Google offers binary comparison tool BinDiff for free
In case you missed it, Google announced on Friday that BinDiff, a comparison tool for binary files, can now be downloaded for free.
The tool is used to spot differences and similarities in disassembled code, and is helpful for identifying and isolating fixes for vulnerabilities in vendor-supplied patches, preventing duplicate analyses of files, retaining knowledge across teams of binary analysts where the individual workflows might vary from analyst to analyst.
“At Google, the BinDiff core engine powers a large-scale malware processing pipeline helping to protect both internal and external users. BinDiff provides the underlying comparison results needed to cluster the world’s malware into related families with billions of comparisons performed so far,” Google software engineer Christian Blichmann explained in the announcement.
BinDiff is a brainchild of Zynamics, a company that was acquired by Google in 2011.
The software can be downloaded from here, but be advised that it no longer regularly maintained. “We do not offer support. If you do contact us with bugs, feature requests or general questions, we will decide on a case by case basis on how to respond,” it says on the software’s website.
It works on Linux and Windows (you also need the Hex-Rays IDA Pro disassembler, 6.8 or later, to use it), but if you’re a OS X users, you’re out of luck.
An open source, maintained alternative to BinDiff is Joxean Koret’s Diaphora, which works on OS X.