Diaphora : Most Advanced Free & Open Source Program Diffing Tool

Diaphora (διαφορά, Greek for ‘difference’) version 1.2.4 is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc… It was released during SyScan 2015.

It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary Ninja is also planned but will come after Ghidra’s port. If you are looking for Radare2 support you can check this very old fork.

For more details, please check the tutorial in the “doc” directory.

NOTE: If you’re looking for a tool for diffing or matching functions between binaries and source codes, you might want to take a look to Pigaios.

Also Read – DrMITM : A Program Designed To Globally Log All Traffic Of A Website

Getting help and asking for features

You can join the mailing list https://groups.google.com/forum/?hl=es#!forum/diaphora to ask for help, new features, report issues, etc… For reporting bugs, however, I recommend using the issues tracker: https://github.com/joxeankoret/diaphora/issues

Please note that only the last 3 versions of IDA are officially supported. As of today, it means that only IDA 7.1, 7.2 and 7.3 are supported. Versions 6.8, 6.9, 6.95 and 7.0 do work (with all the last patches that were supplied to customers), but no official support is offered for them. However, if you run into any problem with these versions, ping me and I will do my best.

Screenshots

This is a screenshot of Diaphora diffing the PEGASUS iOS kernel Vulnerability fixed in iOS 9.3.5:

And this is an old screenshot of Diaphora diffing the Microsoft bulletin MS15-034:

These are some screenshots of Diaphora diffing the Microsoft bulletin MS15-050, extracted from the blog post Analyzing MS15-050 With Diaphora from Alex Ionescu.

Here is a screenshot of Diaphora diffing iBoot from iOS 10.3.3 against iOS 11.0: