Binary diffing aims at measuring the similarity between two given binary objects (programs, functions ...). Given two inputs, it generates a mapping from elements of the first input to the second one. Such a technique is essential for various security workflows like silent fixes detection, 1-day analysis, malware analysis, patch analysis or binary plagiarism detection. Numerous methods have been presented over the years, from the widely used tools (BinDiff, diaphora) to more experimental academic results.
Security audits performed at Quarkslab often involve analyzing different versions or variants of a same or similar binary samples. The internship aims at lifting all valuable information that can be extracted from computing the difference between two or more samples. It also, implies solving complex uses-cases where binaries are obfuscated or answering complex questions like is sample A closer from B or C?
The internship requires many practical experimentations, some development and the taste to dig more into exploratory techniques in a more theoretical and experimental manner.
Quarkslab already have some internal tooling for diffing (https://blog.quarkslab.com/weisfeiler-lehman-graph-kernel-for-binary-function-analysis.html) and a whole lot of data to play with. The goal of the internship is to improve and automate the diffing process to let data speak at scale.
Using the two provided binaries that represent two versions of the same library, find all the differences between the two. Extract all differences that seems relevant to you (from functions names to their content itself). The only constraint is to make that process as automated as possible. The expected output is a script (in any language of your choice) taking the two binaries as input and outputing the list of the differences. Additional question: can you identify what has been modified/patched and why?
Note: We are more interested by the thought process and the methodology rather than a complete exhaustive dump of differences.
More info here: https://blog.quarkslab.com/internship-offers-for-the-2021-2022-season.html#binary-diffing-harder-faster-stronger
Your application was submitted successfully.