Page 1 of 1

diffing binaries without IDA

Posted: Wed Feb 20, 2013 4:20 am
by k0ng0
Hi all,

First post and hope to not piss off the g0ds ;)

So I was working on something. A couple of ELF binaries and one had a vuln the other didnt. I was able to located to affected code by using, objdump with a bit of linux-bash to remove the RVA's and then using linux's diff command. It wasn't pretty but I found it.

I then I had a friend let me borrow his IDA and bindiff and OMG!! it was so much easier and prettier. :P

Granted IDA is a great tool, I was wondering if you guys had any other techniques or tools for this. That works for ELF and PE files

thanks and great forum

k0ng0

Re: diffing binaries without IDA

Posted: Wed May 22, 2013 7:42 pm
by frishrash
Metasm project (http://metasm.cr0.org) has a built-in bindiff utility under "samples".

I used this utility for PEs, never tried for ELFs though the platform supports them in general.

Re: diffing binaries without IDA

Posted: Thu May 23, 2013 1:40 pm
by Xylitol
For compare files under windows i know Ultracompare http://www.ultraedit.com/products/ultracompare.html
WinHex have also a feature to compare if i remember and LordPE have a feature to compare the header of pe, that what i use to identify lamers who stole work by ripping ressource file.
Story related ~ http://rcecafe.net/?p=168

Re: diffing binaries without IDA

Posted: Thu Nov 28, 2013 2:05 am
by jvoisin
I'm using radare2 for binary diffing. You can see an example here (It's in spanish, but I'm sure Google translate will be happy to help you.).

Re: diffing binaries without IDA

Posted: Fri Nov 29, 2013 1:35 am
by Cch123
Given that your purpose is vulnerability research, I can give you some recommendations. Normally for vulnerability researchers, we use TurboDiff (IDA plugin), DarunGrim or Bindiff. Turbodiff and Darun grim are free solutions, but Bindiff is utilized more widely.

Re: diffing binaries without IDA

Posted: Tue Mar 28, 2017 3:41 pm
by ctrl^break
One very powerful differ is Diaphora by Joxean Koret. Diaphora provides great speed and better results than the regular tools.

This tool relies on IDA Pro (it's an IDA Python script) so I'd say is 'with IDA'. You can download the tool from here: http://diaphora.re/

For the non-IDA options, you can use Hexinator (https://hexinator.com) or 010 Editor (https://www.sweetscape.com/010editor/) which also provides fileformat grammar/template-based support.

--
Salu-DoS!

-ctrl^break
http://cubilfelino.net