Binary Ninja installation path detection does not work on macOS #2641
Description
I ran capa on macOS with the binja backend but it does not seem to detect the installation path correctly. Here is the output:
% ./capa -d -b binja ~/Downloads/[private].bndb
DEBUG capa: -------------------------------------------------------------------------------- main.py:475
DEBUG capa: Using default embedded rules. main.py:476
DEBUG capa: To provide your own rules, use the form: main.py:477
DEBUG capa: main.py:478
DEBUG capa: `capa.exe -r ./path/to/rules/ /path/to/mal.exe`. main.py:479
DEBUG capa: main.py:480
DEBUG capa: You can see the current default rule set here: main.py:481
DEBUG capa: main.py:482
DEBUG capa: https://github.com/mandiant/capa-rules main.py:483
DEBUG capa: -------------------------------------------------------------------------------- main.py:484
DEBUG capa.features.extractors.common: unknown file format: 53514c69 common.py:85
DEBUG capa.rules: reading rules from directory /var/folders/0b/0ccr7qgn5p1_vvjrz7mn74z00000gn/T/_MEIANcNkQ/rules __init__.py:2167
DEBUG capa.rules.cache: loading rule set from cache: /var/folders/0b/0ccr7qgn5p1_vvjrz7mn74z00000gn/T/_MEIANcNkQ/cache/capa-c2011a71.cache cache.py:157
DEBUG capa: successfully loaded 974 rules main.py:693
DEBUG capa.features.extractors.common: unsupported file format: 53514c69, will not guess OS common.py:148
DEBUG capa: skipping library code matching: only supported by the vivisect backend main.py:817
DEBUG capa: format: binja_database main.py:867
DEBUG capa: backend: binja main.py:868
DEBUG capa.features.extractors.binja.find_binja_api: Binary Ninja API not installed, searching... find_binja_api.py:156
WARNING capa.features.extractors.binja.find_binja_api: unsupported platform to find Binary Ninja: darwin find_binja_api.py:114
DEBUG capa.features.extractors.binja.find_binja_api: failed to find Binary Ninja installation find_binja_api.py:160
DEBUG capa.features.extractors.binja.find_binja_api: found Binary Ninja API: None find_binja_api.py:162
Traceback (most recent call last):
File "main.py", line 1149, in <module>
File "main.py", line 1033, in main
File "main.py", line 871, in get_extractor_from_cli
File "loader.py", line 254, in get_extractor
RuntimeError: cannot find Binary Ninja API module.
[PYI-76527:ERROR] Failed to execute script 'main' due to unhandled exception!
I checked the source code and noticed a few things:
is_binaryninja_installedshould return True, since I can runimportlib.util.find_spec("binaryninja")get the result just fine. Not sure why it does not workfind_binaryninja_path_via_subprocessactually obtains the correct path of the binja python modeule, i.e., in/Applications/Binary Ninja.app/Contents/Resources/python(the default installation). However, thevalidate_binaryninja_pathmethod tries to append anotherpythoninto the path, so it breaks it. I see thatvalidate_binaryninja_pathis also used to validate the binja path obtained from the Linux desktop file. Maybe the path obtained there does not already have thepythonin it so it works? Anyways, the difference here needs to be fixed- We should also add macOS and Windows binja path detection by looking at the default installation