
BinDiff now available for free - ner0x652
http://security.googleblog.com/2016/03/bindiff-now-available-for-free.html
======
aurelianito
Shameless plug:

Several years ago I did a tool that shows differences between disassembled
functions basic-block graphs, that you can use for free and it is GPLv2
licensed. I believe my tool shows the differences in a better way than
bindiff, and it piggybacks on a disassembler made by a former coworker and
friend.

Maybe someone wants to use it.

[http://www.coresecurity.com/corelabs-research/open-source-
to...](http://www.coresecurity.com/corelabs-research/open-source-
tools/aureliax)

PS: I don't work at Core Security anymore.

~~~
wslh
> I don't work at Core Security anymore

Where do you work now?

~~~
aurelianito
Now I work at a small company named Disarmista.

------
dsl
To be clear, it is still a plugin for a ~$5000 application.

Nonetheless, thanks Google for lowering the bar for entry into professional
security work!

~~~
linkregister
From the article, it didn't appear that the decompiler was required, just the
disassembler.

IDA Pro disassembler (professional edition) is $1129.

So it's somewhat less expensive.

I wish Hopper (hopperapp.com) were more publicized; it's only $89!

~~~
Tomte
What's the Windows status there? I have looked at their web page many times
and it's just confusing.

The main description page says Mac only, a blog post from long ago says
Windows is available (with some restrictions).

~~~
josso
Version 2 of Hopper had a Windows version available, but with later versions
it has been discontinued:
[https://twitter.com/bSr43/status/672185178236825601](https://twitter.com/bSr43/status/672185178236825601)

------
fungos
Remember that 4.2.0 works only with IDA 6.8, if you have an older IDA license,
there goes the link to the 4.1.0 that is compatible with IDA 6.5+:
[https://dl.google.com/dl/zynamics/bindiff410-win-x86.msi](https://dl.google.com/dl/zynamics/bindiff410-win-x86.msi)

UPDATE:

Linux is here:
[https://dl.google.com/dl/zynamics/bindiff410-debian7-amd64.d...](https://dl.google.com/dl/zynamics/bindiff410-debian7-amd64.deb)

~~~
AdmVonSchneider
Well it mostly works on 6.9 as well. Linux should work without any
restrictions, but on Windows there were some IDA Qt changes that lead to some
annoyances: \- Can't reopen BinDiff windows after they were closed \-
Shortcuts don't work

Other than that the Windows version is functional.

------
ikeboy
Why is the linked site served over http?
[http://www.zynamics.com/software.html](http://www.zynamics.com/software.html)

Changing to https reveals a security cert valid for *.google.com, but not for
www.zynamics.com.

~~~
newjersey
Interesting. I brought up a similar issue about what browser dot org and while
they took months to get it working with HTTPS, I consider it a win.

Still interesting though. I'd just use a separate certificate for this. >
www.zynamics.com uses an invalid security certificate. The certificate is only
valid for the following names: _.google.com,_.android.com,
_.appengine.google.com,_.cloud.google.com, _.google-analytics.com,_.google.ca,
_.google.cl,_.google.co.in, _.google.co.jp,_.google.co.uk,
_.google.com.ar,_.google.com.au, _.google.com.br,_.google.com.co,
_.google.com.mx,_.google.com.tr, _.google.com.vn,_.google.de,
_.google.es,_.google.fr, _.google.hu,_.google.it, _.google.nl,_.google.pl,
_.google.pt,_.googleadapis.com, _.googleapis.cn,_.googlecommerce.com,
_.googlevideo.com,_.gstatic.cn, _.gstatic.com,_.gvt1.com,
_.gvt2.com,_.metric.gstatic.com, _.urchin.com,_.url.google.com, _.youtube-
nocookie.com,_.youtube.com, _.youtubeeducation.com,_.ytimg.com,
android.clients.google.com, android.com, g.co, goo.gl, google-analytics.com,
google.com, googlecommerce.com, urchin.com, youtu.be, youtube.com,
youtubeeducation.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

------
derefr
Isn't this the same basic idea as Google Updater's Courgette algorithm
([https://www.chromium.org/developers/design-
documents/softwar...](https://www.chromium.org/developers/design-
documents/software-updates-courgette))? Both seem to disassemble and then
untangle the static call graph into something that can be effectively diffed.

~~~
rincebrain
It may well be, but given the relative age of both Courgette's publication and
Zynamics prior to Google's purchase, I'd be surprised if the two
implementations are not entirely disjoint.

------
lamby
Would love this introduced into
[http://diffoscope.org/..](http://diffoscope.org/..).

------
drakenot
I saw someone post this googleblog entry over a month ago on the Freenode ##re
channel. Then it was quickly taken down again. I guess they must have pulled
the trigger a little early.

------
int_handler
Man, I'm getting tons of early-2000s vibes from the design of the zynamics
website.

~~~
AdmVonSchneider
Yup, we didn't bother with updating it in a looong while :-/

------
steipete
Is there a version for OS X?

~~~
AdmVonSchneider
There used to be (4.0). I'm working on it, though :)

------
sshykes
No OS-X support? :(

------
sandra_saltlake
It's an awesome free debugger!

------
lolidaisuki
If you look at the EULA you'll see that free here means free as in no cost. It
is still proprietary software and isn't considered "open source" by the OSI
definition[2] even tho the page claims it's "open source".

[1] [http://www.zynamics.com/eula.html](http://www.zynamics.com/eula.html) [2]
[https://opensource.org/osd](https://opensource.org/osd)

------
armitron
This would have been news worthy 10 years ago.

Today, it's more like _shrug_ who cares.

Dependency on IDA, closed source, limited platform support, Java/Swing ...

Far better free solutions out there.

~~~
13of40
Serious question -- can you point to a better (or at least more free)
recursive, graphical debugger for Windows than IDA?

~~~
Strom
Not sure what you mean by recursive, but OllyDbg [1] is an awesome free
debugger on Windows.

[1] [http://www.ollydbg.de/](http://www.ollydbg.de/)

~~~
fabulist
They are alluding to IDA's recursive disassembly capabilities.

[http://reverseengineering.stackexchange.com/questions/2347/w...](http://reverseengineering.stackexchange.com/questions/2347/what-
is-the-algorithm-used-in-recursive-traversal-disassembly)

(It's worth noting the answer from Igor Skochinsky, while not the selected
answer, comes from IDA's author.)

