https://github.com/droe/binja-bpf
BPF Plugin for Binary Ninja
https://github.com/droe/binja-bpf
Last synced: 10 months ago
JSON representation
BPF Plugin for Binary Ninja
- Host: GitHub
- URL: https://github.com/droe/binja-bpf
- Owner: droe
- License: mit
- Created: 2025-07-15T21:12:47.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-07-16T23:20:49.000Z (12 months ago)
- Last Synced: 2025-07-17T15:44:18.518Z (12 months ago)
- Language: Python
- Size: 14.6 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# BPF Plugin
Author: Daniel Roethlisberger
Architecture plugin for the BPF virtual machine, and binary view for raw BPF
files.
## Description
Disassemble and decompile classic Berkeley Packet Filter (BPF) programs in
[Binary Ninja](https://binary.ninja/).
Currently supports classic BPF programs in their little and big endian macOS,
FreeBSD, NetBSD, OpenBSD and Linux flavours, including FreeBSD/Linux
`BPF_XOR`/`BPF_MOD`, OpenBSD `BPF_RND`, and limited support for NetBSD
`BPF_COP`/`BPF_COPX`.
Ships with convenient packet header structs, though for most BPF programs,
field offsets beyond the IP header will not resolve due to dynamic header
length calculations.
## Plans
The plugin should support loading libpcap cbpf-savefile(5) format binaries.
Support for extended BPF (eBPF) programs, raw binary eBPF programs, and eBPF
profile ELF files including BPF Type Format (BTF) would be a welcome addition
after classic BPF support stabilizes. No plans for cryptocurrency virtual
machines based on eBPF.
## References
BPF ISA:
- [BPF(4) manual page, FreeBSD](https://man.freebsd.org/cgi/man.cgi?bpf)
- [BPF(4) manual page, NetBSD](https://man.netbsd.org/bpf.4)
- [BPF(4) manual page, OpenBSD](https://man.openbsd.org/bpf.4)
eBPF ISA:
- [RFC 9669: BPF Instruction Set Architecture (ISA)](https://www.rfc-editor.org/rfc/rfc9669.txt)
- [Linux: BPF Instruction Set Architecture (ISA)](https://docs.kernel.org/bpf/standardization/instruction-set.html)
eBPF ELF:
- [draft-thaler-bpf-elf-00](https://www.ietf.org/archive/id/draft-thaler-bpf-elf-00.html)
## License
This plugin is released under an [MIT license](./license).