#+OPTIONS: ^:{}

#+TITLE: fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage

* Motivation

See the [[https://conference.hitb.org/hitbsecconf2019ams/sessions/fn_fuzzy-fast-multiple-binary-diffing-triage-with-ida/][conference information]] or blog post (will be linked soon).

* how to use

- fn_fuzzy.py :: IDAPython script to export/compare fuzzy hashes of the sample
- cli_export.py :: python wrapper script to export fuzzy hashes of multiple samples

The typical usage is to run cli_export.py to make a database for large idbs then compare on IDA by executing fn_fuzzy.py.

[[./img/fn_fuzzy.png]]

[[./img/res_summary.png]]

[[./img/res_funcs.png]]

* supported IDB version

IDBs generated by IDA 6.9 or later due to SHA256 API

* required python packages

- mmh3
- [[https://github.com/williballenthin/python-idb%0A][python-idb]]