ShaREing is Caring – Announcing the free BinCrowd community server

by

Hi everyone,

today at CanSecWest Thomas and I gave a talk where we announced the BinCrowd community server which zynamics makes available to the reverse engineering community for free. BinCrowd is a collaborative reverse engineering tool that can be used by reverse engineers to keep a repository of reverse engineered information and share this information with friends and colleagues.

The core technology behind BinCrowd is basically a huge database of function information which can be accessed using BinDiff-style algorithms. This allows you to efficiently store information about disassembled functions in a database and to use that database to compare functions from different binary files.

Imagine you are a reverse engineer hunting for new vulnerabilities. Here is what BinCrowd can do for you:

  • You can use BinCrowd to look up whether anybody else in the BinCrowd community has analyzed a particular file before. If the file is already in the database, you can download reverse engineering information like function descriptions or argument names from the database. Due to the fuzzy matching algorithms behind BinCrowd even different versions of the target file are considered.
  • BinCrowd tells you what static libraries are used by the file. If BinCrowd determines that your file is linked against an open-source library you can start reading the original source code instead of the disassembled code.
  • BinCrowd tells you what version of a library is used. If BinCrowd tells you that a vulnerable version of zlib is used in your file, you can go down that path during your audit.
  • You can reverse the lookup process too. If you have a vulnerable function you can ask BinCrowd in what other files this function is used. This will potentially give you many more vulnerable programs without any effort.

Or maybe you are a malware analysis specialist. Your workflow probably differs from that of a vulnerability researcher. Nevertheless, BinCrowd is very useful for you too.

  • You can use BinCrowd as a repository of malware information. If you have identified and documented a certain rootkit hiding technology you can import information from your earlier analysis to new pieces of malware that use the same code.
  • You can use BinCrowd to share information with colleagues from your malware analysis team and even with people from outside your team.
  • If you are working on a team where information flow is restricted by clearance levels you can use BinCrowd as a central information repository. BinCrowd access roles will take care that people with a lower clearance can not download information entered into the system by people with a higher clearance.

There are potentially many more uses for BinCrowd since we are only at the beginning of a long road of creating a repository for reverse engineered information. If you are interested on joining us on that road you can sign up to the community server for free at http://bincrowd.zynamics.com.

To use BinCrowd you only need

Happy shaREing and caring!

Finally, here are the slides Thomas and I used for our talk.

16 Responses to “ShaREing is Caring – Announcing the free BinCrowd community server”

  1. Bincrowd communal reverse engineering framwork « deadhacker.com Says:

    [...] communal reverse engineering framwork Update: link to Halvar & SP at Zynamics post and slides from [...]

  2. beist Says:

    Wow, awesome!
    Let me be a beta test. :)
    Thank you.

  3. Jonathan Brossard Says:

    Congratulations ! This is really really cool : good move to increase the security of widespread applications :)

    Cheers,

    j-

  4. Tyler Says:

    This is very cool! However, once I sign up for an account I am unable to login. Is it a closed beta right now?

    • Sebastian Porst Says:

      No, it’s a bug in the login code. :)

      Realistically it won’t be fixed before the end of next week because I am still travelling.

  5. Axelle Says:

    It would be cool, once you login, to have a few practical examples of what you can upload to the community server.

  6. DineshV Says:

    I am not able to sigin even after registration.

  7. DineshV Says:

    It looks like the bug is fixed. I have successfuly logged into the system.

    • Sebastian Porst Says:

      Nope. It was not fixed. I manually activated the accounts whose activation failed. That bug is related to the login bug.

  8. ShaREing is Caring – Announcing the free BinCrowd community server « blog.zynamics.com at The Hacker News Network Says:

    [...] via ShaREing is Caring – Announcing the free BinCrowd community server « blog.zynamics.com. [...]

  9. Alex Says:

    Nice project, trying it right now.

    Are you planning on releasing a server component that one might install on premises, like a VMWare Appliance? Any ETA?

    • Sebastian Porst Says:

      Hi Alex,

      we will release the server component as a commercial products. This will happen within the next eight weeks. We’re in the process of polishing the application a bit with the knowledge gained from the beta phase. Then we will put the server component on sale.

  10. Product updates: BinCrowd, PDF Tool, MSDN parser « blog.zynamics.com Says:

    [...] BinCrowd (Collaborative reverse engineering tool; more info here) [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 39 other followers

%d bloggers like this: