Binary Code and Binary Analysis

What is binary code and binary analysis?

Binary code is the fundamental form of the programming data that is directly interpreted by a computer. It’s composed of a string of 0s and 1s, and ordered and structured in a way that can be read and executed as part of a larger computer program. It’s a product of a multistage compilation process that translates source code written in a high-level language, such as C or Java, into machine code specific to the processor architecture on which the computer program is executed. In a sense, it’s the direct language of the computer translated from human-readable source code.

Binary analysis is a type of code review that looks at files composed of binary code and assesses their content and structure, all without the need for access to source code. 

How does binary analysis work?

Some binary analysis tools work in a manner similar to package manager inspectors, which basically read a file’s “table of contents” to find out what’s inside. This basic analysis may suffice in some cases, but advanced binary analysis tools can model data types, flows, and control paths, without the need to reverse-engineer. 

Using this model, advanced binary analysis tools can look deeper to identify known software components and detect security flaw patterns. These discoveries can then be used to compile security and usage reports, along with advice on how to address any issues in the code. 

Binary Analysis | Synopsys

Why is binary analysis important?

Source code isn't always available for analysis. For example, some companies purchase firmware to integrate with the hardware in their products, and the firmware is in binary format. Another example is software companies that leverage third-party code and libraries, such as frameworks, containers, GUIs, and databases, to augment their proprietary code, and these libraries often contain no source code. Whatever the case may be, it’s still important that the consumers of these binary files understand what’s inside them.

Binary analysis solutions enable organizations to inspect binary code without any involvement from the vendor, to identify open source components, security vulnerabilities, license obligations, and additional sensitive information that could lead to a breach.

How can Synopsys help?

Synopsys Black Duck® is an automated software composition analysis (SCA) tool that enables organizations to gain visibility into the composition of software, so they can make better buying decisions and manage the ongoing risk of operating complex systems and software, regardless of source code access. Black Duck Binary Analysis identifies open source components in compiled software to provide an open source Bill of Materials and a list of any vulnerabilities and licenses related to those components.

Black Duck also recognizes compiler switches, mobile permissions, and other forms of information leakage that could potentially expose sensitive information. Furthermore, Black Duck goes beyond simply detecting these issues; hand-crafted security advisories provide detailed notifications for each vulnerability identified, giving users the information needed to properly understand, prioritize, and remediate the problem.

Organizations can also leverage Synopsys’ comprehensive set of static application security testing (SAST) solutions, as well as static analysis professional services that can help organizations find vulnerabilities in their applications without access to source code. Since static testing solutions based on binary analysis rely on modeled datatypes, data, and control paths, manual inspection of the findings can help improve the efficacy of such binary analysis. This helps eliminate noise and false positives during the assessment, making it easier to discover vulnerabilities and get actionable remediation guidance.