TABLE OF CONTENTS
1. What is binary code and binary analysis?
2. How does binary analysis work?
- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Software Integrity
- Tools & Services
- Integrations
- Solutions
- Training
- Customers
- Resources
- Partners
- Blog
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers & Culture
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Silicon Design & Verification
< Solutions
< Solutions
Cloud
Synopsys in the Cloud
< Solutions
< Solutions
< Solutions
< Solutions
Photonic Solutions
RSoft Photonic Device Tools
Photonic System Tools
PIC Design Software
OptoCompiler
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
PVT Sensors
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Software Integrity
< Tools & Services
< Tools & Services
< Tools & Services
< Software Integrity
Integrations
< Solutions
< Solutions
< Solutions
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Software Integrity
Customers
< Resources
< Resources
< Software Integrity
< Software Integrity
Partners
< Software Integrity
Blog
< main menu
Software Integrity
Software Integrity
+
Tools & Services
Integrations
+
Solutions
+
Training
Customers
+
Resources
Partners
Blog
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers & Culture
< About Us
Careers & Culture
Careers
< main menu
Binary Code and Binary Analysis
What is binary code and binary analysis?
Binary code is the fundamental form of the programming data that is directly interpreted by a computer. It’s composed of a string of 0s and 1s, and ordered and structured in a way that can be read and executed as part of a larger computer program. It’s a product of a multistage compilation process that translates source code written in a high-level language, such as C or Java, into machine code specific to the processor architecture on which the computer program is executed. In a sense, it’s the direct language of the computer translated from human-readable source code.
Binary analysis is a type of code review that looks at files composed of binary code and assesses their content and structure, all without the need for access to source code.
How does binary analysis work?
Some binary analysis tools work in a manner similar to package manager inspectors, which basically read a file’s “table of contents” to find out what’s inside. This basic analysis may suffice in some cases, but advanced binary analysis tools can model data types, flows, and control paths, without the need to reverse-engineer.
Using this model, advanced binary analysis tools can look deeper to identify known software components and detect security flaw patterns. These discoveries can then be used to compile security and usage reports, along with advice on how to address any issues in the code.
Why is binary analysis important?
Source code isn't always available for analysis. For example, some companies purchase firmware to integrate with the hardware in their products, and the firmware is in binary format. Another example is software companies that leverage third-party code and libraries, such as frameworks, containers, GUIs, and databases, to augment their proprietary code, and these libraries often contain no source code. Whatever the case may be, it’s still important that the consumers of these binary files understand what’s inside them.
Binary analysis solutions enable organizations to inspect binary code without any involvement from the vendor, to identify open source components, security vulnerabilities, license obligations, and additional sensitive information that could lead to a breach.
How can Synopsys help?
Synopsys Black Duck® is an automated software composition analysis (SCA) tool that enables organizations to gain visibility into the composition of software, so they can make better buying decisions and manage the ongoing risk of operating complex systems and software, regardless of source code access. Black Duck Binary Analysis identifies open source components in compiled software to provide an open source Bill of Materials and a list of any vulnerabilities and licenses related to those components.
Black Duck also recognizes compiler switches, mobile permissions, and other forms of information leakage that could potentially expose sensitive information. Furthermore, Black Duck goes beyond simply detecting these issues; hand-crafted security advisories provide detailed notifications for each vulnerability identified, giving users the information needed to properly understand, prioritize, and remediate the problem.
Organizations can also leverage Synopsys’ comprehensive set of static application security testing (SAST) solutions, as well as static analysis professional services that can help organizations find vulnerabilities in their applications without access to source code. Since static testing solutions based on binary analysis rely on modeled datatypes, data, and control paths, manual inspection of the findings can help improve the efficacy of such binary analysis. This helps eliminate noise and false positives during the assessment, making it easier to discover vulnerabilities and get actionable remediation guidance.
