The code is also published (in github) already and #Diaphora now can use an already trained model to try to improve binary diffing results (matching). I haven't made yet a new release just yet as these changes are considered a bit experimental for now.
The datasets and tools for training and testing are here: https://github.com/joxeankoret/diaphora-ml
And Diaphora, is here: https://github.com/joxeankoret/diaphora
#Diaphora #BinaryDiffing #Bindiffing #ReverseEngineering #MachineLearning
SPONSORING
📢 We are vey happy to announce the GOLD sponsorship by Quarkslab ( https://www.quarkslab.com ) 😍 We thank them a lot for their support since the Day 1 of the conference in 2018 🙏
🚀 Among many others #opensource projects, Quarkslab recently published a ⚡ #binDiffing portal https://diffing.quarkslab.com/ . You will be able to find there several of their #bindiffing open source softwares like #Qbindiff or #Quokka but also many ressources on the topic.
📝 "Through QLab‘s consulting expertise and R&D, and our software QFlow and QShield, we share and scale our knowledge by making it accessible to everyone. We believe that security is everyone’s concern as there is no freedom if there is no security."
It's very sad, but it's always a damn waste of time reading academic research about binary diffing or, as it's called at the academia, about binary code similarity analysis. It's either all fairytales that cannot be proved or, plainly, false and/or wrong.
An example? One paper that I have re-read today says that #BinDiff and #Diaphora are mono-architecture and totally discard these tools for the paper. LOL.
Fun Reverse Engineering problem du jour. A compilation unit is a set of functions. Cool. However, a function might belong to one or many compilation units.
For example, in #Diaphora, I used to think that once I have a compilation unit name for a function, that function belongs to just that one CU. However, if a function from, for example, a header file is in-lined inside a function, what compilation unit does that function belong to?
Not one, but two new #bindiffing tools landed this week. Sweet!
// HT @clearbluejar @4Dgifts
https://github.com/clearbluejar/ghidriff
https://blog.quarkslab.com/qbindiff-a-modular-diffing-toolkit.html
Any cool bug on this Patch Tuesday? Anything cool to diff with #Diaphora and enhance the ability to try to find patched vulnerabilities?
Did you know that #Diaphora detects patch diffing sessions and tries to help finding where vulnerabilities were fixed? Here are some examples for CVE-2020-1350 and CVE-2023-28231.
#patchdiffing #binarydiffing #bindiffing #vulnerabilityresearch #vulndev
Today I realised that the oldest technology developed by me integrated into #Diaphora dates from 2009.
In case you are curious, it's #DeepToad, a Python library for doing fuzzy hashing. This simplistic library calculates a set of 3 different hashes using a configurable block size (in opposite to, say, ssdeep, that doesn't work for this).
https://github.com/joxeankoret/deeptoad
#FuzzyHashing
#DeepToad
#Diaphora
#BinDiffing
#ProgramDiffing
#BCSA
DeepToad is a library and a tool to clusterize similar files using fuzzy hashing - GitHub - joxeankoret/deeptoad: DeepToad is a library and a tool to clusterize similar files using fuzzy hashing
Also, #SymbolicExecution of even small #binaries is very slow and would only, probably, help for comparing binaries for the same (or compatible) architecture. And in order to compare binaries for the same architectures you have a myriad of different, not terribly slow, ways for doing #BinDiffing.
astralia
Joxean Koret (@matalaz)
Pass the SALT Conference
raptor 
