Lmst

📚 “Comparing binaries with radiff2” - a video tutorial by Mohamed Atta Abozaid (Egypt)

👀 video https://youtu.be/RsI8hNhsi_U
👉source https://github.com/ReEng101/Binary-Comparison

#radare2 #reverseengineering #BinaryDiffing

This paper looks promising: "SIGMADIFF: Semantics-Aware Deep Graph Matching for Pseudocode Diffing".

https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=9671&context=sis_research

#SigmaDiff #Pseudocode #Diffing #BinaryDiffing #BCSA

The code is also published (in github) already and #Diaphora now can use an already trained model to try to improve binary diffing results (matching). I haven't made yet a new release just yet as these changes are considered a bit experimental for now.

The datasets and tools for training and testing are here: https://github.com/joxeankoret/diaphora-ml
And Diaphora, is here: https://github.com/joxeankoret/diaphora

#Diaphora #BinaryDiffing #Bindiffing #ReverseEngineering #MachineLearning

Here are the slides of my "Simple Machine Learning Techniques for Binary Diffing (with Diaphora)" talk given at the @44CON conference last week:

https://github.com/joxeankoret/diaphora-ml/blob/main/docs/diaphora-ml-techniques-44con-final.pdf

#44con #Diaphora #MachineLearning #ReverseEngineering #BinaryDiffing

This is not at all my own idea and this is, basically, the only thing that academia researches as of today: almost every single academic paper published in the last years talking about binary diffing (or, as academia calls it "Binary Code Similarity Analysis") is based on "machine learning" techniques.

Some popular academic examples: DeepBinDiff or BindiffNN. Don't worry if you don't know them. Nobody uses them. At all.

#BinDiff #BinaryDiffing #BinaryCodeSimilarityAnalysis

Any cool bug in Microsoft's February 2024 Patch Tuesday??

#PatchTuesday #BinaryDiffing #Diaphora

It's very sad, but it's always a damn waste of time reading academic research about binary diffing or, as it's called at the academia, about binary code similarity analysis. It's either all fairytales that cannot be proved or, plainly, false and/or wrong.

An example? One paper that I have re-read today says that #BinDiff and #Diaphora are mono-architecture and totally discard these tools for the paper. LOL.

#BinaryDiffing #BinDiffing #BinaryCodeSimilarityAnalysis

Fun Reverse Engineering problem du jour. A compilation unit is a set of functions. Cool. However, a function might belong to one or many compilation units.

For example, in #Diaphora, I used to think that once I have a compilation unit name for a function, that function belongs to just that one CU. However, if a function from, for example, a header file is in-lined inside a function, what compilation unit does that function belong to?

#ReverseEngineering #BinaryDiffing #BinDiffing

The support for finding fixed signedness issues in #Diaphora is working (to highlight potentially fixed vulnerabilites):

#BinaryDiffing #PatchDiffing

A signed to unsigned check changed in ARM.

A signed to unsigned check changed in x86.

Me every time I have a "new" idea for doing #BinaryDiffing in #Diaphora with algorithms based on graph theory:

Any cool bug on this Patch Tuesday? Anything cool to diff with #Diaphora and enhance the ability to try to find patched vulnerabilities?

#PatchTuesday #PatchDiffing #BinaryDiffing #BinDiffing

Did you know that #Diaphora detects patch diffing sessions and tries to help finding where vulnerabilities were fixed? Here are some examples for CVE-2020-1350 and CVE-2023-28231.

#patchdiffing #binarydiffing #bindiffing #vulnerabilityresearch #vulndev

Diaphora showing the exact place where CVE-2020-1350 was fixed.

Diaphora showing the exact place where CVE-2023-28231 was fixed.

Also, #SymbolicExecution of even small #binaries is very slow and would only, probably, help for comparing binaries for the same (or compatible) architecture. And in order to compare binaries for the same architectures you have a myriad of different, not terribly slow, ways for doing #BinDiffing.

#BinaryDiffing

One question regarding #bindiffing: Have you ever used a tool called #DeepBinDiff? I am not talking about "BinDiff" but rather about "DeepBinDiff".

#BinaryDiffing #BinaryCodeSimilarityAnalysis #BCSA

@Mizu If you want more #datasets for #binary #diffing, take a look to this paper:

https://arxiv.org/abs/2011.10749

#BinaryDiffing #BinDiffing #BinaryCodeSimilarityAnlysis #BCSA

Dear everyone in the academia using "Machine Learning" for Binary Code Similarity Analysis (ie, bindiffing): AI is bad for anything that requires exact results. It will generate a huge amount of false positives mixed with a varying degree of similar results and is pretty hard to understand its output.

#bindiffing #BinaryDiffing #ProgramDiffing #MachineLearning #BCSA #ArtificialIntelligence

@joxean, really enjoying the presentation of a world-class reference in #BinaryDiffing. Absolute respect for the amount of work behind the scenes in terms of side-technical challenges such as multiplatform testing. Even without deepening on the problem addressed, I can still appreciate the huge amount of time spent, simply, making things work as expected. #Respect

#Bindiffing with #Diaphora CVE-2023-28231. As explained in the linked blog from @thezdi, the vulnerability has been fixed by checking that the number of relay forward messages in "ProcessRelayForwardMessage()" is not bigger or equal than 32 (0x20), as shown in the following pseudo-code diffing:

#BinDiffing #BinaryDiffing

https://www.zerodayinitiative.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

So, let's say that we have 2 functions in binary A matching 2 functions in binary B *but* both A functions and B functions have the exact same score for the 4 matches (and the same callers and callees). This looks like a complex match to resolve, right?

So, what do you think is (apparently) the best and simplest method in #BinaryDiffing to determine which match is the appropriate one?

#Diaphora #BinDiffing #BinaryDiffing

#binarydiffing

Client Info