Firmware Ninja relationships from the binary view metadata.

Returns: Vector containing Firmware Ninja relationships

◆ AddRelationship()

void FirmwareNinja::AddRelationship ( Ref< FirmwareNinjaRelationship > relationship )

Store a Firmware Ninja relationship in the binary view metadata.

Parameters

relationship Firmware Ninja relationship

◆ GetRelationshipByGuid()

Ref< FirmwareNinjaRelationship > FirmwareNinja::GetRelationshipByGuid ( const std::string & guid )

◆ RemoveRelationshipByGuid()

void FirmwareNinja::RemoveRelationshipByGuid ( const std::string & guid )

Remove a Firmware Ninja relationship from the binary view metadata.

Parameters

guid	GUID of the relationship to remove

Detailed Description

Public Member Functions

Constructor & Destructor Documentation

◆ FirmwareNinja()

◆ ~FirmwareNinja()

Member Function Documentation

◆ StoreCustomDevice()

◆ RemoveCustomDevice()

◆ QueryCustomDevices()

◆ QueryBoardNames()

◆ QueryDevicesForBoard()

◆ FindSections()

◆ GetFunctionMemoryAccesses()

◆ StoreFunctionMemoryAccesses()

◆ QueryFunctionMemoryAccesses()

◆ GetBoardDeviceAccesses()

◆ GetReferenceTree() [1/3]

◆ GetReferenceTree() [2/3]

◆ GetReferenceTree() [3/3]

◆ QueryRelationships()

◆ AddRelationship()

◆ GetRelationshipByGuid()

◆ RemoveRelationshipByGuid()