Install Bindiff on Fedora

BinDiff is a tool to diff to binary executables and finds differences and similarities, respectively. Originally, Zynamics developed BinDiff but a couple of years ago it was bought by Google. Even though there are alternatives like Diaphora, I still prefer BinDiff. It is the tool I utilize when analyzing a new version of a malware family. BinDiff saves me a lot of time since it detects most of the functionality in the new binary and lets me transfer annotations. Unfortunately, there are only .deb packages (Debian / Ubuntu) for Linux. Therefore, Fedora users must rebuild the .deb package to a .rpm package in order to install BinDiff on Fedora

I know that there is an article by 0x90 on how to install BinDiff on Fedora. However, it does not work out of the box anymore. Furthermore, the article is not reachable (as of time of writing). Therefore, I’ve decided to write a quick tip on how to install BinDiff on Fedora. The following was tested with BinDiff 6.1 and IDA Pro 7.5 on Fedora 32 / 33.

Building a rpm package

First, we get the latest .deb package from Zynamics’ download page. Next, we need to convert the .deb package to a .rpm package. We’ll use alien for this. Its man page gives the following description for it:

alien is a program that converts between Red Hat rpm, Debian deb, Stampede slp, Slackware tgz, and Solaris pkg file formats. If you want to use a package from another linux distribution than the one you have installed on your system, you can use alien to convert it to your preferred package format and install it. It also supports LSB packages.

man page of alien

The following command converts the .deb package to a .rpm package:

alien -v -k --to-rpm bindiff_6_amd64.deb

This is the output that I get on my system:

Warning: alien is not running as root!
 Warning: Ownerships of files in the generated packages will probably be wrong.
     dpkg-deb --info 'bindiff_6_amd64.deb' control 2>/dev/null
     dpkg-deb --info 'bindiff_6_amd64.deb' control 2>/dev/null
     dpkg-deb --info 'bindiff_6_amd64.deb' conffiles 2>/dev/null
     dpkg-deb --fsys-tarfile 'bindiff_6_amd64.deb' | tar tf -
     dpkg-deb --info 'bindiff_6_amd64.deb' postinst 2>/dev/null
     dpkg-deb --info 'bindiff_6_amd64.deb' postrm 2>/dev/null
     dpkg-deb --info 'bindiff_6_amd64.deb' preinst 2>/dev/null
     dpkg-deb --info 'bindiff_6_amd64.deb' prerm 2>/dev/null
 Warning: Skipping conversion of scripts in package bindiff: postinst postrm preinst
 Warning: Use the --scripts parameter to include the scripts.
     mkdir bindiff-6
     chmod 755 bindiff-6
     dpkg-deb -x bindiff_6_amd64.deb bindiff-6
     rpm --showrc
     cd bindiff-6; rpmbuild --buildroot='~/ida_bins/bindiff-6' -bb --target x86_64 'bindiff-6-1.spec' 2>&1
 bindiff-6-1.x86_64.rpm generated

We’re not yet there. If you try to install it with dnf right now, you will get an error.

dnf install ./bindiff-6-1.x86_64.rpm 
  Package                                                                      Architecture                                                                Version                                                                    Repository                                                                         Size
 Installing:
  bindiff                                                                      x86_64                                                                      6-1                                                                        @commandline                                                                       27 M
 Transaction Summary
 Install  1 Package
 Total size: 27 M
 Installed size: 53 M
 Is this ok [y/N]: y
 Downloading Packages:
 Running transaction check
 Transaction check succeeded.
 Running transaction test
 Error: Transaction test error:
   file /usr/bin from install of bindiff-6-1.x86_64 conflicts with file from package filesystem-3.14-2.fc32.x86_64

We have to rebuild the archive with rpmrebuild. It’s man page gives the following description:

rpmrebuild is a tool to build easily rpm package. it can be used to build an rpm file from an installed package (lost rpm) or to quickly make change to a package: just have your change on installed files and call rpmrebuild.

man page of rpmrebuild

Run rpmrebuild as follows:

rpmrebuild -pe bindiff-6-1.x86_64.rpm

This command will drop you in your default text editor. Here, you have to locate the following entries and delete them:

%dir %attr(0755, root, root) "/"
%dir %attr(0755, root, root) "/usr/bin"

Exit the editor and answer the question Do you want to continue? (y/N) with yes. The fixed archive will be in ~/rpmbuild/RPMS/x86_64/bindiff-6-1.x86_64.rpm.

Now, we can proceed to install Bindiff 6.1 with dnf:

dnf install ./bindiff-6-1.x86_64.rpm
Dependencies resolved.
  Package                                                                      Architecture                                                                Version                                                                    Repository                                                                         Size
 Installing:
  bindiff                                                                      x86_64                                                                      6-1                                                                        @commandline                                                                       27 M
 Transaction Summary
 Install  1 Package
 Total size: 27 M
 Installed size: 53 M
 Is this ok [y/N]: y
 Downloading Packages:
 Running transaction check
 Transaction check succeeded.
 Running transaction test
 Transaction test succeeded.
 Running transaction
   Preparing        :                                                                                                                                                                                                                                                                                                   1/1 
   Installing       : bindiff-6-1.x86_64                                                                                                                                                                                                                                                                                  1/1 
   Running scriptlet: bindiff-6-1.x86_64                                                                                                                                                                                                                                                                                  1/1 
   Verifying        : bindiff-6-1.x86_64                                                                                                                                                                                                                                                                                  1/1 
 Installed:
   bindiff-6-1.x86_64                                                                                                                                                                                                                                                                                                         
 Complete!

Install the Bindiff plugin in IDA Pro 7.5

Your Bindiff installation will be at /opt/bindiff. To use Bindiff from IDA Pro 7.5, you have to copy the precompiled Bindiff plugins (bindiff664.so, bindiff6.so, binexport1164.so, and binexport11.so) from /opt/bindiff/plugins to your IDA Pro plugin directory $IDA_DIR/plugins/.

The next time you start IDA Pro 7.5, it should have loaded the BinExport and BinDiff plugins. Just press ctrl + 6 to open the BinDiff plugin.

Screenshot shows how to install BinDiff on Fedora.
Bindiff plugin in IDA Pro 7.5 on Fedora 32

Happy diffing 🙂