https://github.com/joxeankoret/diaphora Skip to content Toggle navigation Sign up * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Case Studies + Customer Stories + Resources * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Pricing [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. {{ message }} joxeankoret / diaphora Public * Notifications * Fork 355 * Star 2.8k Diaphora, the most advanced Free and Open Source program diffing tool. diaphora.re License AGPL-3.0 license 2.8k stars 355 forks Star Notifications * Code * Issues 22 * Pull requests 0 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights joxeankoret/diaphora This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags Name already in use A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch? Cancel Create 7 branches 8 tags Code * Local * Codespaces * Clone HTTPS GitHub CLI [https://github.com/j] Use Git or checkout with SVN using the web URL. [gh repo clone joxean] Work fast with our official CLI. Learn more about the CLI. * Open with GitHub Desktop * Download ZIP Sign In Required Please sign in to use Codespaces. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching Xcode If nothing happens, download Xcode and try again. Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @joxeankoret joxeankoret Fix for issue #261 ... 93f1d18 Jun 22, 2023 Fix for issue #261 It seems that the directory name "database" might conflict with an IDA supplied module also called database.py 93f1d18 Git stats * 409 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time codecut db_support doc hooks jkutils others pygments scripts tester .gitignore LICENSE README.md diaphora.py diaphora_config.py diaphora_heuristics.py diaphora_ida.py diaphora_import.py diaphora_load.py diaphora_load_and_import.py View code Unique Features Donations License Licensing Documentation Screenshots README.md Diaphora (diaphora, Greek for 'difference') version 3.0 is the most advanced program diffing tool (working as an IDA plugin) available as of today (2023). It was released first during SyScan 2015 and has been actively maintained since this year: it has been ported to every single minor version of IDA since 6.8 to 8.3. Diaphora supports versions of IDA >= 7.4 because the code only runs in Python 3.X (Python 3.11 was the last version being tested). Unique Features Diaphora has many of the most common program diffing (bindiffing) features you might expect, like: * Diffing assembler. * Diffing control flow graphs. * Porting symbol names and comments. * Adding manual matches. * Similarity ratio calculation. * Batch automation. * Call graph matching calculation. * Dozens of heuristics based on graph theory, assembler, bytes, functions' features, etc... However, Diaphora has also many features that are unique, not available in any other public tool. The following is a non extensive list of unique features: * Ability to port structs, enums, unions and typedefs. * Support for compilation units (finding and diffing compilation units). * Microcode support. * Parallel diffing. * Pseudo-code based heuristics. * Pseudo-code patches generation. * Diffing pseudo-codes (with syntax highlighting!). * Scripting support (for both the exporting and diffing processes). * ... Donations You can help (or thank) the author of Diaphora by making a donation, if you feel like doing so: Donate License Versions of Diaphora prior to 1.2.4, including version 1.2.4, are licensed under the GNU GPL version 3. Since version 2.0, Diaphora is now licensed under the GNU Affero GPL version 3 license. The license has been changed so companies wanting to modify and adapt Diaphora cannot offer web services based on these modified versions without contributing back the changes. For 99.99% of users, the license change doesn't affect them at all. If your company needs a different licensing model, check the next section... Licensing Commercial licenses of Diaphora are available. Please contact admin@joxeankoret.com for more details. Documentation You can check the tutorial https://github.com/joxeankoret/diaphora/ blob/master/doc/diaphora_help.pdf Screenshots Diaphora finding the exact function where a vulnerability was patched in CVE-2020-1350: CVE-2020-1350 Diaphora, again, finding the exact function where CVE-2023-28231 was fixed: CVE-2023-28231 CVE-2023-28231. As explained in a blog from ZDI, the vulnerability was fixed by checking that the number of relay forward messages in "ProcessRelayForwardMessage()" is not bigger or equal than 32 (0x20), as shown in the following pseudo-code diffing: CVE-2023-28231 Diaphora doing Hex-Ray's microcode diffing: Diffing microcode in a graph Diffing assembly, pseudo-code and microcode: Assembly, pseudo-code and microcode Diffing CVE-2023-21768 with Diaphora 3.0: Diffing CVE-2023-21768 with #Diaphora 3.0 This is a screenshot of Diaphora diffing the PEGASUS iOS kernel Vulnerability fixed in iOS 9.3.5: Diffing iOS 9.3.5 diff And this is an old screenshot of Diaphora diffing the Microsoft bulletin MS15-034: Diaphora diffing MS15-034 These are some screenshots of Diaphora diffing the Microsoft bulletin MS15-050, extracted from the blog post Analyzing MS15-050 With Diaphora from Alex Ionescu. Diaphora diffing MS15-050, best matches Diaphora diffing MS15-050, partial matches Diaphora diffing MS15-050, diffing pseudo-code Diaphora diffing a LuaBot, matches and pseudo-code Here is a screenshot of Diaphora diffing iBoot from iOS 10.3.3 against iOS 11.0: Diaphora diffing iBoot from iOS 10.3.3 against iOS 11.0 About Diaphora, the most advanced Free and Open Source program diffing tool. diaphora.re Resources Readme License AGPL-3.0 license Stars 2.8k stars Watchers 123 watching Forks 355 forks Report repository Releases 8 Diaphora 3.0 Latest Jun 21, 2023 + 7 releases Packages 0 No packages published Contributors 26 * @joxeankoret * @joeleong * @leoetlino * @shuffle2 * @radare * @0x1F9F1 * @CookiePLMonster * @Myles1 * @CyberTrashPanda * @ea * @niklasb + 15 contributors Languages * Python 100.0% Footer (c) 2023 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time.