Product features

The systems behind the workflow

These are the product primitives that power Sidekick inside Binary Ninja: how it searches, reasons, verifies, maps, and preserves analysis.

Start Free Trial

Feature map

  1. 01 Agent-Based Analysis Autonomous agents that explore, analyze, and debug across binaries — working through complex, multi-step tasks on your behalf.
  2. 02 Semantic Indexes Search by meaning, not just strings. Triage binaries and find relevant code before reading a single function.
  3. 03 Decompilation Recovery Recover meaningful types and names. Deobfuscate control flow. Understand stripped binaries like source.
  4. 04 Verification System Every claim links to IL, assembly, or memory. Verify in seconds, or invoke the debugger to prove it live.
  5. 05 Code Maps Interactive maps of execution paths and relationships. See how the pieces connect across the binary.
  6. 06 Analysis Notebook A shared workspace for findings and evidence. Your team's analysis, always in context.
  7. 07 Integrations Three integration modes. The Sidekick service is where the persona, prompting, and skills live — plug in around it however you need to.
Agent-Based AnalysisSemantic IndexesDecompilation RecoveryVerification SystemCode MapsAnalysis NotebookIntegrations
Feature 01

Agent-Based Analysis

Autonomous agents that explore, analyze, and debug across binaries — working through complex, multi-step tasks on your behalf.

Sidekick can take a broad research objective, decompose it into smaller investigations, and keep moving through the binary without needing a prompt for every step. It is designed for multi-stage work like tracing a protocol, unpacking a sample, or checking exploitability across several candidate paths.

What it unlocks

  • Breaks large investigations into targeted analysis passes.
  • Lets you run repeatable checks across functions, subsystems, or whole binaries.
  • Leaves behind linked reasoning you can inspect instead of a single opaque answer.
Example question

"Trace the C2 handler, recover the command table, and verify how commands dispatch."

Feature 02

Semantic Indexes

Search by meaning, not just strings. Triage binaries and find relevant code before reading a single function.

Semantic indexes help Sidekick find relevant code even when names are stripped, strings are sparse, or the right answer is distributed across several regions. They turn a large binary into a shortlist of functions, paths, and clusters worth opening first.

What it unlocks

  • Surfaces behaviorally similar code before you know what it is called.
  • Shrinks wide attack surfaces into smaller, reviewable candidate sets.
  • Makes natural-language questions useful on stripped and hostile targets.
Example question

"Show me the functions most likely to parse untrusted network input."

Feature 03

Decompilation Recovery

Recover meaningful types and names. Deobfuscate control flow. Understand stripped binaries like source.

When the decompiler loses type information, misreads calling conventions, or collapses hostile control flow, Sidekick works to recover structure you can actually reason about. The goal is not prettier pseudocode for its own sake, but analysis you can continue from without constantly translating compiler debris.

What it unlocks

  • Recovers names, types, and calling context that make decompiled output readable.
  • Repairs analysis around compiler quirks, stripped binaries, and obfuscation artifacts.
  • Turns decompiler failure modes into something the rest of the workflow can build on.
Example question

"Recover the class hierarchy around this vtable and clean up the bad type propagation."

Feature 04

Verification System

Every claim links to IL, assembly, or memory. Verify in seconds, or invoke the debugger to prove it live.

Sidekick does not stop at producing findings. It keeps checking them against the binary, marks what is proven versus inferred, and exposes the evidence trail directly in context. That makes the output usable in real security work where unsupported claims create rework and risk.

What it unlocks

  • Checks claims against IL, assembly, memory state, and observed program behavior.
  • Flags untested assumptions and analysis gaps before they become report problems.
  • Keeps notebook entries attached to concrete evidence instead of detached prose.
Example question

"Is this overflow actually reachable from attacker-controlled input?"

Feature 05

Code Maps

Interactive maps of execution paths and relationships. See how the pieces connect across the binary.

Code maps expose how functions, subsystems, and paths relate to each other so you can navigate the binary spatially instead of reconstructing everything from scratch. They help you understand where a capability lives, where input flows, and which regions deserve deeper attention.

What it unlocks

  • Visualizes relationships across execution paths, call chains, and subsystems.
  • Makes it easier to pivot from a finding into surrounding context quickly.
  • Highlights clusters and pivots that would be easy to miss in linear browsing.
Example question

"Map the path from network input to the candidate sink functions."

Feature 06

Analysis Notebook

A shared workspace for findings and evidence. Your team's analysis, always in context.

The notebook makes Sidekick sessions durable. Findings, revisions, evidence links, and open questions stay attached to the analysis instead of disappearing into chat history or external notes. That makes collaboration, handoff, and reporting much easier on long investigations.

What it unlocks

  • Captures findings, evidence, and status in one workspace tied to the binary.
  • Preserves context across sessions, teammates, and deeper follow-up work.
  • Provides a cleaner handoff point for reporting and collaborative investigation.
Example question

"Summarize the current findings, keep the open questions, and export the evidence chain."

Feature 07

Integrations

Three integration modes. The Sidekick service is where the persona, prompting, and skills live — plug in around it however you need to.

The Sidekick service carries the persona, prompting, and skills — that is the subscription. Integrations plug in around it three ways: registered MCP servers appear inside the agent loop and the plugin can bypass the service to chat directly with any model, trading scaffolding for flexibility. Pick the mix that fits the work.

What it unlocks

  • Register MCP servers so internal tools and data sources appear inside the agent loop.
  • Consume MCP servers shipped by partners and third parties.
  • Service-bypass: point the Sidekick plugin directly at any model for chat and tool use.
Example question

"Register our internal threat-intel MCP server so agents can query it mid-investigation."

Ready to try it?

Start analyzing your own binaries.

Start Free Trial