Changes between Version 7 and Version 9 of Ticket #5837


Ignore:
Timestamp:
May 13, 2012, 12:22:06 AM (7 years ago)
Author:
mikeperry
Comment:

Changes to description: Give a few more hints to illuminate the diffing process. We may not actually want to rely fully on what BinDiff and IDA say.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #5837

    • Property Cc tom@… added
  • Ticket #5837 – Description

    v7 v9  
    12122. Compile your own TBB bundle. This is somewhat tricky. Sebastian has instructions for Mac OS in https://gitweb.torproject.org/torbrowser.git/tree/master:/docs/buildmachine_setups. Windows and Linux instructions should arrive there soon.
    1313
    14 If you succeed in producing an independent build, it will be useful to post a link to it here for others to begin analyzing. However, you'll want to use a VM when inspecting random anonymous people's builds: IDA Pro is of course not immune to exploits against itself.
     143. Analyze/BinDiff the resulting packaging exe as well as the exes contained therein.
    1515
    16 3. BinDiff the resulting packaging exe as well as the exes contained therein.
     16If you lack BinDiff, you should consider focusing your efforts on MacOS and Linux packages, which should produce substantially more similar builds than Windows, especially if you build the Linux TBB on Debian Lenny and the Mac one on MacOS 10.7 with Xcode 4 (which are our build machine setups). Start with using the 'cmp' (and/or hexdump and diff) UNIX commands to find the differing sections of the binaries, and then use IDA Pro to inspect those sections (quickest way: Just use the search tool for a long hex string surrounding the difference).
    1717
    18 If you lack BinDiff, you should consider focusing your efforts on MacOS and Linux packages, which should produce substantially more similar builds than Windows, especially if you build the Linux TBB on Debian Lenny and the Mac one on MacOS 10.7 with Xcode 4 (which are our build machine setups). Start with using the 'cmp' (and/or hexdump and diff) UNIX commands to find the differing sections of the binaries, and then use IDA Pro to inspect those sections. More advanced tools to find minimal binary edit differences may also be useful if the differences the basic tools find are large. http://jojodiff.sourceforge.net/ is an example of one such tool, but there probably are others.
     18More advanced tools to find minimal binary edit differences may also be useful if the differences the basic tools find are large. http://jojodiff.sourceforge.net/ is an example of one such tool, but there probably are others.
     19
     20Be sure to verify the difference that IDA and/or BinDiff decodes is the same as a simple diff tool finds (cmp or jojodiff). The simple diff tool is less likely to be fooled than IDA.
    1921
    2022You should be able to use IDA Pro for any platform to analyze binaries for any other platform. You do not need to buy the MacOS copy to analyze MacOS binaries.