diffing binaries without IDA

Discussion on reverse-engineering and debugging.
Post Reply
k0ng0
Posts: 10
Joined: Fri Feb 08, 2013 7:57 pm

diffing binaries without IDA

Post by k0ng0 » Wed Feb 20, 2013 4:20 am

Hi all,

First post and hope to not piss off the g0ds ;)

So I was working on something. A couple of ELF binaries and one had a vuln the other didnt. I was able to located to affected code by using, objdump with a bit of linux-bash to remove the RVA's and then using linux's diff command. It wasn't pretty but I found it.

I then I had a friend let me borrow his IDA and bindiff and OMG!! it was so much easier and prettier. :P

Granted IDA is a great tool, I was wondering if you guys had any other techniques or tools for this. That works for ELF and PE files

thanks and great forum

k0ng0

frishrash
Posts: 3
Joined: Tue Oct 19, 2010 9:25 am

Re: diffing binaries without IDA

Post by frishrash » Wed May 22, 2013 7:42 pm

Metasm project (http://metasm.cr0.org) has a built-in bindiff utility under "samples".

I used this utility for PEs, never tried for ELFs though the platform supports them in general.

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: diffing binaries without IDA

Post by Xylitol » Thu May 23, 2013 1:40 pm

For compare files under windows i know Ultracompare http://www.ultraedit.com/products/ultracompare.html
WinHex have also a feature to compare if i remember and LordPE have a feature to compare the header of pe, that what i use to identify lamers who stole work by ripping ressource file.
Story related ~ http://rcecafe.net/?p=168

jvoisin
Posts: 1
Joined: Wed Oct 23, 2013 1:10 pm

Re: diffing binaries without IDA

Post by jvoisin » Thu Nov 28, 2013 2:05 am

I'm using radare2 for binary diffing. You can see an example here (It's in spanish, but I'm sure Google translate will be happy to help you.).

Cch123
Posts: 7
Joined: Sat Oct 12, 2013 1:00 pm

Re: diffing binaries without IDA

Post by Cch123 » Fri Nov 29, 2013 1:35 am

Given that your purpose is vulnerability research, I can give you some recommendations. Normally for vulnerability researchers, we use TurboDiff (IDA plugin), DarunGrim or Bindiff. Turbodiff and Darun grim are free solutions, but Bindiff is utilized more widely.

ctrl^break
Posts: 3
Joined: Sat Mar 04, 2017 10:08 pm
Location: Mexico

Re: diffing binaries without IDA

Post by ctrl^break » Tue Mar 28, 2017 3:41 pm

One very powerful differ is Diaphora by Joxean Koret. Diaphora provides great speed and better results than the regular tools.

This tool relies on IDA Pro (it's an IDA Python script) so I'd say is 'with IDA'. You can download the tool from here: http://diaphora.re/

For the non-IDA options, you can use Hexinator (https://hexinator.com) or 010 Editor (https://www.sweetscape.com/010editor/) which also provides fileformat grammar/template-based support.

--
Salu-DoS!

-ctrl^break
http://cubilfelino.net

Post Reply