BinaryAI
BinaryAI is a binary file security analysis platform developed by Tencent Security Keen Lab, which is based on its experience in static analysis and AI security. BinaryAI measures the similarity among a full range of GitHub C/C++ libraries (billions of C/C++ functions) to detect the presence of open source components. BinaryAI's engine has applications such as Software Composition Analysis (SCA) and malware analysis.
If you would like to know Keen Lab's on-premise solutions, please contact us via email: KeenSecurityLab@tencent.com.
Please refer to this to apply for credentials and https://binaryai.readthedocs.io/ for readme.
Introduction
Background
In recent years, open source software has grown rapidly and has become an important part of software development. Open source software has brought convenience to a wide range of developers around the world, however it also creates even greater conditions of exposure to a variety of risks. The security issues raised by open source software reveal two problems. Firstly, open source codes may have a wider impact than commercial software when faced with vulnerabilities. Any software that uses the problematic codes can be vulnerable, which causes great harm. Secondly, weak awareness of security among developers may lead to a high degree of code fragmentation and introduction of outdated and vulnerable versions of open source components. Therefore, there is the need for an effective method to secure software.
Under such circumstances, Keen Lab developed BinaryAI based on its own practical experience. BinaryAI is a security analysis platform that analyzes the binary codes of files with its AI algorithms. By analyzing the binary code of files, BinaryAI provides users with security analysis capabilities such as binary file parsing and software composition analysis.It solves the difficulites of analyzing binary files, brings insights about the composition and functionality of binary files and finally presents users with a clear and readable web report for further analysis of file security issues.
Deployment Mode
BinaryAI is a SaaS product that requires no installion or deployment, rather BinaryAI offers services right from the web browser that gives users the ability to upload and wait for the analysis result. All you have to do is follow the guide of quick-start and you have access to a binary file analysis platform.
Key Features
File Upload and Analysis
BinaryAI supports virtually any binary file, including desktop executables, installations, mobile applications, compressed files, and more. The full version of Keen Lab's Software Security Analysis Platform will support a wider range of file types.
File formats:
| Classification | File Types |
|---|---|
| Executables | PE |
| ELF | |
| Mach-O | |
| Installations | Debian packages |
| Red Hat packages | |
| macOS setups | |
| Windows setups | |
| Java Archive | |
| Mobile Applications | Android |
| iOS | |
| Compressed files | 7z, TAR, ZIP, etc. |
| Partitions | gpt |
| dos | |
| mac |
File Analysis Results
BinaryAI provides users with detailed and clear online reports, which include basic file information, software composition analysis, string information, etc., helping users to find the starting point for security analysis and improve efficiency of security analysis.
① Basic File Information:basic results of statis analysis
- File properties and metadata, including file name, size, type, upload/analysis timestamp, and various hash values
- File details, including header, segments, symbols, checksec or file decompression results
② Software Composition Analysis:a bill of material based on detecting the usage of open source components by extracting features and leveraging artificial intelligence
- Component name
- Component version
- Component information
③ String Information: ASCII strings of the file
④ BinaryAI Similarity: the top-1 similar source code functions of binary functions in executable files, which is provided by using Keen Lab's function similarity model BAI-2.0 and its program analysis algorithm based on complex graph network in GitHub's full range of C/C++ libraries. Users can use interactive analysis or export data to Json.
Customized Comparison
Users can perform comparison analysis between two binary files directly on the webpage, or specify the scope of certain open source component projects or select all open source components to match functions within that component scope. The results of the custom comparison task can be viewed directly on the page, or users can click on interactive analysis to jump to the interactive analysis page to view the comparison details.
Quick-start
Upload and Analyze
- Visit BinaryAI in your browser, click 'upload' and select the local file or drag and drop the file into the designated box area
- Wait until the file finish analyzing (It may takes 30 seconds to 5 minutes to analyze, depending on the consumption rate of upload queue)
- Check out the analysis results
Download BinaryAI Similarity Result
- Click 'Interactive analysis'
- Click 'Export' and download the Json file (BinaryAI similarity result)
- Import the Json file into IDA Pro or Ghidra with the given plugin script
- Continue binary analysis in your desktop application
File samples
Users can view the following samples:
Software Composition Analysis & Function Identification
Threat Intelligence (C2 Detection)
Threat Intelligence (Miner Detection)