Title
Heuristics applied to Binary Diffing
Authors
Nicolas Economou
In
Ekoparty 2009
Date published
2009-09-17
Keywords
binary difference

Abstract

This talk will verse over a presently very common activity, related directly with computer security and the detection of stolen code, which is the comparison of software binaries and the generation of exploits based on security patches. We will describe in detail the heuristics that we apply in order to produce a tool (turbodiff) and how we solved the problems of function matching, change detection and implementation.

Turbodiff is the result of an independent research by the author that ended in the development of an IDA plugin with realistic performance which can compare binary files for the different architectures supported by IDA including PowerPC, MIPS, ARM, x86, etc.

Attachments