Binary Comparison Tool
A comprehensive binary diff and analysis tool written in Swift, demonstrating protocol-oriented programming for security-focused binary comparison.
NullSec BinaryDiff compares binary files to identify changes in sections, functions, imports, and exports. It highlights security-sensitive modifications and calculates similarity scores for patch analysis and malware research.
- Section Comparison - Detect changes in .text, .data, .bss sections
- Function Diffing - Track function additions, removals, modifications
- Import/Export Analysis - Monitor library dependencies
- Security Highlighting - Flag changes to sensitive functions
- Similarity Scoring - Calculate binary similarity percentage
- Complexity Tracking - Monitor cyclomatic complexity changes
| Type | Description | Severity |
|---|---|---|
| .text Modified | Code section changed | High |
| Security Func Changed | auth/crypto function modified | High |
| Section Added | New section in binary | Low |
| Function Removed | Function deleted | Medium |
| Import Added | New library dependency | Info |
# Clone the repository
git clone https://github.com/bad-antics/nullsec-binarydiff
cd nullsec-binarydiff
# Compile with swiftc
swiftc -O binarydiff.swift -o binarydiff
# Or run directly
swift binarydiff.swift# Compare two binaries
./binarydiff app_v1 app_v2
# Function-level diff only
./binarydiff -f old.so new.so
# Section-level diff only
./binarydiff -s binary1 binary2
# JSON output
./binarydiff -j old new
# Run demo mode
./binarydiffββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β NullSec BinaryDiff - Binary Comparison Tool β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[Demo Mode]
Comparing sample binaries...
Section Differences:
[~] .text
Type: MODIFIED
Reason: Section content changed
[~] .data
Type: MODIFIED
Reason: Section content changed
[+] .plt
Type: ADDED
Reason: New section added
Function Differences:
[HIGH] ~ auth_user π
β’ Size: 200 β 350
β’ Complexity: 8 β 12
[MEDIUM] ~ main
β’ Size: 500 β 600
β’ Complexity: 15 β 18
[HIGH] - unsafe_strcpy π
β’ Function removed
[INFO] + new_feature
β’ New function
Import Changes:
[-] libssl.so.1.1
[+] libssl.so.3
[+] libpthread.so.0
βββββββββββββββββββββββββββββββββββββββββββ
Summary:
Old Binary: /usr/bin/app_v1.0
New Binary: /usr/bin/app_v2.0
Similarity: 20.0%
Changes:
Sections: 4
Functions: 5
Imports: 3
Exports: 1
Security-Sensitive Changes: 2
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Binary Parser β
β ELF | Mach-O | PE Format Support β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Binary Info Extraction β
β Sections | Functions | Imports | Exports | Hashes β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
βΌ βΌ βΌ
ββββββββββββ ββββββββββββ ββββββββββββ
β Section β β Function β β Symbol β
β Compare β β Compare β β Compare β
ββββββββββββ ββββββββββββ ββββββββββββ
β β β
βββββββββββββββββΌββββββββββββββββ
βΌ
ββββββββββββββββ
β DiffAnalysis β
β Result β
ββββββββββββββββ
- Enums with Associated Values -
DiffType,Severity - Structs - Value types for
Section,FunctionEntry,BinaryInfo - Computed Properties -
Severity.color - Protocol Extensions -
CaseIterable - Optionals - Safe handling of missing data
- Higher-Order Functions -
filter,map,contains - Set Operations -
subtractingfor diff calculation - String Interpolation - Clean output formatting
struct BinaryInfo {
let path: String
let size: UInt64
let hash: String
let sections: [Section]
let functions: [FunctionEntry]
let imports: [String]
let exports: [String]
}
struct FunctionDiff {
let diffType: DiffType
let oldFunc: FunctionEntry?
let newFunc: FunctionEntry?
let severity: Severity
let changes: [String]
}The tool flags changes to these function patterns:
- Memory:
strcpy,memcpy,malloc,free - System:
system,exec,popen,fork - Network:
connect,bind,recv,send - Crypto:
crypt,encrypt,decrypt - Auth:
auth,login,verify,validate
- Patch Analysis - Understand security patch changes
- Malware Research - Compare malware variants
- Supply Chain - Verify binary integrity
- Forensics - Identify unauthorized modifications
- Vulnerability Research - Track function changes
This tool is intended for:
- β Authorized security research
- β Malware analysis (authorized samples)
- β Patch verification
- β Educational purposes
Only analyze binaries you're authorized to examine.
- Portal: bad-antics.github.io
- Discord: x.com/AnonAntics
- GitHub: github.com/bad-antics
MIT License - See LICENSE file for details.
- v1.0.0 - Initial release with binary comparison and security analysis
Part of the NullSec Security Toolkit