Callgraph | Notepad | Dockable Sidebars | MultiShortcut | XNU Tools | Reimagined theme
Not an official Vector 35 plugin. | This project is at ~75% completion. See the tracked issues for more info.
Dockable Sidebars
Drag your sidebar widgets where you need them, so you aren't constantly switching between widgets.
Sidebars support all 4 positions (at the 4 corners of the screen,) and widgets can be moved around.
MultiShortcut
Hitting the key bound for the "KSuite" action (default K) (or running it via Command Palette) will open a submenu with relevant bound actions triggerable by the keys surrounding "K".
This allows chaining easily rememberable keybinds to perform actions with granularity.
(e.g. K U I U will generate a downward callgraph from the current function, without psuedocode,
but K U I I will generate one with psuedocode). I have used this heavily, they quickly become
muscle memory.
Callgraph
MultiShortcut: k -> u
Menu: Plugins -> Callgraph
Supports generating callgraphs with HLIL included or solely with names
Can generate a graph N calls into a func, out of a func, a variable amount in both directions, or of the entire program.
Runs entirely backgrounded and uses exclusively BinaryNinja APIs for a seamless and snappy integration into the product. It's very fast :)
Notepad
Notepad plugin for BinaryNinja, supporting function/address specific notes combined into a global pad per-binary.
Re-Imagined Theme
A custom layout has been designed from the ground up (using the color base from catppuccin) built for modernity and legibility.
<note> The theme is subject to change fairly heavily before this project hits 100% completion </note>
Darwin Kernel Tooling
Before and after in action on IOHIDFamily
Type Helper
MultiShortcut: k -> i
This is a set of UIActions (also included in the Multishortcut menu) that assist with the typing of interesting methods in Kexts (particularly UserClient external methods for now).
Darwin Kernel Workflow
Workflow ID: core.function.darwinKernel
This module workflow runs a few routines:
- Removes PAC from LLIL upward
- Consolidates certain SIMD code so it no longer takes up 16 HLIL lines per instruction
- Properly transforms jumps to unknown locations to tailcalls
Building
Many of the more useful bits here have been submoduled out, and you can check a given submodule for instructions on building + installing it as a standalone plugin, they all support it.
As this project isn't quite at a 1.0, (and due to some issues with Windows CI), CI hasn't been added quite yet. This plugin has some very awesome tooling already, however, and you can build it on your own machine w/ some effort
- Download the appropriate Qt build for your OS https://github.com/Vector35/qt-artifacts/releases/latest
- Extract it in your home folder; e.g.
cd ~; unzip qt6.4.3-macosx.zip
# Git Setup Phase
git clone git@github.com:cxnder/ksuite.git
cd ksuite
git submodule update --init --recursive
cd binaryninja-api
git fetch --tags-
CRITICAL:
from the binaryninja-api dir:
If building for current dev:git checkout dev
If building for latest stable:git checkout --force v3.4.4271-stable
# Still within binaryninja-api dir
git apply ../api.patch
cd ..
# Cmake phase
mkdir -p build && cd build
# For headless builds, omit -DUI_BUILD=ON argument entirely or set it to OFF
cmake -DCMAKE_BUILD_TYPE=Release -DUI_BUILD=ON -DXNU_BUILD=ON -DNOTEPAD_BUILD=ON -DCALLGRAPH_BUILD=ON ../
# Actually build it
cmake --build . --target=install -j 8 These instructions are liable to change at any time pre-release
Pass these flags to override defaults:
-DTHEME_BUILD=OFF - Pass this if you don't want the theme
-DUI_BUILD=ON - Build things dependent on Qt
-DXNU_BUILD=ON - Build the XNU toolkit
-DNOTEPAD_BUILD=ON - Build the notepad tooling
-DCALLGRAPH_BUILD=ON - Build the callgraph tooling
Without passing any of these flags, this plugin is basically just a theme and a bunch of bootstrap code for plugins.