Google has made available for free a tool for quickly spotting similarities and differences in related binary files or software code.
The BinDiff tool gives security researchers a way to identify and isolate fixes for vulnerabilities in vendor-supplied patches. It also gives them a way to disassemble and compare malicious software files for differences and similarities in code.
Google acquired BinDiff from its purchase of binary software code analysis firm Zynamics in 2011. Since then, the company has been using it internally for large-scale processing of malware code, Google software engineer Christian Blichmann said recently in a blog post.
The billions of malware sample comparisons for which BinDiff has been used have allowed Google to cluster malware samples from around the world into different categories and related families, Blichmann said.
“Ever since Zynamics joined Google in 2011, we have been committed to keeping our most valuable tools available to the security research community,” he said. “We first lowered the price, and today, we are taking the next logical step by making it available free of charge.”
BinDiff 4.2, the current version of the tool, is available for download at the Zynamics Website for both Windows and Linux. In order to use it, however, organizations also need the commercial IDA Pro code disassembler and debugging tool for Windows and Linux from Hex-Rays, SA.
BinDiff can be used to compare binaries for x86, PowerPC, MIPS and ARM/AArch64 architectures, Blitchmann said. In addition to identifying similar and identical functions in different binary files, BinDiff can be used to port comments, variable names and function names from one disassembled binary file to another. It also can be used to detect and highlight changes in code, such as that resulting from a vulnerability fix or from the introduction of malicious code, between two variants of the same code.
Blitchmann did not indicate why Google decided to make BinDiff available for free after charging for the product all these years, but the decision is in keeping with the company’s philosophy of sharing technologies and practices that it uses internally with the broader industry.
Only earlier this month, for instance, the company released into the open-source community a questionnaire framework that it has been using internally for years to assess the security practices of its suppliers. Google’s Vendor Security Assessment Questionnaire (VSAQ) gives enterprises, questionnaire templates they can use for assessing a vendor’s Web application security practices, their network security capabilities and physical security controls.
Google has made similar announcements in other areas, as well. Recently, for instance, it released details on a software-based network load-balancing technology called Maglev that it has been using since 2008 to manage traffic to its various services. And, last September, Google decided to open-source a machine-learning technology called TensorFlow, which powers Google services like Translate and Smart Reply in Inbox, in a bid to get others to use the same technology in new applications.