Binsider is a command-line tool that makes analysing ELF (Executable and Linkable Format) binaries a breeze. In this blog post, we will explore Binsider's features, its user-friendly interface, and how to use it to analyze ELF binaries effectively in Linux.
Table of Contents
What is Binsider?
Binsider is a powerful command-line tool that provides a user-friendly terminal interface for static and dynamic analysis of ELF binaries. It offers features like inspecting strings, examining linked libraries, and performing hexdumps, similar to popular tools like readelf
and strace
.
Binsider provides a comprehensive dashboard and a hexdump view to analyse binary content in a structured manner. It can also be used to modify the hex data and enter new values, similar to an editor, although it is recommended to back up the binary before making any changes.
Binsider is designed to make it easier for reverse engineers and security researchers to explore and understand ELF binaries.
Why Binsider?
Binsider simplifies the complex world of binary analysis. Here's why security researchers, developers, and anyone working with binaries should consider using it:
- User-Friendly Interface: Binsider employs a TUI that presents complex information in an easy-to-navigate manner.
- Static and Dynamic Analysis: Binsider allows for both static examination of binary components and dynamic analysis of a binary's behaviour during execution.
- Comprehensive Feature Set: From inspecting strings and linked libraries to performing hexdumps and tracing system calls, Binsider offers a wide range of features
Install Binsider in Linux
Installing Binsider is straightforward. Since it is written in Rust programming language, you can install it using cargo package manager. Make sure you have installed Rust:
After installing Rust, run the following command to install binsider using Cargo:
cargo install binsider
Analyze ELF Binaries with Binsider
Once installed, analyse an ELF binary by simply running:
binsider <binary>
You can even launch Binsider without any arguments to analyse the binsider binary itself!
Hit the tab key to navigate to the other sections. To quit, press q
.
General Analysis
For instance, let us examine the /bin/uname
binary using command:
binsider /bin/uname
- Upon launching Binsider, you're greeted with general information about the binary, mimicking the output of
stat(1)
andldd(1)
. This includes file details like size, permissions, and linked shared libraries. - Binsider allows you to seamlessly transition between analysing the main binary and its linked shared libraries. This feature provides a holistic view of the binary ecosystem.
Static Analysis
- Binsider excels at static analysis, providing an in-depth understanding of the ELF structure without running the binary.
- You can explore various ELF components, including sections, segments, headers, symbols, relocations and notes.
- Binsider's visual representation of the ELF structure and convenient navigation keys (like
n/p
for next/previous andh/j/k/l
for scrolling) make navigating through these components intuitive.
Dynamic Analysis
- Binsider allows for dynamic analysis by executing the binary and tracing its system calls.
- Similar to
strace(1)
, Binsider provides detailed information about each system call, including the process ID, system call name, arguments, and return value. - Binsider offers a summary output of the execution, including time spent, errors, and the number of system calls made, giving you insights into the binary's runtime behaviour.
Strings
- Binsider can extract strings from the binary, similar to the
strings(1)
command. - This is particularly useful for uncovering hidden information within the binary, like URLs, passwords, or other sensitive data.
- You can even adjust the length of the extracted strings using the
+/-
keys or the-n
argument.
Hexdump
- Binsider provides a hexdump view alongside a rich dashboard for analysing the binary's raw content.
- This feature allows for a granular examination of the binary data and facilitates the identification of patterns.
- Binsider takes hexdumping a step further by allowing you to modify the hex data and save the changes directly to the binary.
Conclusion
Binsider is a powerful and versatile tool that simplifies the analysis of ELF binaries. Its combination of a user-friendly TUI, comprehensive features, and intuitive navigation makes it an excellent choice for anyone working with binaries.
Whether you're conducting security research, debugging software, or exploring the internals of ELF files, Binsider provides the tools you need in an accessible and efficient package.
Resource: