diffing binaries without IDA

Discussion on reverse-engineering and debugging.
Post Reply
Posts: 10
Joined: Fri Feb 08, 2013 7:57 pm

Wed Feb 20, 2013 4:20 am

Hi all,

First post and hope to not piss off the g0ds ;)

So I was working on something. A couple of ELF binaries and one had a vuln the other didnt. I was able to located to affected code by using, objdump with a bit of linux-bash to remove the RVA's and then using linux's diff command. It wasn't pretty but I found it.

I then I had a friend let me borrow his IDA and bindiff and OMG!! it was so much easier and prettier. :P

Granted IDA is a great tool, I was wondering if you guys had any other techniques or tools for this. That works for ELF and PE files

thanks and great forum

Posts: 3
Joined: Tue Oct 19, 2010 9:25 am

Wed May 22, 2013 7:42 pm

Metasm project (http://metasm.cr0.org) has a built-in bindiff utility under "samples".

I used this utility for PEs, never tried for ELFs though the platform supports them in general.
User avatar
Global Moderator
Posts: 1684
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society

Thu May 23, 2013 1:40 pm

For compare files under windows i know Ultracompare http://www.ultraedit.com/products/ultracompare.html
WinHex have also a feature to compare if i remember and LordPE have a feature to compare the header of pe, that what i use to identify lamers who stole work by ripping ressource file.
Story related ~ http://rcecafe.net/?p=168
Posts: 1
Joined: Wed Oct 23, 2013 1:10 pm

Thu Nov 28, 2013 2:05 am

I'm using radare2 for binary diffing. You can see an example here (It's in spanish, but I'm sure Google translate will be happy to help you.).
Posts: 7
Joined: Sat Oct 12, 2013 1:00 pm

Fri Nov 29, 2013 1:35 am

Given that your purpose is vulnerability research, I can give you some recommendations. Normally for vulnerability researchers, we use TurboDiff (IDA plugin), DarunGrim or Bindiff. Turbodiff and Darun grim are free solutions, but Bindiff is utilized more widely.
Posts: 3
Joined: Sat Mar 04, 2017 10:08 pm
Location: Mexico

Tue Mar 28, 2017 3:41 pm

One very powerful differ is Diaphora by Joxean Koret. Diaphora provides great speed and better results than the regular tools.

This tool relies on IDA Pro (it's an IDA Python script) so I'd say is 'with IDA'. You can download the tool from here: http://diaphora.re/

For the non-IDA options, you can use Hexinator (https://hexinator.com) or 010 Editor (https://www.sweetscape.com/010editor/) which also provides fileformat grammar/template-based support.


Post Reply