cross-architecture binary comparison database
BSD-3-CLAUSE License
workflow:
binary -> retdec lift into llvm-ir -> minhash -> db
Stores functions in binaries as minhash sets for quick lookup for similar functions. Example usecases:
(can comment out ssdeep and pysimhash if not running experiments, the main db is in minhash)
pip3 install -r requirements.txt
need to install retdec from https://github.com/avast/retdec
and place retdec-decompiler
on PATH
./bcd.py -i /bin/whoami
(if no picklefile specified, a new db is saved in the db_dict.pkl
)
./bcd.py /bin/echo
index binaries that have symbols (not stripped) for symbol demangling
nm <path to binary>
on linux/mac (use WSL if you are on windows)index known functions, like crypto routines, to detect similar crypto routines (e.g. in ransomware)
The Work-In-Progress flask app works ONLY IN SINGLE THREADED MODE (because of global variables)
If you are running it behind a reverse proxy (like nginx), do NOT use multiple workers. Just use one python and process and proxy pass the port (e.g. 5000)
Make sure you have flask installed (already in requirements.txt).
to run:
./server.py