APT_REPORT/APT-hunting/fn_fuzzy/README.org

#+OPTIONS: ^:{}

#+TITLE: fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage

* Motivation

See the [[https://conference.hitb.org/hitbsecconf2019ams/sessions/fn_fuzzy-fast-multiple-binary-diffing-triage-with-ida/][conference information]] or blog post (will be linked soon).

* how to use

- fn_fuzzy.py :: IDAPython script to export/compare fuzzy hashes of the sample
- cli_export.py :: python wrapper script to export fuzzy hashes of multiple samples

The typical usage is to run cli_export.py to make a database for large idbs then compare on IDA by executing fn_fuzzy.py.

[[./img/fn_fuzzy.png]]

[[./img/res_summary.png]]

[[./img/res_funcs.png]]

* supported IDB version

IDBs generated by IDA 6.9 or later due to SHA256 API

* required python packages

- mmh3
- [[https://github.com/williballenthin/python-idb%0A][python-idb]]
11 2019-04-08 15:46:31 +08:00			`#+OPTIONS: ^:{}`

			`#+TITLE: fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage`

			`* Motivation`

			`See the [[https://conference.hitb.org/hitbsecconf2019ams/sessions/fn_fuzzy-fast-multiple-binary-diffing-triage-with-ida/][conference information]] or blog post (will be linked soon).`

			`* how to use`

			`- fn_fuzzy.py :: IDAPython script to export/compare fuzzy hashes of the sample`
			`- cli_export.py :: python wrapper script to export fuzzy hashes of multiple samples`

			`The typical usage is to run cli_export.py to make a database for large idbs then compare on IDA by executing fn_fuzzy.py.`

			`[[./img/fn_fuzzy.png]]`

			`[[./img/res_summary.png]]`

			`[[./img/res_funcs.png]]`

			`* supported IDB version`

			`IDBs generated by IDA 6.9 or later due to SHA256 API`

			`* required python packages`

			`- mmh3`
			`- [[https://github.com/williballenthin/python-idb%0A][python-idb]]`