Advanced Binary Diffing with Diaphora Analysis and Automation

2 DAY U_LONG 16 CPE HOUR TRAINING: JANUARY 2021 * FEB 1-5
Joxean Koret
Joxean Koret

Abstract

Diaphora (διαφορά, in Greek "difference") is a pure python plugin for IDA Pro to perform program comparison, what is often referred as "Binary Diffing". Diaphora is open source, regularly maintained and offers more functionality than other similar tools such as Zynamics BinDiff, DarunGrim or TurboDiff.

Binary Diffing is a widely used technique to help in reverse engineering tasks like, patch diffing, importing symbols, library identification, plagiarism detection, etc. All these tasks can be simplified using Diaphora out-of-the-box. There are many cases where the tasks are more complex and require significant effort to apply, or be so tedious that automation becomes a must. There are little to no public resources on automation or scripting of binary diffing or methods to adapt generic techniques to more target specific techniques. And even fewer public resources that discuss deriving your own tools using Diaphora or any other binary diffing tool.

This course will teach you how to script and automate several basic and advanced binary diffing tasks. You will learn how to get the best out of Diaphora's techniques and heuristics for program diffing, how to script your own export filters, diffing filters, new project specific heuristics, how to automate the diffing of batches of samples, how to import symbols in batch from old to new versions, how to make your own tools based on Diaphora, and more.

This training is supplemented by several hands-on exercises to internalize concepts and techniques taught in class.

Course Topics

Binary Diffing - Concepts and Basics

  • Introduction to Binary Diffing and Diaphora
  • Introduction and explanation of the heuristics
  • Patch diffing exercises
  • EXERCISE: Porting your work across versions
  • EXERCISE: Porting symbols between different target versions
  • EXERCISE: Porting library symbols to a target binary using a static version of some library
  • Basic plagiarism detection exercises

Advanced Use Cases and Automation

  • Diffing of specific areas and partial diffing
  • Batch patch diffing
  • Batch importing symbols
  • Batch librari(es) identification
  • Adding new heuristics
  • Scripting the export process
    • Adding filters and transformations
  • Scripting the diffing process
    • Scripting new heuristics
  • Extending Diaphora
  • Writing custom tools using Diaphora

Intended Audience

Reverse engineers, bug hunters, security researchers, vulnerability researchers, exploit developers, anybody who wants to learn advanced usages of program diffing tools to augment their reverse engineering capabilities and make their life easier.

System Requirements

  • IDA Pro or IDA Home 7.5 or higher with Python 3.X.
  • 8GB RAM required, at a minimum
  • 40 GB free Hard disk space
Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated