https://github.com/otter-sec/bn-ebpf-solana
Binary Ninja plugin for Solana eBPF
https://github.com/otter-sec/bn-ebpf-solana
Last synced: 2 months ago
JSON representation
Binary Ninja plugin for Solana eBPF
- Host: GitHub
- URL: https://github.com/otter-sec/bn-ebpf-solana
- Owner: otter-sec
- License: mit
- Created: 2022-06-27T07:17:16.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2025-03-06T02:30:51.000Z (3 months ago)
- Last Synced: 2025-03-24T08:53:17.611Z (2 months ago)
- Language: Python
- Size: 622 KB
- Stars: 162
- Watchers: 10
- Forks: 18
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome - otter-sec/bn-ebpf-solana - Binary Ninja plugin for Solana eBPF (Python)
- awesome-solana - Binary Ninja Plugin for Solana Byte Format - sec/bn-ebpf-solana.svg?style=social) (Security / Indexers)
README
# bn-ebpf-solana
A pure-python Binary Ninja plugin for Solana EBPF.
## Installation
Available in Binja's plugin manager inside of `Plugins > Manage Plugins`
## Manual installation (advanced)
This is only needed if you wish to tinker with the plugin to modify it.
Clone this [repo](https://github.com/otter-sec/bn-ebpf-solana) in your Binja `plugins` folder, located in the [user folder](https://docs.binary.ninja/guide/index.html#user-folder).
Now install the requirements :
- either by running `Install python3 module` in Binja's `command palette` (Ctrl + P) and install `lief`
- or by going to the [user folder](https://docs.binary.ninja/guide/index.html#user-folder) and installing `lief` within the `venv` enviroment using:
```
pip install lief
```
Currently tested on `[email protected]`
See our [introductory blog post](https://osec.io/blog/tutorials/2022-08-27-reverse-engineering-solana/).
**Instruction lifting!**
**Solana SDK Structures!**
Copy this directory into your Binary Ninja plugins folder and restart.
## Features
- **Instruction Lifting**: All EBPF instructions are lifted to LLIL
- **Accurate Memory Maps**: We implement Solana-specific memory maps (0x{1/2/3/4}00000000 addresses for data/stack/heap/input)
- **Solana ELF Relocations**: Solana-specific ELF relocations
- **Syscall Function Signatures**: Full signatures for all of the Solana syscalls
- **(partial) Solana SDK Types**: Type definitions for all Solana SDK objects. (fully complete for C, in-progress for Rust)
_TODO:_
- **Solana SDK Signature Matching**: Automatically match common Solana SDK functions.
## Debugging
```
[ScriptingProvider] ModuleNotFoundError: No module named 'lief'
```
Is `lief` installed?
Run the following in the Binja python console
```python
import lief
lief.__version__
```
If you get an error, refer to the **Installation** section