SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Google Open Sources Binary File Comparison Tool BinDiff

Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub.

Google has announced that BinDiff, a popular file comparison tool maintained by the company for more than a decade, is now open source.

Developed by zynamics.com, which was acquired by Google in 2011, BinDiff is a binary file comparison utility that allows users to identify similarities and differences in disassembled code.

Offering support for IDA Pro, Binary Ninja and Ghidra, the tool can be used to compare binary files for multiple architectures, to identify identical or similar functions, discover potential code theft, identify changes between versions, and more.

For security researchers, the tool comes in handy when it comes to the analysis of multiple versions of the same binary, as well as for isolating patches in software updates supplied by vendors.

BinDiff can also be used to transfer analysis results between binaries, to prevent the duplicate analysis of malware and to help share information across teams.

“It can also be used to port symbols and comments between disassemblies of multiple versions of the same binary. This makes tracking changes over time easier and allows organizations to retain analysis results and enables knowledge transfer among binary analysts,” Google’s description of the tool reads.

BinDiff was initially a paid tool, but Google released it for free in 2016. At the time, the internet giant was heavily relying on its core engine for “a large-scale malware processing pipeline helping to protect both internal and external users.”

To further help the security research community relying on BinDiff for malware analysis, Google has now released the tool’s source code on GitHub.

Advertisement. Scroll to continue reading.

BinDiff can be used on Windows, macOS, and Linux, and supports a Java based GUI that needs to be built separately. Researchers and developers can find instructions on how to build the tool’s code on GitHub.

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: NCC Group Releases Open Source Tools for Developers, Pentesters

Related: Google Releases Open Source Bazel Plugin for Container Image Security

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Lital Asher–Dotan has been hired as Chief Marketing Officer at Beyond Identity.

Tidal Cyber announced that Jennifer Leggio has been appointed Chief Operating Officer.

Google spinoff SandboxAQ has hired Chris Bates as its first CISO.

More People On The Move

Expert Insights

Related Content

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

September 24, 2019
What Sort of Testing Do My Applications Need?

Application Security

What Sort of Testing Do My Applications Need?

November 14, 2017
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
PayPal Warns Users of Credential Stuffing Attacks

Application Security

PayPal Warns Users of Credential Stuffing Attacks

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

January 20, 2023
CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

January 19, 2023
GitHub Revokes Code Signing Certificates Following Cyberattack

Application Security

GitHub Revokes Code Signing Certificates Following Cyberattack

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

January 31, 2023
Drupal Patches Vulnerabilities Leading to Information Disclosure

Application Security

Drupal Patches Vulnerabilities Leading to Information Disclosure

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

January 20, 2023