Hex-Rays somewhat underhandedly added Linux ARM64 builds in their new IDA Pro 9.3 beta.
I really need to find some time to work on #BinDiff...
0
0
0
0
Hashtag
#BinDiff
Advertisement · 728 × 90
PSA: If your #BinDiff workflow relies on a working BinExport for Ghidra, check github.com/google/binex....
1
0
0
0
Exciting! Vector35's excellent @binary.ninja ships with built-in BinExport in the latest dev version!
Here's how to use it with #BinDiff: dev-docs.binary.ninja/guide/binexp...
6
2
0
0
#BinDiff for #IDA 9.x
https://github.com/Lil-Ran/build-bindiff-for-ida-9
Disclaimer: I haven't checked it, apply due caution
2
0
0
0
0
0
0
0
difficult to judge quality, so the next step is to come up with some metrics that can be checked automatically.
#bindiff #ghidriff
2/2
Original->
0
0
0
0
You diff binaries and immediately find the single change that adds the overflow check.
I diff mpengine.dll and break all reversing tools out there.
We are not the same.
gist.github.com ->
#bindiff #ghidriff
Original->
0
0
0
0
Ever wondered about how #BinDiff reads the BinExport2 format to build its flow graph representations?
This post by Willi Ballenthin sheds some light on this:
www.williballenthin.com/post/binexpo...
1
1
0
0
I'll end this on a more positive note by saying that https://github.com/google/binexport/pull/133 at least enables the same workflow for IDA 9.0 as the one we use for Binary Ninja and Ghidra (export first, then invoke #BinDiff manually). 6/N
0
0
1
0
This is all a shame, really, as I would like to update #BinDiff to, e.g., use idalib for headless exports.
But right now, I don't have the time/capacity to work on any of this.
I'd rather spent my 20% time on more exciting parts of the project. Or maybe it's time to move on? 5/N
0
0
1
0
On top of that, #BinDiff can no longer just be installed, because 8.4 plugins will not load in IDA Pro 9.0 (and vice versa) and installing both means ugly error message each time IDA starts.
So I need to implement something to select the version (idaswitch?). 4/N
0
0
1
0
Supporting #BinDiff on 3 disassemblers (as a 20% project no less) is difficult enough, and initially, I was pleased that at least the 32-bit binaries are going away 2/N
0
0
0
0
PSA: An official #BinDiff that works with IDA 9.0 will be a bit delayed.
Good news is that there's a https://github.com/google/binexport/pull/133 for BinExport that should allow to use BinDiff manually.
@HexRaysSA
0
0
0
0
Huh, with the new IDAlib headleass mode in @HexRaysSA IDA 9.0, #BinDiff can get rid of the visible second IDA instance. Need to play around with this more.
0
0
0
0
I love Google's internal infra. Yet somehow, every Friday, when I want to work on #BinDiff, build infra acts up and I spent most of the day fixing it. FML.
0
0
0
0
BinExport for #BinDiff can be built for the new version, but the fmtlib dependency complicates a signed Google build a bit, unfortunately.
0
0
0
0
Today was 20% day - "bit-rot prevention edition".
#BinDiff now has GitHub Actions and you can download binaries per commit (github.com/google/bindiff/actions/r...
github.com/google/bindiff/commit/e8...
0
0
0
0
Nice, need to check this out. This could (should?) outperform #BinDiff https://x.com/anttitikkanen/status/1738343251441000762
0
0
0
0
I do also want a ticket. Or maybe there should be a #BinDiff talk? https://x.com/offensive_con/status/1716384358175486329
0
0
0
0
In the spirit of "this talk could've been a tweet", I just pushed a button: #BinDiff is now open source. - Snapshot release, no major new functionality
- Release binaries later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)
0
0
1
0
QueueJumper analysis using #BinDiff
securityintelligence.com/posts/msmq-queuejumper-r...
(thx @dustriorg)
0
0
0
0
0
0
0
0
I should test with BinExport for #BinDiff... https://x.com/vector35/status/1615805140946063372
0
0
0
0
A while back, I made a thing that turns #BinDiff matches into YARA rules: https://github.com/google/vxsig #100DaysOfYARA
10
4
0
0