Locked Diaphora v3.1.1 - IDA Python BinDiffing plugin

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Diaphora is the most advanced program diffing tool (working as an IDA plugin) available as of today (2023). It was released first during SyScan 2015 and has been actively maintained since this year: it has been ported to every single minor version of IDA since 6.8 to 8.3.

Diaphora supports versions of IDA >= 7.4 because the code only runs in Python 3.X (Python 3.11 was the last version being tested).

Unique Features

Diaphora has many of the most common program diffing (bindiffing) features you might expect, like:

    Diffing assembler.
    Diffing control flow graphs.
    Porting symbol names and comments.
    Adding manual matches.
    Similarity ratio calculation.
    Batch automation.
    Call graph matching calculation.
    Dozens of heuristics based on graph theory, assembler, bytes, functions’ features, etc…

However, Diaphora has also many features that are unique, not available in any other public tool. The following is a non extensive list of unique features:

    Ability to port structs, enums, unions and typedefs.
    Support for compilation units (finding and diffing compilation units).
    Microcode support.
    Parallel diffing.
    Pseudo-code based heuristics.
    Pseudo-code patches generation.
    Diffing pseudo-codes (with syntax highlighting!).
    Scripting support (for both the exporting and diffing processes).

Changelog v3.1.1

This is mainly a bug fixes release that, however, includes 2 new heuristics and some experimental enhancements to try to find patched vulnerabilities when doing patch diffing. Here is the whole change log:

DIFF: Added a ratios cache to speed up comparison operations.
EXPORT: Added a column to save how long it took to export a single function.
EXPORT: Use cur.executemany() instead of cur.execute() whenever it’s possible.
GUI: Added menu item “Show assembly patch”.
HEUR: Added heuristic “Related compilation unit” to find functions by matching potential compilation units.
HEUR: Added heuristic “Same constants related matches” to find functions using the same constants in different places.
MISC: Refactored the code for finding potentially fixed vulnerabilities.
MISC: Replace multiple “SELECT *” appearances with just the required fields, where appropriate.
VULN: Added a few new patterns to try to find potentially fixed vulnerabilities.
VULN: Added heuristic to try to find fixed signedness issues for x86 and ARM.
BUG: Diaphora was calling ida_lines.get_srcline() for every assembly line. Fixed by doing it once per basic block.
BUG: The code for calculating the primes assigned to a compilation unit was terribly slow.
BUG: The microcode instructions list was built a lot of times instead of being done only once.
BUG: When importing pseudo-code comments, do not set the treeloc_t.item_preciser_t member itp when the stored value is None.

This is the hidden content, please

• Sign In
• or
• Sign Up