Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When running capa with Binary Ninja backend, Binja not found #2544

Open
as0ni opened this issue Dec 18, 2024 · 3 comments
Open

When running capa with Binary Ninja backend, Binja not found #2544

as0ni opened this issue Dec 18, 2024 · 3 comments

Comments

@as0ni
Copy link

as0ni commented Dec 18, 2024

Description

When running capa against shellcode using the Binary Ninja backend, capa indicates the Binary Ninja API is not found.
Mentioning @xusheng6 since I believe he works issues related to Binja. Thank you!

Steps to Reproduce

Run capa on shellcode using Binary Ninja as a backend with the following command:
C:\Tools\capa.exe -r C:\Tools\capa-rules -f sc64 sc.bin -b binja -d

Expected behavior:
capa should analyze the shellcode file with the binary ninja backend and report any detected capabilities based on the specified rules.

Actual behavior:
The above command produces the following error:

DEBUG    capa: using rules path: C:\Tools\capa-rules                                                                        main.py:495
DEBUG    capa.rules: reading rules from directory C:\Tools\capa-rules                                                  __init__.py:2101
DEBUG    capa.rules.cache: loading rule set from cache: C:\Users\REM\AppData\Local\flare\capa\cache\capa-6b587440.cache    cache.py:150
DEBUG    capa: successfully loaded 969 rules                                                                                main.py:683
DEBUG    capa.features.extractors.common: unsupported file format: fc4883e4, will not guess OS                            common.py:141
DEBUG    capa: skipping library code matching: only supported by the vivisect backend                                       main.py:783
DEBUG    capa: format:  sc64                                                                                                main.py:833
DEBUG    capa: backend: binja                                                                                               main.py:834
DEBUG    capa.features.extractors.binja.find_binja_api: Binary Ninja API not installed, searching...              find_binja_api.py:149
WARNING  capa.features.extractors.binja.find_binja_api: unsupported platform to find Binary Ninja: win32          find_binja_api.py:110
DEBUG    capa.features.extractors.binja.find_binja_api: failed to find Binary Ninja installation                  find_binja_api.py:153
DEBUG    capa.features.extractors.binja.find_binja_api: found Binary Ninja API: None                              find_binja_api.py:155
Traceback (most recent call last):
  File "main.py", line 1103, in <module>
  File "main.py", line 990, in main
  File "main.py", line 837, in get_extractor_from_cli
  File "loader.py", line 246, in get_extractor
RuntimeError: cannot find Binary Ninja API module.
[PYI-4732:ERROR] Failed to execute script 'main' due to unhandled exception!

Versions

capa version: 8.0.1
capa rules version: 8.0.1
Installed as: Tried both Python library and standalone EXE
Backend: Binary Ninja 4.2.6455 (Personal License)

Additional Information

  • I installed the Binary Ninja API as described here: https://docs.binary.ninja/dev/batch.html#install-the-api.
  • I manually executed python find_binja_api.py (the file referenced in the debug output), and it outputs the path C:\Users\REM\AppData\Local\Programs\Vector35\BinaryNinja\python.
  • I also ran this code, located in find_binja_api.py, with the following output:
>>> import importlib.util
>>> importlib.util.find_spec("binaryninja")
ModuleSpec(name='binaryninja', loader=<_frozen_importlib_external.SourceFileLoader object at 0x000001F77ABE8350>, origin='C:\\Users\\REM\\AppData\\Local\\Programs\\Vector35\\BinaryNinja\\python\\binaryninja\\__init__.py', submodule_search_locations=['C:\\Users\\REM\\AppData\\Local\\Programs\\Vector35\\BinaryNinja\\python\\binaryninja'])

Any ideas are much appreciated. Thank you!

@as0ni as0ni changed the title When running capa with Binary Ninja backend, Binja Not Found When running capa with Binary Ninja backend, Binja not found Dec 18, 2024
@williballenthin
Copy link
Collaborator

thanks for reporting this @as0ni

I think the relevant logging line is this:

WARNING capa.features.extractors.binja.find_binja_api: unsupported platform to find Binary Ninja: win32

the API auto detection is only implemented for Linux and macOS. I don't think windows will be hard, I just didn't have a system handy at the time.

@williballenthin
Copy link
Collaborator

@as0ni do you have any interest in trying to implement this? if not, I can make an attempt when i have a little time.

I imagine the strategy will be to inspect the registry to find the installation path of Binary Ninja, then look in that directory for the python bindings. The idea is that this should work even without running the API install script provided by Vector35.

@as0ni
Copy link
Author

as0ni commented Dec 19, 2024

Hi @williballenthin, I was able to resolve the issue by taking the following steps:

  • Uninstalled the capa Python library via pip, removed standalone capa.exe from my path, and then reinstalled the capa Python library via pip.
  • Installed commercial Binary Ninja license (I was using a Personal license previously).
  • Installed the Binary Ninja API as outlined here: https://docs.binary.ninja/dev/batch.html#install-the-api.

So, my key takeaways are:

  • My capa installation likely became messy due to having both the library and standalone executable installed (even though both were version 8.0.1 )
  • A commercial Binary Ninja license is required. This makes sense since headless support is only available in commercial licenses.

It might be helpful to clarify in the documentation that a commercial license is necessary for backend processing when using Binary Ninja with capa.

Let me know if you have any questions or additional thoughts on this. Thanks for your support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants