zlacker

Diaphora: an open-source program diffing IDA plugin

submitted by Dyslex+(OP) on 2023-06-21 20:58:39 | 122 points 25 comments
[view article] [source] [links] [go to bottom]
replies(13): >>pestat+W5 >>nix0n+th6 >>debate+7o6 >>antonk+rN6 >>glonq+iR6 >>Goofy_+lb7 >>grugag+Fx7 >>westur+EP7 >>xvilka+Q18 >>nekita+Ub8 >>lgas+xc8 >>usr110+fl8 >>serito+J19
1. pestat+W5[view] [source] 2023-06-21 21:20:52
>>Dyslex+(OP)
not really...it is an IDA(interactive disassembler) Pro plugin
replies(3): >>Shadow+4w6 >>hpb42+nX6 >>dang+kB7
2. nix0n+th6[view] [source] 2023-06-23 15:47:49
>>Dyslex+(OP)
It's a "program-diffing" tool, not a "Free-and-Open-Source-program".

The title would be less confusing if written as "Diaphora, the most advanced, Free and Open Source, program-diffing tool".

replies(2): >>Shadow+mw6 >>dang+dB7
3. debate+7o6[view] [source] 2023-06-23 16:16:40
>>Dyslex+(OP)
Would be very useful as a standalone tool.
replies(1): >>mdanie+k77
◧◩
4. Shadow+4w6[view] [source] [discussion] 2023-06-23 16:53:59
>>pestat+W5
Thanks. I had no idea what “IDA” was.

Disappointing.

◧◩
5. Shadow+mw6[view] [source] [discussion] 2023-06-23 16:55:07
>>nix0n+th6
And less misleading if it disclosed that it’s only a plug-in for Interactive Disassembler.
6. antonk+rN6[view] [source] 2023-06-23 18:25:06
>>Dyslex+(OP)
If you need to compare (and merge) an arbitrary number of files side-by-side, I recommend diffuse https://github.com/MightyCreak/diffuse
replies(2): >>muxato+027 >>jcul+Ha8
7. glonq+iR6[view] [source] 2023-06-23 18:47:08
>>Dyslex+(OP)
On a related note, can anybody recommend a effective, portable, lightweight, open/free app for diffing and patching artibrary binary files (not just executables) ?

My long-time fave is JojoDiff https://jojodiff.sourceforge.net

...but I'm always curious to know what else is out there.

◧◩
8. hpb42+nX6[view] [source] [discussion] 2023-06-23 19:23:12
>>pestat+W5
Wikipedia entry for IDA Pro: https://en.wikipedia.org/wiki/Interactive_Disassembler

I'm curious to know how much a license costs, I couldn't find easily on their website.

replies(1): >>crimso+mc7
◧◩
9. muxato+027[view] [source] [discussion] 2023-06-23 19:48:23
>>antonk+rN6
Thanks, just today I decided that the current status of Meld (https://meldmerge.org/) was untenable for me.

It used to be a fast program, with a reasonable interface.

For a long time now its interface has been "simplifed" following GNOME 3's User Interface Guidelines, and everything ended up being hidden inside a hamburger menu.

But what definitely made it untenable was not the UX, but its tendency to crash and being really slow under the slightest load.

I was considering contributing to the project, but honestly a better engineered alternative would be welcome.

Thanks for the info (and thanks Kai Willadsen for Meld).

◧◩
10. mdanie+k77[view] [source] [discussion] 2023-06-23 20:19:49
>>debate+7o6
I didn't try to run it to see what it would do, but FWIW it does have "I am running outside of IDA" guards, and the comments further down in the file also mention "when running outside of IDA ..." https://github.com/joxeankoret/diaphora/blob/3.0/diaphora.py...
11. Goofy_+lb7[view] [source] 2023-06-23 20:47:14
>>Dyslex+(OP)
It's an IDA Plugin to diff binaries. Very useful for creating 1-day exploits i.e. when a vendor patches a vulnerablity, you use Diaphora to diff the vulnerable binary vs the patched one to understand what was going on, and create an exploit based off of that.

Many of Microsoft POC exploits that come out after an update are made this way.

◧◩◪
12. crimso+mc7[view] [source] [discussion] 2023-06-23 20:54:29
>>hpb42+nX6
Depends what you want to do with it really.

https://www.hex-rays.com/cgi-bin/quote.cgi/products

13. grugag+Fx7[view] [source] 2023-06-23 22:59:48
>>Dyslex+(OP)
Anyone still using Winmerge? Been using it for 10-15 years and it’s just been absolutley fantastic for my use
replies(1): >>colord+SA7
◧◩
14. colord+SA7[view] [source] [discussion] 2023-06-23 23:19:04
>>grugag+Fx7
Using Beyond Compare.
◧◩
15. dang+dB7[view] [source] [discussion] 2023-06-23 23:22:35
>>nix0n+th6
Submitted title was "Diaphora, the most advanced Free and Open Source program diffing tool". We've attempted to make it less misleading.
◧◩
16. dang+kB7[view] [source] [discussion] 2023-06-23 23:22:59
>>pestat+W5
Thanks - we've made the title say IDA plugin now.
17. westur+EP7[view] [source] 2023-06-24 01:24:55
>>Dyslex+(OP)
What would it take to add an adapter to or port Diaphora to Ghidra?

A bunch of open source Ghidra plugins, some ported from IDA: https://github.com/fr0gger/awesome-ida-x64-olly-plugin/blob/... ctrl-f 'diff', 'bindiff'

ghidra-patchdiff-correlator#how-does-it-work: https://github.com/threatrack/ghidra-patchdiff-correlator#ho...

https://ghidra.re/ghidra_docs/api/ghidra/python/PythonPlugin...

ghidra-jython-kernel + jupyter_console: https://github.com/AllsafeCyberSecurity/ghidra-jython-kernel

ghidrathon https://www.mandiant.com/resources/blog/ghidrathon-snaking-g... :

> Ghidrathon replaces the existing Python 2 extension implemented via Jython. This includes the interactive interpreter window, integration with the Ghidra Script Manager, and script execution in Ghidra headless mode. You can build and install Ghidrathon using the steps outlined in our README to start using the features described below [...]

> Alternatives: Ghidrathon is one of multiple solutions, including Ghidraal, Ghidra Bridge, and pyhidra, that enables Python 3 scripting in Ghidra. Each solution is implemented differently with accompanying benefits and limitations. We encourage you to explore all solutions and choose which best fits your needs.

18. xvilka+Q18[view] [source] 2023-06-24 03:30:28
>>Dyslex+(OP)
Rizin[1][2] provides basic diffing capabilities out of the box with the `rz-diff` tool. We plan to expose it in our GUI, Cutter, too, in the near future.

[1] https://rizin.re

[2] https://github.com/rizinorg/rizin

◧◩
19. jcul+Ha8[view] [source] [discussion] 2023-06-24 05:15:12
>>antonk+rN6
diffuse (and meld) are great tools for diffing text files. However, this link seems to be a binary analysis tool for diffing disassembled binaries. It is a plugin for IDA Pro, one of the foremost reverse engineering tools.

So I don't think it is in the same category as diffuse.

20. nekita+Ub8[view] [source] 2023-06-24 05:35:07
>>Dyslex+(OP)
I love this tool, but the AGPL license means I cannot use it at work due to company policies.

I'm sympathetic and understand the author's reasoning for relicensing it under the AGPL, but I wonder how much that holds back adoption, which is a shame considering how useful the software is.

replies(1): >>usr110+Jl8
21. lgas+xc8[view] [source] 2023-06-24 05:42:51
>>Dyslex+(OP)
I saw the name Diaphora and thought it would be the perfect name for a reddit replacement... like Diaspora and Fora (multiple forums) combined. This is pretty cool too though.
22. usr110+fl8[view] [source] 2023-06-24 07:32:42
>>Dyslex+(OP)
I cannot parse the title. Probably the plugin is open-source. But where does "program" belong to?

Either way, if you don't use IDA or don't even know what it really is (like myself), this is not for you.

Comments telling how (un)happy they are with meld or BeyondCompare are off-topic. This plugin is a different category.

replies(1): >>Stammo+sm8
◧◩
23. usr110+Jl8[view] [source] [discussion] 2023-06-24 07:39:49
>>nekita+Ub8
They write that commercial licenses are available.

Is it a shame the Apple's pricing holds back adoption considering how good their product quality is [*]?

[*] Not a fanboy and not ever a user since 1995ish. Just an analogy.

◧◩
24. Stammo+sm8[view] [source] [discussion] 2023-06-24 07:47:30
>>usr110+fl8
An (open-source ((program diffing) (IDA plugin)))
25. serito+J19[view] [source] 2023-06-24 14:43:14
>>Dyslex+(OP)
Since I don't see it mentioned so far, BinDiff is an alternative: https://www.zynamics.com/bindiff.html https://www.zynamics.com/software.html
[go to top]