Binary diffing

Yesterday, a new feature was pushed to radare2: offset-based function diffing. We’d like to take this opportunity to write a bit about radare2’s diffing features before showing the shiny new one. Let’s take a copy of a cracked crackme as an example, and the true and false binaries. Without parameter, radiff2 will by default show what bytes changed, and the corresponding offsets. $ radiff2 genuine cracked 0x000081e0 85c00f94c0 => 9090909090 0x000081e0 0x0007c805 85c00f84c0 => 9090909090 0x0007c805 $ rasm2 -d 85c00f94c0 test eax, eax sete al Notice how the two jumps are noped.
Uncategorized