Update 2022-01-03: I updated this blog post to work with
IDA Pro 7.7, and
BinDiff is a tool to diff to binary executables and finds differences and similarities, respectively. Originally, Zynamics developed BinDiff but a couple of years ago it was bought by Google. Even though there are alternatives like Diaphora, I still prefer
BinDiff. It is the tool I utilize when analyzing a new version of a malware family.
BinDiff saves me a lot of time since it detects most of the functionality in the new binary and lets me transfer annotations. Unfortunately, there are only
.deb packages (Debian / Ubuntu) for Linux. Therefore, Fedora users must rebuild the
.deb package to a
.rpm package in order to install
BinDiff on Fedora.