https://github.com/otter-sec/bn-ebpf-solana

Binary Ninja plugin for Solana eBPF
https://github.com/otter-sec/bn-ebpf-solana

Last synced: about 1 month ago
JSON representation

Binary Ninja plugin for Solana eBPF

• Host: GitHub
• URL: https://github.com/otter-sec/bn-ebpf-solana
• Owner: otter-sec
• License: mit
• Created: 2022-06-27T07:17:16.000Z (almost 3 years ago)
• Default Branch: master
• Last Pushed: 2025-03-06T02:30:51.000Z (2 months ago)
• Last Synced: 2025-03-24T08:53:17.611Z (about 1 month ago)
• Language: Python
• Size: 622 KB
• Stars: 162
• Watchers: 10
• Forks: 18
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome - otter-sec/bn-ebpf-solana - Binary Ninja plugin for Solana eBPF (Python)
• awesome-solana - Binary Ninja Plugin for Solana Byte Format - sec/bn-ebpf-solana.svg?style=social) (Security / Indexers)

README

        
# bn-ebpf-solana

A pure-python Binary Ninja plugin for Solana EBPF.

## Installation

Available in Binja's plugin manager inside of `Plugins > Manage Plugins`

## Manual installation (advanced)

This is only needed if you wish to tinker with the plugin to modify it.

Clone this [repo](https://github.com/otter-sec/bn-ebpf-solana) in your Binja `plugins` folder, located in the [user folder](https://docs.binary.ninja/guide/index.html#user-folder).

Now install the requirements :

- either by running `Install python3 module` in Binja's `command palette` (Ctrl + P) and install `lief`

- or by going to the [user folder](https://docs.binary.ninja/guide/index.html#user-folder) and installing `lief` within the `venv` enviroment using:

```

pip install lief

```

Currently tested on `[email protected]`

See our [introductory blog post](https://osec.io/blog/tutorials/2022-08-27-reverse-engineering-solana/).

**Instruction lifting!**

![](/assets/lift.png)

**Solana SDK Structures!**

![](/assets/struct.png)

Copy this directory into your Binary Ninja plugins folder and restart.

## Features

- **Instruction Lifting**: All EBPF instructions are lifted to LLIL

- **Accurate Memory Maps**: We implement Solana-specific memory maps (0x{1/2/3/4}00000000 addresses for data/stack/heap/input)

- **Solana ELF Relocations**: Solana-specific ELF relocations

- **Syscall Function Signatures**: Full signatures for all of the Solana syscalls

- **(partial) Solana SDK Types**: Type definitions for all Solana SDK objects. (fully complete for C, in-progress for Rust)

_TODO:_

- **Solana SDK Signature Matching**: Automatically match common Solana SDK functions.

## Debugging

```

[ScriptingProvider] ModuleNotFoundError: No module named 'lief'

```

Is `lief` installed?

Run the following in the Binja python console

```python

import lief

lief.__version__

```

If you get an error, refer to the **Installation** section