Binary Ninja Blog

Binary Ninja 5.3 (Jotunheim)

Binjas, assemble! This release is code-named Jotunheim in honor of Norse mythology though of course the modern Marvel re-telling is perhaps the most well-known. >

For Binary Ninja 5.3, we’re bringing features and fixes across a number of areas. For improved interoperability, we’ve added Ghidra Export to the existing Ghidra Import code and have improved our IDB Import capability. For new architectures and platforms, we’ve added NDS32 to Ultimate, a new ILP32 ABI for AArch64, and a new set of APIs for “weird” architectures. And of course, we’ve made a number of improvements to the UI including a new Universal Mach-O loader UI, usability improvements to the container browser, and a new “super” command palette! Plus, changes to the debugger, enterprise features, new opt-in crash reporting to help us squash bugs faster, and so much more!

Major Features

Architecture / Platform

New Architecture APIs

Building on the new architecture APIs added in 5.1, we’ve added a new set of APIs to support standalone function-level lifting. Our initial design for Binary Ninja was optimized for multithreaded analysis with as little state as possible so that each basic block could potentially be analyzed in its own thread. However, for plenty of architectures (including a lot of VM-based ones such as Java, Python bytecode, .NET, etc.), there is far too much state or even metadata at the top of each function. The only way to handle such architectures is to enable a single thread to analyze the entire function. While the ABB feature in 5.1 added support for basic block recovery and analysis in a single thread, in 5.3 we now support full function-level lifting.

Internally, we’re using these APIs to work on our upcoming TMS320C6x support, but because we use the same APIs available to third parties, this also means other projects like banjo or some of the WASM plugins we’ve heard about could be updated for much better decompilation results using these new APIs.

Keep an eye out for an upcoming blog post explaining more about how you can leverage these APIs yourself!

NDS32

Ultimate customers will appreciate the brand new NDS32 support. We now have 18 officially supported architectures including full decompilation in our Ultimate/Enterprise edition!

nds32-libstdc++.so decompilation

AArch64 ILP32 ABI

It’s not enough to just have support for the instructions in a CPU architecture since there are lots of platforms or variants that need to be supported. For example, ILP32 adds a mode for AArch64 that has 32-bit pointers despite still using 64-bit mode. In 5.3, we’ve not only added the platform, but also updated our function recognizer for ILP32 PLT entries and fixed a bug related to the address size calculation.

UI

Mach-O Picker >

Mach-O Architecture Picker

While it’s long been possible to open a specific slice in a fat Mach-O or even adjust your settings to default to a particular slice, the UI around it was fairly painful, reusing our “Open With Options” dialog in a way that led to a lot of confusion.

In 5.3, you now get a much more streamlined dialog that lets you pick the architecture and, more importantly, makes it easy to set the default for future opens without having to dig through the settings! The dialog also shows the size of each slice, so you can quickly identify the one you need.

Container Browser Improvements

We first introduced the Container Browser in 5.2; however, we’ve made a number of improvements to both the container system and to the formats it supports!

Already Supported Formats: CaRT, Gzip, IntelHex, LZFSE, SRec, TiTxt, Zip, Zlib

New In 5.3: AR, Bzip2, CPIO, DMG (compression only), FIT, IMG4/KernelCache, LZ4Frame, LZMA, Tar, TRX, UImage, Universal Mach-O, XZ, Zstd

The Container Browser UI itself has also had a number of improvements, as well. It now remembers your most recent selection, can be triggered for files explicitly from the file menu (or by holding Ctrl+Alt and dragging/dropping), and the UI has been refreshed.

We’ve also added better documentation about the transform system and UI.

Updated Container Browser UI

Command Palette Refresh

New features in the command palette >

While we’ve had our command-palette for some time, in 5.3 we’ve turbocharged it with a ton of new features. You can prefix your search with various characters to get different behaviors. Note that the default CTRL/CMD-P hotkey defaults to “action search” (the previous behavior) but can be rebound to use any of the new behaviors.

  • = Use the expression parser to calculate an address and navigate there (including a preview)
  • > Action search, the previous default
  • / Search recent files and projects, as well as open tabs
  • @ Search function symbols (similar to searching in the symbol sidebar)
  • ? Display available search prefixes
  • t: Just search open tabs (useful as a bindable hotkey)
  • " Search strings

For more details, check out our recent blog post about it.

Types & Signatures

Type Library Utilities

One of our major focus areas currently is our type system and how we collect, manage, and apply types. To that end, this release includes a new set of utilities to handle type libraries. This can be used to automatically create usable type libraries from a binary view or from files in a directory. For users with project support (currently commercial and above), type libraries can also be generated from files in a project.

See the BNTL plugin menu for the available commands:

BNTL plugin menu options

UI Showing BNTL creation from a directory of headers

There’s also a command-line version for headless automation for customers with headless support:

/t/bntl_utils_cli > ./bntl_cli --help
Generate, inspect, and validate Binary Ninja type libraries (BNTL)

Usage: bntl_cli <COMMAND>

Commands:
  create    Create a new type library from a set of files
  dump      Dump the type library to a C header file
  diff      Generate a diff between two type libraries
  validate  Validate the type libraries for common errors
  help      Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version
/t/bntl_utils_cli > ls -l
total 13728
-rwxr-xr-x  1 jwiens  wheel  5498296 Apr  9 11:23 bntl_cli*
drwxr-xr-x  4 jwiens  wheel      128 Apr  9 11:37 headers/
/t/bntl_utils_cli > ls -l headers/
total 1360
-rw-r--r--@ 1 jwiens  wheel  690055 Apr  9 11:35 sqlite3.h
-rw-r--r--  1 jwiens  wheel     286 Apr  9 11:37 stdarg.h
/t/bntl_utils_cli > ./bntl_cli create sqlite3.dll "windows-x86_64" ./headers/ ./output |grep -v "Loaded native"
2026-04-09T15:40:37.966972Z  WARN binaryninja: User plugins disabled from command-line override logger=Default
2026-04-09T15:40:39.381327Z  INFO binaryninja: 10021 bundled types for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.381337Z  INFO binaryninja: 0 bundled variables for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.381339Z  INFO binaryninja: 77 bundled functions for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.384452Z  INFO binaryninja: 1 types for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.384459Z  INFO binaryninja: 0 variables for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.384461Z  INFO binaryninja: 0 functions for platform windows-x86_64 loaded logger=Platform
2026-04-09T15:40:39.677619Z  INFO bntl_cli::create: Created type library 'sqlite3.dll': ./output/x86_64/sqlite3.dll.bntl

Keep an eye out for an upcoming blog post that will include more details about how these tools can make your life easier.

WARP Improvements

Last release, we added networked functionality to WARP, our tool for matching previously identified functions. This allowed users to push and pull function information from our server. Additionally, the v2 enterprise server release included a built-in WARP server for our enterprise customers. For this release we are continuing to improve the UX of interacting with the WARP server.

Pushing signatures is more straightforward with a new UI, and fetching signatures from the server uses less bandwidth by performing server-side matching.

New dialog for pushing WARP data to a server

For this release, we also deprecated SigKit (which can be re-enabled with analysis.signatureMatcher.autorun), with its removal scheduled for next release. To that end, we bundled signatures for common Linux libraries (libc6, libgcc, libstdc++) to finalize the migration from SigKit to WARP. These signatures are available for x86, x86_64, aarch64, and armv7.

Interoperability

Ghidra Export

We added Ghidra Import in Binary Ninja 5.2, and now we’ve come full circle with Ghidra Export capabilities in 5.3.

First, use the plugin menu to export a .gzf file:

"Plugins" / "Ghidra" / "Export View"

Next, import the file into Ghidra:

Use the File / Import File menu in Ghidra
Import File menu
Ghidra loading the GZF
Loading the GZF

That’s it! Now you’ll have all the types, symbols, bookmarks, comments, function starts, etc. that you had in Binary Ninja in Ghidra:

Binary Ninja
Binary Ninja
Ghidra (after export)
Ghidra (after export)

IDB Import Improvements

With this release, we overhauled our IDB (and TIL) import functionality. This new version processes more information and will work with many more IDA databases.

Enterprise

The biggest feature for Enterprise in 5.3 is that this is the first stable release since we launched our v2 Enterprise server. The new server comes with a number of major features:

  • Bundled WARP server
  • Server-wide search APIs
  • Official rootless Podman support
  • New deployment options

Check out the release blog post for more details. We encourage all Enterprise customers to migrate to v2, but we do plan to maintain the v1 server for some additional time to ease the transition.

Debugger

Hardware and Conditional Breakpoints

Two of our most requested debugger features are finally here: hardware breakpoints and conditional breakpoints, making your debugging workflow much more flexible.

To add a hardware breakpoint, press F3 or use Debugger / Add Hardware Breakpoint... (also available by right-clicking in the Breakpoint Widget). The dialog lets you pick the address, type (Hardware Execute, Read, Write, or Access), watchpoint size (1, 2, 4, or 8 bytes), and the entries show up in the Breakpoint Widget tagged HE/HR/HW/HA.

Conditional breakpoints attach to any existing breakpoint: right-click on a breakpoint (in either the Breakpoint Widget or the disassembly view) and choose Edit Condition.... Conditions support register names, arithmetic, comparisons, and memory dereferences (e.g., rax == 0x1234, [rsp + 0x20] != 0), and execution only pauses when the expression evaluates to non-zero.

Add Hardware Breakpoint dialog
Hardware breakpoint
Edit Condition dialog
Conditional breakpoint

New Debug Adapters

Two new debug adapters ship with 5.3:

The Windows Native Debug Adapter is a brand-new adapter built on top of the Windows debugging APIs and is now the default debugger on Windows. It comes with major performance improvements over the previous DbgEng-based adapter.

The GDB MI Adapter provides a new way to connect to GDB-compatible targets using the GDB Machine Interface protocol, fixing many corner cases in the previous GDB RSP adapter. It works seamlessly with gdbserver or GDB stubs such as those from QEMU, and includes support for TTD (Time Travel Debugging) via Mozilla’s rr. Currently Linux-only, with Windows and macOS support planned.

Crash Reporting

Crash reporting opt-in prompt >

To ensure we can fix issues faster, in 5.3 we’ve added opt-in automatic crash reporting. The first time you launch 5.3 (unless you’ve already seen it on dev) you’ll see a prompt asking whether you’d like to share crash reports with us. In paid versions, it’s disabled by default. In the Free version, it’s enabled by default but you can still opt-out and you can change your mind at any time by changing the appropriate setting.

When enabled, a crash report contains:

  • the OS version
  • Binary Ninja version
  • CPU architecture
  • call stack at the time of the crash
  • a list of loaded native libraries

No binary content or identifying information is intentionally included, though application and plug-in paths may contain your system username. Full details are in our privacy policy.

If you want to help us fix bugs faster, we’d appreciate enabling crash reporting but absolutely understand for many this is not desired which is why we default to NOT sending this information.

Open-Source Contributions

Special thanks to the following open source contributors whose PRs were merged into this release:

We appreciate your contributions!

Everything Else

Analysis / Core

  • Feature: Added ZxTransform to the transform system
  • Feature: Added work provider signals for activity eligibility in workflows
  • Feature: Added backward constraint propagation support to the Value Set Analysis (VSA) system
  • Feature: Added PossibleValueSet::Compare to resolve set and range comparisons to constants
  • Improvement: Added PossibleValueSet operation APIs and fixed Python PossibleValueSet bindings
  • Improvement: Extracted thunk analysis into a standalone pass, decoupling it from the sigkit plugin to prepare for sigkit deprecation
  • Improvement: Improved entry point detection to differentiate between a 0x0 entry address and no entry at all
  • Improvement: Improved GNU3 demangler with support for new special-name and type constructs
  • Improvement: Improved RTTI virtual function discovery to allow extern functions in MSVC vtables
  • Improvement: Improved auto-naming of variables using parameter names from tail call targets
  • Improvement: Improved memory efficiency of operand lists and label maps within IL instructions by replacing UNDEF instruction chains with a more compact representation
  • Improvement: Improved performance by generating structure padding lazily
  • Improvement: Improved performance of canMakeString by avoiding large scans for null terminators in UTF-16 and UTF-32 strings
  • Improvement: Improved performance of non-namespaced type lookup in large BNDBs
  • Improvement: Improved type propagation around offset pointers for better type inference
  • Improvement: Moved zero-length section filtering from SectionMap to section creation APIs for more consistent behavior
  • Improvement: Reduced map lookups during MLIL SSA translation for a 2-5% improvement in total analysis time
  • Improvement: Reduced memory usage of function objects by 70% and their analysis data by 40% by restructuring storage of infrequently set fields
  • Improvement: Represent operand lists and label maps more efficiently within IL instructions, replacing chains of UNDEF instructions
  • Improvement: Rewrote GNU3 demangler for improved performance using DemangledTypeNode
  • Improvement: Scoped RTTI loggers to their associated view for cleaner log output
  • Improvement: Simplified HLIL expressions (X << Y) u>> Y and (X u>> Y) << Y
  • Fix: Added validation for zero-sized symbol or string tables to prevent potential issues during analysis
  • Fix: Fixed crash when readLEB128 is passed a null pointer
  • Fix: Fixed crash when displaying a variable with null type in Pseudo-C and Pseudo-Rust
  • Fix: Fixed DWARF import incorrectly linking functions without addresses to externs
  • Fix: Fixed DWARF import incorrectly wrapping pointer types in named type references
  • Fix: Fixed DWARF import wrapping function parameter types in unnecessary named type references
  • Fix: Fixed GNU3 demangler float literal decoding to be platform-independent by using big-endian hex via union type-punning
  • Fix: Fixed headless mode being prompted with an interaction for mismatched PDB during PDB import
  • Fix: Fixed PDB bitfield members importing with wrong offset
  • Fix: Fixed PDB parsing issue by removing stale QualifiedName state
  • Fix: Fixed potential hang in DWARF import when encountering unhandled DW_AT_location variants for DW_TAG_variable
  • Fix: Fixed undefined evaluation order in GNU3 demangler expression builders by sequencing reader-advancing calls into named locals
  • Fix: Fixed use of uninitialized stack data in ABB
  • Fix: Fixed PDB vtable type name parsing
  • Fix: Fixed Analysis::DeleteUnusedAutoFunctions hanging for many minutes on large binaries with over 1 million functions
  • Fix: Fixed FloatType alternate name not rendering in tokens when set
  • Fix: Fixed LowLevelILFunction::GetInstructionsAt not working on SSA form
  • Fix: Fixed MLILSSATranslator not consulting the Platform for global register information
  • Fix: Fixed WorkflowMachine task name when resuming from an inactive state
  • Fix: Fixed additional invalid ELF parsing issues
  • Fix: Fixed anonymous type names conflicting with existing anonymous types
  • Fix: Fixed crash in OutlineResolver caused by cycles involving named type references
  • Fix: Fixed crash in WorkflowMachine when a workflow activity threw an exception
  • Fix: Fixed crash when mapping to HLIL with a void variable type and an MLIL pointer expression type
  • Fix: Fixed crash when opening a BNDB that references a non-existent named workflow
  • Fix: Fixed data races in Function that could cause crashes during analysis
  • Fix: Fixed FlexHex high nibble wildcard matching false positives on 0x7c
  • Fix: Fixed forward type propagation to preserve NamedTypeReferences instead of resolving them to raw structs
  • Fix: Fixed hang on close during pointer sweep analysis
  • Fix: Fixed HLIL call rendering to correctly consider call type adjustments when displaying calls and parameter strings
  • Fix: Fixed incorrect file backing when a memory region starts past the segment data length
  • Fix: Fixed infinite loop/crash when adding a zero-length section
  • Fix: Fixed lookup of basic block labels for higher-level ILs when the IL block start differs from the native block start
  • Fix: Fixed miscellaneous issues with vtable type information in PDB processing
  • Fix: Fixed non-deterministic tail call detection caused by stale basic blocks
  • Fix: Fixed offset pointers imported with __offset attribute losing their offset due to struct member relationship not being preserved
  • Fix: Fixed outliner incorrectly outlining scalar struct member writes
  • Fix: Fixed outliner incorrectly outlining scalar struct member writes in arrays-of-structs
  • Fix: Fixed PDB bitfield members importing with incorrect offset when the bitfield is placed at a storage offset greater than zero
  • Fix: Fixed preservation of global pointer register value across call-site stack invalidations
  • Fix: Fixed Python ABB incorrectly triggering guided analysis
  • Fix: Fixed Python exception in FunctionLifterContext
  • Fix: Fixed resolution of named type references for child types in OutlineResolver
  • Fix: Fixed template simplifier to correctly account for [api:...] annotations
  • Fix: Fixed type filtering to correctly respect underscores in type names
  • Fix: Fixed unintentional fallthrough in HLIL simplification that caused exceptions
  • Fix: Improved OutlineResolver handling when merging different stream types while writing to fully-typed byte arrays

UI

  • Feature: Added “Copy as Rust Array” to the right-click context menu
  • Feature: Added go-to address support in the native triage view
  • Feature: Added structure data variables as objects in linear view
  • Improvement: Added regex and case sensitivity options to FilterEdit widget
  • Improvement: Added regex toggle to the component tree FilterEdit widget
  • Improvement: Excluded .bndb files from the triage file picker to avoid opening database files in triage mode
  • Improvement: Improved performance of the types view
  • Improvement: Improved triage view responsive layout to adapt better to different window sizes
  • Improvement: Improved outliner to recursively resolve nested struct types
  • Improvement: Improved performance of Bookmarks actions by avoiding full function iteration to check validity
  • Improvement: Improved performance of the types view by removing recursive expansion, switching to unordered_map, and using uniform row heights
  • Improvement: Made analysis conflict dialog labels selectable for easier copying
  • Improvement: Made the cross-reference view non-modal when opened in dialog mode
  • Improvement: Shows function tags in the linear view sticky header
  • Improvement: Sorts menu actions case-insensitively for consistent ordering
  • Improvement: Updated entropy tooltip to display file offset and fixed Python version compatibility
  • Improvement: Updated triage view to only show libraries when appropriate
  • Fix: Fixed MemoryRegionDialog incorrectly prepopulating length for file-backed regions
  • Fix: Fixed crash in TypeDialog when parser results arrived at the wrong time
  • Fix: Fixed Enter key in the base field of the Create Structure dialog to add the structure instead of dismissing the dialog
  • Fix: Fixed long path truncation in triage view and prevented UI from shifting when starting BASE
  • Fix: Fixed regression preventing navigation back from triage view
  • Fix: Fixed section list in triage view not updating when sections change
  • Fix: Fixed settings view layout and resize performance
  • Fix: Fixed triage entropy graph navigation for mapped files
  • Fix: Fixed bad indentation for single-line function header comments in Linear View
  • Fix: Fixed bug preventing editing of data comments created at addresses
  • Fix: Fixed crash in Linear View when attempting to define an array
  • Fix: Fixed crash in settings view
  • Fix: Fixed crash when get_choice_input is called without an active window
  • Fix: Fixed crash when viewing MLIL debug report caused by basic block annotations using committed IL functions instead of active ones
  • Fix: Fixed duplicated comments in Linear View for objects sharing the same address
  • Fix: Fixed hang when rendering self-referential typedef
  • Fix: Fixed linear view not refreshing when resized vertically
  • Fix: Fixed linear view refresh behavior when resized vertically
  • Fix: Fixed linear view to subscribe to section updates so it reflects changes correctly
  • Fix: Fixed multiple bugs in triage view
  • Fix: Fixed multiple issues in the triage view
  • Fix: Fixed null pointer crashes in the Chat sidebar
  • Fix: Fixed off-by-one error in the array Copy As action
  • Fix: Fixed parsing of extraneous bytes in search result previews
  • Fix: Fixed potential null pointer crashes in the User Positions sidebar
  • Fix: Fixed single function linear view when the viewed function becomes undefined
  • Fix: Fixed sort order in settings view for settings without a subgroup
  • Fix: Fixed spin boxes consuming scroll events in the settings view
  • Fix: Fixed stack view and variable list sidebars not broadcasting cross-reference selections
  • Fix: Fixed text diffs not respecting UTF-16 encoding of QStrings
  • Fix: Fixed tooltip struct offset resolution to use ResolveMemberOrBaseMember for improved accuracy
  • Fix: Fixed view state restoration being incorrectly applied when opening files via triage

Architectures and Platforms

Core Plugins

Collaboration / Projects

  • Feature: Added table view and miscellaneous fixes and improvements to the Project Browser
  • Feature: Added support for function value stores in collaboration
  • Improvement: Added Open Selected Files with Container Browser... option to the project browser context menu
  • Improvement: Improved container-aware display names in projects
  • Improvement: Improved Save As behavior when working with project files
  • Improvement: Separated recent file and project states to track them independently
  • Fix: Fixed HTTP requests retrying during shutdown to prevent hangs or errors on exit
  • Fix: Fixed improper variable cast in databasesync.py
  • Fix: Fixed crash when failing to retrieve the current snapshot while saving a collaboration database
  • Fix: Fixed default path for Create Type Archive dialog when used with a project file
  • Fix: Fixed hang when checking floating license validity while unable to reach the Enterprise server
  • Fix: Fixed minor issues in the collaboration Python API
  • Fix: Fixed persistent User Positions errors
  • Fix: Fixed save dialog proposing the container name instead of the entry name for container files in projects
  • Fix: Fixed spurious crashes caused by unexpected WebSocket connection lifetime issues in collaboration
  • Fix: Fixed stale display name and virtual path information when saving a file

API

Rust API

Debugger

Documentation

Despite the list of changes getting bigger with almost every release, it still doesn’t cover everything that’s happened! If you want to see even more details, check out our closed milestone on GitHub.