zynamics' revenue was never relevant to Google. We were profitable, but by Google's standards not even a rounding error. This was primarily an acquihire and deploying the BinDiff derived technology (VxClass) as an internal defensive system. Ensuring continued access to BinDiff for external parties is something we pushed for. Google dropped the price, but not to zero, in order to maintain at least a minimum of control of who gets access to it (consider that there are export restrictions for such tech to countries like North Korea).
@@RECESSIM truly is, info you shared here could lead to huge improvements in quality of life for gamers, people could actually fix and improve everything thats dragging performance down
Yup enjoy it while you can, I find these gems all the time when they are like 20k subs and less but give it time and he will have a million and be lame
They have probably bought the company to get the patents with it, the BinDiff was not needed for them, though it's a great tool to compare binaries between updates. :)
I for a while have wondered if theres a market for a reverse engineering centric podcast and realize looking thru comments here, 1 def is a market, and 2 The comment section here is a great pool to draw from to find guests lol I guess hmu if you wanna tell a RE war story or just anything cool u did in the RE field of tech. I'm a sometimes reverse engineer myself (when I need to undertstand how a new cutting edge strain of malware works) so Im def subbing. Can already tell I can learn alot from this guy 😅 ps: the code is open sourced because we need more people capable of working with these tools, just look at stats regarding the ratio of malicious hackers vs defenders .. its about 60:1. We need more RE's
Some speculation: It wasn't worth their time to try to sell it, so they just made it free. That also might work around some export control restrictions. But I'm guessing you're right about the motivation to move to open source. FWIW, it is far from unprecedented behavior on Google's part to acquire (or build) tech and give it away. Keyhole (Google Earth Pro), Sketch-Up, and of course Android come to mind. There was also Google Wave, which they open-sourced after killing it, and probably a bunch of other things too.
I think the "community" they're wanting to support is the security community, rather than the devs who are trying to make clones of commercial software. The security industry is very community driven, as exploits and bugs etc are logged in public databases for others' benefit. Google make a huge amount of money through providing security tooling and monitoring, so it make sense that they would like to support a healthy security community, so that they don't have to do as much security research in-house. I'm only a lil baby security engineer, so i could be very wrong 🤷🏼♂️
The NSA opened disassemblers, bindiff is for disassembling. Disassembly for the public theoretically serves the mission to protect the public as the public can inspect their software.
There is probably too much open source licensed software used in BinDiff already, so the easiest is to just capitulate and honour all the licenses, and make the whole thing open source. Google is dodging a bullet, one way or another, I would imagine.
I think Google are manipulating the marked by giving away things for free, so people get used to everything should be free. This makes it very dificult to deliver any software in a marked where the customers expect everything to be free and they don't realize the reason it is free is because they are the product. The problem of this is that when we deliver software in marked where we can't include advertisement or in the product, people still expect it to be free.
"Companies buy things to sell them for money." Generally true but Google, Microsoft and Apple MUST attract and retain a large active developer community. To the extent that community benefits from a tool you own, it makes sense to give it away. Look at VS Community. And of course the biggest issue for all developers - and especially OpenSource - is security. I would expect that making sure the tools that are needed to identify modified executables is essential. Its one thing to find malware that has been identified. Its quite another to have a sense that something has changed but avoids detection. Logically, and please feel free to correct me, the first step is to detect a binary change. From there you have the source and can drill down to what changes have been implemented and can then work through it from there.
The part that doesn’t make sense is the timing. When they dropped the price and ultimately gave it away you still needed IDA $$$. Buying them for the talent makes sense, perhaps removing them from the market if inspired by US Gov… But “the greater good” does not compute.
I'm sure it has something to do with helping the community grow, so that an environment sprouts that will give rise to a much higher demand for googles products in the range of that area.
UEFI exploits...very profitable. I can't talk beyond that. Also handy for reversing to get Coreboot ported to devices...the EC is then another embedded controller to work on... Ended up going with a laptop recently that just uses coreboot and an open source EC recently, am never going back.
@@f7p1764 Well I'd like to make some AI reverse engineering tools too. But I agree it's ridiculous. I've seen AI people say some crazy things in interviews and be quite weird. It's strange how they were able to even get in that position in the first place.
Think you hit the nail on the head, bring in the talent and IP, let the acquired talent focus on internal NOT free stuff and let the product die off in the open source community.
indeed, google is not the company that contributes useful things to OSS, all their open products are either crap (cough angular),half-closed (golang has only open-source code, but only google employees have a saying in what goes) or limited by their license (android uses linux kernel, and they try to make it as obscure as possible to be used in the free setting).
Allowing access to the software for free is a good way of recruiting or finding new talent capable of utilizing it and making it open source is basically free R&D to progress the project, Business 101 R&D cost money.
If what Google did doesn't make sense to you, neither will all the free software development that exists in the world. It is simply your personal appreciation. That does not affect the development of free software at all. Let's hope that other companies do the same as Google in this case. Not everything in life is about money. Freedom is more important. Steve Jobs' phrase is disgusting. And it explains very well what a terrible person he was.
For people that’s true, I give away my Smart Meters GNU Radio flowgraph and work. Companies aren’t people. People do altruistic things and give away their work. Google is a public company responsible for generating shareholder value. They chase only profit and growth. So giving this away is towards that end, just not sure how.
@@RECESSIM I think in their view, making the entire Internet ecosystem more trustworthy and secure is good for their bottom line. See also: Project Zero.
@ RECESSIM The companies (and people) only chase profit and growth because of our fiat currency having a zero lower bound interest problem. If it was accounted properly upon creation this would turn into a negative lower bound and companies and people could be existing at 0% ROI (and the profit/growth pressure by shareholders would also vanish).
A whole new world A new fantastic point of view No one to tell us no Or where to go Or say we're only dreaming... Seriously though. They gave it away for free to overcome international arms controls. Now they can hire Indian, Chinese, Russian, and North Korean freelancers.
I think money generated by this plugin are so insignificant for Google so that they don't bother. I think you are right, they just dont want to invest time in it so gave it for free.
Lmao, that right there is a PS4 on the Uefi exploiting article, it seems someone is hinting at something xD, forget kernel exploits and escaping virtualization, when you control uefi, you control the entire system.
I’m productizing the details you could say. The story that’s generally interesting to everyone is free. The parts that could greatly benefit people working on something, save them time accomplishing their own goals cost a modest fee. That benefits me, so I can continue to make content for everyone and publish what I find without restriction, which benefits everyone else.
@@joansparky4439 Well i dont want to argue - but the air comes in and partly CO2 + moisture comes out - for the trees to grow in forests :) - in some countries there already is rain tax - you need to pay for the rain that came down on your property - no matter if you used it or thrown it away :)
@ TymexComputing Well, "free" implies "not having to work for it". If other people would make the air for you (say on the moon or mars or some space station) it would not be free, as in free beer. But here on Earth it is. That flora and fauna built some symbiotic relationships over billions of years that makes them depend on each other is not really work, is it? As for rain or sunshine being taxed and not being free and you having to work for it without the entity you pay providing you with sunshine/rain is a kind of robbery, isn't it? Governments are providing freedom, property rights and other similar things and charge for that.. they shouldn't need to charge for sunshine/rain to make ends meet really.
@@joansparky4439 i Agree :) - didnt want to argue anyway but its true. i only cited the saying - "nothing is free" as many things are complementary in this world (if not all of them) - if burger is free you're getting fat if beer is free (first beer? all beer?) you're getting drunk or buy 4 more beers to fill because one small beer is never enough :) - if somebody gives you free twitch subscription you give one to somebody else and this is how the train starts :) if subs are cheap you can buy ten of them and give them to somebody else. But there is only one truth - despite all the gov and laws and everything else that could be lying :)
@ TymexComputing arguing is nice, especially if both stick to logic, so no need to apologize for having a swing at me there. I mostly comment to get some feedback on my view of the world and how much it deviates from that of other people and what they know I don't (my hobby-horse is economics/sociology, lots of errors in those fields ;-) As for your argument that stuff supplied by other people not being free and there being some hook.. I agree. We all are more or less selfish to be able to survive as individuals, so the chances of somebody gifting away his lifetime (time spent working) is very rare and thus in all other cases chances are high that they want at least as much back as they "gift", most often even more. That's what you had on mind, or? PS: if with "one truth" you mean the laws of nature I agree ;-)
Hey, this is pretty intense, this video. I need to write an actual UEFI driver, this is the right tool for the job, it seems. Thank you again for sharing!
zynamics' revenue was never relevant to Google. We were profitable, but by Google's standards not even a rounding error. This was primarily an acquihire and deploying the BinDiff derived technology (VxClass) as an internal defensive system. Ensuring continued access to BinDiff for external parties is something we pushed for. Google dropped the price, but not to zero, in order to maintain at least a minimum of control of who gets access to it (consider that there are export restrictions for such tech to countries like North Korea).
This channel is underrated. Very informative, professional, niche, and easy to digest.
Thanks!
@@RECESSIM truly is, info you shared here could lead to huge improvements in quality of life for gamers, people could actually fix and improve everything thats dragging performance down
Yup enjoy it while you can, I find these gems all the time when they are like 20k subs and less but give it time and he will have a million and be lame
They have probably bought the company to get the patents with it, the BinDiff was not needed for them, though it's a great tool to compare binaries between updates. :)
I remember using a dodgy copy of BinDiff in the mid 2000's on my dodgy copy of IDA. How times have changed.
Dodgy || Die 😎
@@RECESSIM hehe... is that the second reprint name for PoC || GTFO?
i LOVE that you asked for insiders to come in with a burner account 🤣♥
SPILL THE BEANS! It’s not like it’ll hurt corporate profits, they already pissed that away 😂
I for a while have wondered if theres a market for a reverse engineering centric podcast and realize looking thru comments here, 1 def is a market, and 2 The comment section here is a great pool to draw from to find guests lol
I guess hmu if you wanna tell a RE war story or just anything cool u did in the RE field of tech. I'm a sometimes reverse engineer myself (when I need to undertstand how a new cutting edge strain of malware works) so Im def subbing. Can already tell I can learn alot from this guy 😅
ps: the code is open sourced because we need more people capable of working with these tools, just look at stats regarding the ratio of malicious hackers vs defenders .. its about 60:1.
We need more RE's
Some speculation: It wasn't worth their time to try to sell it, so they just made it free. That also might work around some export control restrictions. But I'm guessing you're right about the motivation to move to open source.
FWIW, it is far from unprecedented behavior on Google's part to acquire (or build) tech and give it away. Keyhole (Google Earth Pro), Sketch-Up, and of course Android come to mind. There was also Google Wave, which they open-sourced after killing it, and probably a bunch of other things too.
I'm still salty about sketch-up being sold off.
Export restrictions was the first thing that came to my mind as well.
I think the "community" they're wanting to support is the security community, rather than the devs who are trying to make clones of commercial software. The security industry is very community driven, as exploits and bugs etc are logged in public databases for others' benefit. Google make a huge amount of money through providing security tooling and monitoring, so it make sense that they would like to support a healthy security community, so that they don't have to do as much security research in-house. I'm only a lil baby security engineer, so i could be very wrong 🤷🏼♂️
The NSA opened disassemblers, bindiff is for disassembling. Disassembly for the public theoretically serves the mission to protect the public as the public can inspect their software.
There is probably too much open source licensed software used in BinDiff already, so the easiest is to just capitulate and honour all the licenses, and make the whole thing open source. Google is dodging a bullet, one way or another, I would imagine.
Interesting perspective
I never thought I'd ever have the opportunity to say "that's a really good Steve Jobs quote".
Even I was surprised 😂
I'm starting to love this channel. Thank you!
Yet another super informative video. Thank you
I think Google are manipulating the marked by giving away things for free, so people get used to everything should be free. This makes it very dificult to deliver any software in a marked where the customers expect everything to be free and they don't realize the reason it is free is because they are the product. The problem of this is that when we deliver software in marked where we can't include advertisement or in the product, people still expect it to be free.
Isn't it obvious that Ghidra killed the IDA stuff? I'm really looking forward to fantastic integration of Ghidra and AI. That will be mind blowing.
I don’t know how I just discovered you but I’m subscribing immediately!
It's better than sunsetting it like they do with all their other projects
It's cheaper to not support a product commercially when you use it internally anyway
"Companies buy things to sell them for money." Generally true but Google, Microsoft and Apple MUST attract and retain a large active developer community. To the extent that community benefits from a tool you own, it makes sense to give it away. Look at VS Community. And of course the biggest issue for all developers - and especially OpenSource - is security. I would expect that making sure the tools that are needed to identify modified executables is essential. Its one thing to find malware that has been identified. Its quite another to have a sense that something has changed but avoids detection. Logically, and please feel free to correct me, the first step is to detect a binary change. From there you have the source and can drill down to what changes have been implemented and can then work through it from there.
The part that doesn’t make sense is the timing. When they dropped the price and ultimately gave it away you still needed IDA $$$.
Buying them for the talent makes sense, perhaps removing them from the market if inspired by US Gov… But “the greater good” does not compute.
Great to chat to you a couple of Saturdays back.
I have subscribed and here to get educated and more likely baffled and confused.
Baffled and confused is where I aim to be, so you’re on the right path! Learning begins there.
I'm sure it has something to do with helping the community grow, so that an environment sprouts that will give rise to a much higher demand for googles products in the range of that area.
UEFI exploits...very profitable. I can't talk beyond that. Also handy for reversing to get Coreboot ported to devices...the EC is then another embedded controller to work on...
Ended up going with a laptop recently that just uses coreboot and an open source EC recently, am never going back.
Since it's google maybe they now have some fancy AI reverse engineering tools.
just add AI in any sense and you're the smartest person or company.
@@f7p1764 Well I'd like to make some AI reverse engineering tools too. But I agree it's ridiculous. I've seen AI people say some crazy things in interviews and be quite weird. It's strange how they were able to even get in that position in the first place.
Good stuff here, thanks for sharing with us!
Think you hit the nail on the head, bring in the talent and IP, let the acquired talent focus on internal NOT free stuff and let the product die off in the open source community.
indeed, google is not the company that contributes useful things to OSS, all their open products are either crap (cough angular),half-closed (golang has only open-source code, but only google employees have a saying in what goes) or limited by their license (android uses linux kernel, and they try to make it as obscure as possible to be used in the free setting).
I thought everyone stole IDA pro. 🙄
what a cool channel. completely unknown and unpromoted by youtube.
if the software is free, then you are the product. apparently these users are worth to google more than the software itself.
Allowing access to the software for free is a good way of recruiting or finding new talent capable of utilizing it and making it open source is basically free R&D to progress the project, Business 101 R&D cost money.
I mean..was 1:18 the sound effect for Tetris Blitz on iOS back in the day tho
Love your little show!
Btw, why are you not censoring GPS coords in your videos?
Are you not scared of internet stalkers?
As most red team people, he's already 5 steps ahead of us :)
"bindiff now available for free" - 2016
fantastic
If what Google did doesn't make sense to you, neither will all the free software development that exists in the world. It is simply your personal appreciation. That does not affect the development of free software at all.
Let's hope that other companies do the same as Google in this case.
Not everything in life is about money. Freedom is more important.
Steve Jobs' phrase is disgusting. And it explains very well what a terrible person he was.
For people that’s true, I give away my Smart Meters GNU Radio flowgraph and work. Companies aren’t people. People do altruistic things and give away their work. Google is a public company responsible for generating shareholder value.
They chase only profit and growth. So giving this away is towards that end, just not sure how.
@@RECESSIM I think in their view, making the entire Internet ecosystem more trustworthy and secure is good for their bottom line. See also: Project Zero.
@ RECESSIM
The companies (and people) only chase profit and growth because of our fiat currency having a zero lower bound interest problem. If it was accounted properly upon creation this would turn into a negative lower bound and companies and people could be existing at 0% ROI (and the profit/growth pressure by shareholders would also vanish).
Could it be that all the reverse engineering data gets passed through their servers?
Maybe it was no longer profitable, so they stopped allocating resources to it, gave it away for free and made it open source.
A whole new world
A new fantastic point of view
No one to tell us no
Or where to go
Or say we're only dreaming...
Seriously though. They gave it away for free to overcome international arms controls.
Now they can hire Indian, Chinese, Russian, and North Korean freelancers.
I don't get it. There was an open source program in Linux, called bindiff already for years.
I've been using it since about 2008.
Never look a gift horse in the mouth whenever a company open sourced their software. Everything should be open source
LOL you totally threw in a ZJ joke.
Never heard of all this
Keep em comin'
I think money generated by this plugin are so insignificant for Google so that they don't bother. I think you are right, they just dont want to invest time in it so gave it for free.
Lmao, that right there is a PS4 on the Uefi exploiting article, it seems someone is hinting at something xD, forget kernel exploits and escaping virtualization, when you control uefi, you control the entire system.
thank you for the video
commenting to push the algorithm
Kinda like what you do but you talk about sharing info, learning together etc then you hide a bunch of stuff behind a patreon. Who does that benefit?
I’m productizing the details you could say. The story that’s generally interesting to everyone is free. The parts that could greatly benefit people working on something, save them time accomplishing their own goals cost a modest fee.
That benefits me, so I can continue to make content for everyone and publish what I find without restriction, which benefits everyone else.
Hello
There is nothing free:)
the air you breathe is free thou.. nature doesn't ask for anything from you in return.
@@joansparky4439 Well i dont want to argue - but the air comes in and partly CO2 + moisture comes out - for the trees to grow in forests :) - in some countries there already is rain tax - you need to pay for the rain that came down on your property - no matter if you used it or thrown it away :)
@ TymexComputing
Well, "free" implies "not having to work for it". If other people would make the air for you (say on the moon or mars or some space station) it would not be free, as in free beer. But here on Earth it is.
That flora and fauna built some symbiotic relationships over billions of years that makes them depend on each other is not really work, is it?
As for rain or sunshine being taxed and not being free and you having to work for it without the entity you pay providing you with sunshine/rain is a kind of robbery, isn't it? Governments are providing freedom, property rights and other similar things and charge for that.. they shouldn't need to charge for sunshine/rain to make ends meet really.
@@joansparky4439 i Agree :) - didnt want to argue anyway but its true. i only cited the saying - "nothing is free" as many things are complementary in this world (if not all of them) - if burger is free you're getting fat if beer is free (first beer? all beer?) you're getting drunk or buy 4 more beers to fill because one small beer is never enough :) - if somebody gives you free twitch subscription you give one to somebody else and this is how the train starts :) if subs are cheap you can buy ten of them and give them to somebody else.
But there is only one truth - despite all the gov and laws and everything else that could be lying :)
@ TymexComputing
arguing is nice, especially if both stick to logic, so no need to apologize for having a swing at me there. I mostly comment to get some feedback on my view of the world and how much it deviates from that of other people and what they know I don't (my hobby-horse is economics/sociology, lots of errors in those fields ;-)
As for your argument that stuff supplied by other people not being free and there being some hook.. I agree. We all are more or less selfish to be able to survive as individuals, so the chances of somebody gifting away his lifetime (time spent working) is very rare and thus in all other cases chances are high that they want at least as much back as they "gift", most often even more. That's what you had on mind, or?
PS: if with "one truth" you mean the laws of nature I agree ;-)
Damn shame ya need a Patreon 😂 @youtube
Why you wearing a suit? Why don't you dress casual like everyone else?
Train me
Hey, this is pretty intense, this video. I need to write an actual UEFI driver, this is the right tool for the job, it seems. Thank you again for sharing!
Oh! A wiki! Very cool, thank you! 👍
Joe Lothaine 🤪
what is your shirt tied this way near wrist
Cufflinks?
Google paid for the Paten and the employee. Giving the tools for free is always a good way to improve your image as a company