cd /u1/Projects/Ebaz/Bootrom ls -l -r--r--r-- 1 tom tom 131072 May 22 08:31 bootrom.bin -rw-r--r-- 1 tom tom 34886656 May 2 13:11 zynq_bootrom.bndb -rw-r--r-- 1 tom tom 8610213 May 4 21:24 zynq_bootrom.bndb.tgz bninjaThe "bndb" file was handed to me. I was told that it was generated by IDA and imported into Binary Ninja. We will ignore it for the time being.
To start, I type "bninja" at the bash prompt and it launches. I use File-open to open my binary file, and nothing else is needed. It pulls in my file, recognizes it as ARMv7 code and does what it calls an analysis. It is ready to go without tangling me up in a bunch of up front questions. Very nice.
Two things were tricky when just getting started. One is that it started up in "Triage" mode (whatever the heck that is). It first came up with 5 panes. Two on the left, three on the right. On the left you have Symbols up top and Cross References down below.
The right used to have 3 panes, but the bottom two are gone now and I don't remember what they were. So we are left with what I will call the "main pane". I had to fool with it in the following way. Up top there are menus to configure what it shows you. I set these to:
Mapped Linear DisassemblyNow I get a view of my bin file disassembled and can use the scroll wheel on my mouse to go up and down through the whole thing.
The Symbols pane on the left wanted to show me the address of various symbols it invented for functions it had identified, but was chopping off the most important right half of the addresses making it entirely useless. I went to the top and turned off "show section" and "show kind" and after that I can see the addresses.
So, here is the main thing to know. You can double click on almost anything and you just go there immediately. Do you see a call (like "bl sub a740") in the disassembly? Double click on "sub_a740" and you go there. Type ESC to go back. Everything is sort of a hyperlink. You can hover over a "thing" and BN will launch a popup to show you what is there. Double clicking also works in the Symbols and Cross References pane.
The main pane can show you linear or graph view. Hit the space bar to toggle between them!
In the free version you can choose between Disassembly, High Level IL, and Pseudo C. To my eye, High Level IL and Pseudo C look entirely the same. The free version does not let me choose low level or medium level IL, (Who knows what they might show me, why would I not always want high level IL?)
Use TAB (or F5) to toggle between Pseudo C and Disassembly.
Along with the space bar to toggle graph vs linear you can work very quickly.
Once you have double clicked on some function, the Cross References pane shows you all the places it is called from.
If you want to go to a specific address, type "g" and you get a dialog that accepts an address in hex. Very nice.
If you want to give a name to a function, select it, then type "n" and type the name. Very useful.
One last comment. I work on a 42 inch monitor. Making BN full screen is great as it gives plent of room for graph mode displays.
There is a "help" entry in the menu that will lead you to official resources, such as their Getting Started guide and User guide.
Tom's Computer Info / [email protected]