Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/h4sh5/bcddb

cross-architecture binary comparison database
https://github.com/h4sh5/bcddb

decompiler lsh minhash retdec reverse-engineering

Last synced: about 1 month ago
JSON representation

cross-architecture binary comparison database

Awesome Lists containing this project

README 

        
# BCD: Cross-architecture Binary Comparison DB



workflow:

`binary -> retdec lift into llvm-ir -> minhash -> db` 



Stores functions in binaries as minhash sets for quick lookup for similar functions.

Example usecases:

- detect libc functions with stripped names (demangling)

- detect similar functions in other binaries (e.g. malware analysis/clustering)

- match functions in a binary with open source functions (source code recovery / decompiling)



## pre-requisites



(can comment out ssdeep and pysimhash if not running experiments, the main db is in minhash)



`pip3 install -r requirements.txt`



need to install retdec from https://github.com/avast/retdec

and place `retdec-decompiler` on PATH



### index functions in a binary 



`./bcd.py -i /bin/whoami`



(if no picklefile specified, a new db is saved in the `db_dict.pkl`)



### search similar functions from a binary



`./bcd.py /bin/echo`



## usage recommendations



- index binaries that have symbols (not stripped) for symbol demangling

	- to see binaries with symbols, use `nm ` on linux/mac (use WSL if you are on windows)



- index known functions, like crypto routines, to detect similar crypto routines (e.g. in ransomware)



## web app



The Work-In-Progress flask app works ONLY IN SINGLE THREADED MODE (because of global variables)



If you are running it behind a reverse proxy (like nginx), do NOT use multiple workers. Just use one python and process and proxy pass the port (e.g. 5000)



Make sure you have flask installed (already in requirements.txt).



to run:



`./server.py`