14 DAY TRIAL // Google announced last Friday it was open-sourcing BinDiff, a tool used by security researchers for performing binary file analysis and comparison.
Back in 2011, Google bought Zynamics, and through it became the legal owner of BinDiff, a popular tool among security researchers at that time. BinDiff was available under a commercial license, but Google lowered its price after its acquisition, so more security researchers could benefit from its features.
Google heavily uses BinDiff for its security file scanners
The search giant didn't buy Zynamics just so it could ensure security researchers got a promo deal, but integrated BinDiff into many of its internal file analysis systems, using its unique binary comparison techniques to track malware families across different binaries.
"At Google, the BinDiff core engine powers a large-scale malware processing pipeline helping to protect both internal and external users," Google software engineer Christian Blichmann explains. "BinDiff provides the underlying comparison results needed to cluster the world's malware into related families with billions of comparisons performed so far."
Besides malware tracking, BinDiff's devs also say the tool can be used to find and isolate bugfixes in vendor-supplied software, and transfer analysis results across similar binaries. Both are useful features that cut down a lot of time when doing security research, helping dev teams avoid duplicating work on the same code.
Currently, BinDiff can compare binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures. The latest version, 4.2 for Windows and Linux, are available on the official website. The catch is that researchers also need the commercial Hex-Rays IDA Pro disassembler, 6.8 or higher.
Google and Dell released other security tools two weeks ago
Earlier this month, both Google and Dell open-sourced tools for security professionals. Google released VSAQ (Vendor Security Assessment Questionnaire), a collection of questionnaires for assessing an organization's security measures.
Dell released a tool called DCEPT (Domain Controller Enticing Password Tripwire), a honeypot servers for detecting attackers that may try to exploit local Windows domains and Active Directory setups.
Below is a screenshot of BinDiff in action.
