Hacker News new | past | comments | ask | show | jobs | submit login
BinDiff now available for free (googleblog.com)
226 points by ner0x652 on March 18, 2016 | hide | past | favorite | 33 comments



Shameless plug:

Several years ago I did a tool that shows differences between disassembled functions basic-block graphs, that you can use for free and it is GPLv2 licensed. I believe my tool shows the differences in a better way than bindiff, and it piggybacks on a disassembler made by a former coworker and friend.

Maybe someone wants to use it.

http://www.coresecurity.com/corelabs-research/open-source-to...

PS: I don't work at Core Security anymore.


> I don't work at Core Security anymore

Where do you work now?


Now I work at a small company named Disarmista.


To be clear, it is still a plugin for a ~$5000 application.

Nonetheless, thanks Google for lowering the bar for entry into professional security work!


From the article, it didn't appear that the decompiler was required, just the disassembler.

IDA Pro disassembler (professional edition) is $1129.

So it's somewhat less expensive.

I wish Hopper (hopperapp.com) were more publicized; it's only $89!


If you cant splurge on IDA try radare2 before Hopper:

http://www.radare.org/r/cmp.html

Then in a couple weeks donate $89 saved to the radare2 efforts.


What's the Windows status there? I have looked at their web page many times and it's just confusing.

The main description page says Mac only, a blog post from long ago says Windows is available (with some restrictions).


Version 2 of Hopper had a Windows version available, but with later versions it has been discontinued: https://twitter.com/bSr43/status/672185178236825601


It gets expensive when you want all the bells and whistles, but yes the base model is a little north of a grand.

Thanks for the link to Hopper, I know what i'll be doing this afternoon...


If you are a security professional it is not that much.


You only need the IDA Pro Starter Edition (589 USD, 32-bit files only) or the regular IDA Pro version for a single architecture (1129 USD). Even so, IDA comes with decades of RE experience baked into its heuristics and analysis features. It's quirky, yes, but as a professional tool it's also worth the money.


Remember that 4.2.0 works only with IDA 6.8, if you have an older IDA license, there goes the link to the 4.1.0 that is compatible with IDA 6.5+: https://dl.google.com/dl/zynamics/bindiff410-win-x86.msi

UPDATE:

Linux is here: https://dl.google.com/dl/zynamics/bindiff410-debian7-amd64.d...


Well it mostly works on 6.9 as well. Linux should work without any restrictions, but on Windows there were some IDA Qt changes that lead to some annoyances: - Can't reopen BinDiff windows after they were closed - Shortcuts don't work

Other than that the Windows version is functional.


Why is the linked site served over http? http://www.zynamics.com/software.html

Changing to https reveals a security cert valid for *.google.com, but not for www.zynamics.com.


Interesting. I brought up a similar issue about what browser dot org and while they took months to get it working with HTTPS, I consider it a win.

Still interesting though. I'd just use a separate certificate for this. > www.zynamics.com uses an invalid security certificate. The certificate is only valid for the following names: .google.com, .android.com, .appengine.google.com, .cloud.google.com, .google-analytics.com, .google.ca, .google.cl, .google.co.in, .google.co.jp, .google.co.uk, .google.com.ar, .google.com.au, .google.com.br, .google.com.co, .google.com.mx, .google.com.tr, .google.com.vn, .google.de, .google.es, .google.fr, .google.hu, .google.it, .google.nl, .google.pl, .google.pt, .googleadapis.com, .googleapis.cn, .googlecommerce.com, .googlevideo.com, .gstatic.cn, .gstatic.com, .gvt1.com, .gvt2.com, .metric.gstatic.com, .urchin.com, .url.google.com, .youtube-nocookie.com, .youtube.com, .youtubeeducation.com, .ytimg.com, android.clients.google.com, android.com, g.co, goo.gl, google-analytics.com, google.com, googlecommerce.com, urchin.com, youtu.be, youtube.com, youtubeeducation.com Error code: SSL_ERROR_BAD_CERT_DOMAIN


Yeah that's a sore point :-/ The downloads are served via HTTPS, though. Also, publishing the SHA1 hashes over HTTP kind of defeats the purpose, so here they are again (HackerNews is HTTPS :)):

bindiff420-debian8-amd64.deb 38fbea8070495fc8730d7c86eae03bc68fde291f bindiff420-debian8-i386.deb 49cdd6ae7ebe5b1813a5fcafaae9fde19005c824 bindiff420-win-pluginsonly.zip e2b786d405aac23aced989e02080dd69c18ab75e bindiff420-win-x86.msi 89f2eadc6582d4acca1e78db3617b5fba3eced0f bindiff-license-key.zip 95715a8bd7469106fc60b03f94f3cc87604e354c


Isn't this the same basic idea as Google Updater's Courgette algorithm (https://www.chromium.org/developers/design-documents/softwar...)? Both seem to disassemble and then untangle the static call graph into something that can be effectively diffed.


It may well be, but given the relative age of both Courgette's publication and Zynamics prior to Google's purchase, I'd be surprised if the two implementations are not entirely disjoint.


Would love this introduced into http://diffoscope.org/...


I saw someone post this googleblog entry over a month ago on the Freenode ##re channel. Then it was quickly taken down again. I guess they must have pulled the trigger a little early.


Man, I'm getting tons of early-2000s vibes from the design of the zynamics website.


Yup, we didn't bother with updating it in a looong while :-/


Wholeheartedly agree, and IMHO the lack of Mac compatibility completes the vibe!


Is there a version for OS X?


There used to be (4.0). I'm working on it, though :)


No OS-X support? :(


It's an awesome free debugger!


If you look at the EULA you'll see that free here means free as in no cost. It is still proprietary software and isn't considered "open source" by the OSI definition[2] even tho the page claims it's "open source".

[1] http://www.zynamics.com/eula.html [2] https://opensource.org/osd


This would have been news worthy 10 years ago.

Today, it's more like shrug who cares.

Dependency on IDA, closed source, limited platform support, Java/Swing ...

Far better free solutions out there.


Serious question -- can you point to a better (or at least more free) recursive, graphical debugger for Windows than IDA?


Not sure what you mean by recursive, but OllyDbg [1] is an awesome free debugger on Windows.

[1] http://www.ollydbg.de/


They are alluding to IDA's recursive disassembly capabilities.

http://reverseengineering.stackexchange.com/questions/2347/w...

(It's worth noting the answer from Igor Skochinsky, while not the selected answer, comes from IDA's author.)


LOL, haters gonna hate. So let's see...

- BinDiff would work stand-alone if someone wrote an exporter for another disassembler (BinDiff uses https://github.com/google/binexport for that).

- Closed source - yeah it contains some secret sauce and also depends on a commercial graph library (yFiles). Not easily replaced. Their product is also pretty good.

- Limited platform support - well, there is an older OS X version as well and we have this on our radar for future releases.

- Far better free solutions - please do show. Maybe we can do a diff-off some time :)

YOLO :P




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: