9 comments
https://hex-rays.com/ida-free/ is the only product I've used for this type of work. I generally don't do much reverse engineering though as I find it annoyingly tedious. One thought; if you know the original source repo of the binary files, you can compare the hash of the compiled files from the authoritative source to see if they've been modified / recompiled before uploading to Ventoy's repo. @arraybolt3 @eickmeyer @cdp1337 @vkc @FritzAdalis @eickmeyer @cdp1337 @vkc That's more or less what I had planned. Reverse engineering tools were what I hoped to use for investigating how things changed from the original source code, if they changed. @arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc Look for strings contained in the blob first—sometimes you can learn a lot that way. @arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc I don't have time to do this myself, but I'd run all of the binary blobs I might want to compare through ssdeep. That way I would get a quick first feel for which are similar/alike, and which are different, and to what extend. https://ssdeep-project.github.io/ssdeep/index.html Doing something like `vimdiff <(xxd binary1) <(xxd binary2) also helps me for quick checks. https://cutter.re/ is a free gui for reversing. @arraybolt3 @FritzAdalis @eickmeyer @cdp1337 @vkc diffoscope is an excellent tool for analysing differences in binaries. It will dive down i into any format it knows (including ELF) to extract meaningful diffs. |
@eickmeyer @cdp1337 @vkc Curiosity got the better of me. I've now downloaded the full blob-laden Ventoy source code and all release artifacts from the latest release for safe-keeping and future analysis.
Does anyone have good suggestions for #reverseengineering tools? I know about #ghidra but am interested in other suggestions too. #linux #ubuntu