If you had problems diffing some specific project with #Diaphora could you, please, share hashes of the binaries that were causing you problems so I can test them with the currently in development version? It has significantly improved in all senses.

And I'm still not very close to be done #Diaphora

In case you are curious, this is for #Diaphora: I have some function matches between two binaries with weights assigned and I want to choose the "bester" matches. That's it.

Guess what is yours truly Joxean Koret, Open Source developer and poor man, doing this sunny Saturday morning? #Diaphora

https://github.com/joxeankoret/diaphora/issues/193

Reminder to myself: use the damn microcode for the damn #Diaphora so you can fucking show assembler graph diffs of different architectures making sense!

Yesterday night, after modifying some things in #Diaphora, I left running the testing suite. The change was improving some test cases I had manually tested comparing binaries built for different architectures (ie, MIPS against PPC, x86 against ARM, s390 against Sparc, etc..).

After checking the results, it turns out the change causes Diaphora to find less matches when used for comparing binaries for the same target CPU 🤦‍♀️

Yesterday night I was thinking that often I can use 'dirty tricks' to speed up some of the most common diffing tasks with #Diaphora, like:

* Diffing patches with function names (Microsoft Tuesday Patches).
* Diffing binaries with symbols stripped that are actually the same binary.

I believe I can speed up such tasks by just doing some 'dirty' tricks and skipping most heuristics. I will (try) to implement them this weekend.

Inline function calls are a pain in the ass #Diaphora

@verb Sorry, I don't use any themes for IDA, the colours come from a #Diaphora diffing session (closer to green good results, closer to purple bad results).

Guess what is yours truly Joxean Koret doing this Sunday morning? Working on #Diaphora 3.0. People don't know the amount of work that is behind their favourite Open Source project.

@joxean I think a fine-grained callgraph including call site information would break this tie.

Match the call sites in the two binaries, using instruction-level comparisons. You can then differentiate between the two call edges, based on which call site they are from.

#BinaryDiffing #CallGraph #Diaphora

Actually, it seems BFD (GNU's Binary File Descriptor library) is a good test case for finding rare multimatches with the same score and with little to no information to determine which match is best when doing binary diffing with #Diaphora...

RT @HexRaysSA
We’ve just published a new Plugin Focus blog post! Joxean Koret (@matalaz)
from Activision introduces his binary diffing plugin #Diaphora. Read more: https://hex-rays.com/blog/plugin-focus-diaphora/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Plugin-Focus-diaphora

#PluginFocus #IDAPro #IDAPython #IDAPlugin

RT @_ringzer0@twitter.com

👀 Does all binary code look the same to you? Upgrade your #BinaryDiffing skills and automate your diffing tasks with Joxean Koret’s (@matalaz@twitter.com) #training on Advanced Binary Diffing with #Diaphora!

🎟️ https://ringzer0.training/trainings/advanced-binary-diffing-with-diaphora.html

🐦🔗: https://twitter.com/_ringzer0/status/1613568373677522944

So, continuing my rant about academic research in the #bindiffing area and not releasing required stuff: In one paper they say that 2 malware samples aren't properly diffed by both #Diaphora and #BinDiff, so I have tried to search for the samples to do the diffing myself and see why, if at all, it fails. There is no dataset or sample hashes anywhere, only a set of assembly instructions for a specific basic block... #Fail

PS: I forgot to say that regardless of academic papers, everyone that needs to get real work done uses #diaphora, #bindiff or both.

If I were to take a decision to continue the development of #Diaphora based on what academic research in the #BinDiffing area says, I should stop because almost every academic paper I read considers their authors already solved the problem and they even improve previous papers.

One question regarding #Diaphora: Should I store the differences for assembler and pseudo-codes in the *.diaphora databases when a reverser saves the diffing results?

Less than 2 days of work on the #Diaphora independent GUI with #Lazarus + #FreePascal and it's already pretty advanced. Is not done yet, but it will probably be ready by next week.

I started yesterday writing an independent GUI for #Diaphora with #Lazarus + #FreePascal when I have some minutes. Only for viewing saved #Diaphora diffing results. If I have today like ~2 hours, I will have an initial version working whereas with PyQT or something similar I would still be fighting with QT Designer.

It is awesome.