BinDiff is a constant presence inside a security researcher’s toolbox, ideal for patch and malware analysis or reverse engineering of code. The Google-owned software allows researchers to conduct side-by-side comparisons of binary files in disassembled code looking for differences in the samples. Until last week, BinDiff came with a price, but on Friday Google announced that it was making the plug-in available for free. Researchers still have purchase the Hex-Rays IDA Pro disassembler, 6.8 or later to use the plug-in, however.
Nonetheless, researchers are quick to applaud the fact that Google has removed a barrier to entry for advanced analysis. “BinDiff is an invaluable tool for security researchers, allowing one to rapidly see what’s different between programs,” said Mark Dufresne, director of malware research and threat intelligence at Endgame. “With polymorphism becoming increasingly common and the rate of change in malicious software accelerating, BinDiff’s abilities to help researchers cluster new samples to known malware families and isolate new behaviors in malware are both critical.