[tor-bugs] #5837 [Quality Assurance and Testing]: Use IDA Pro and/or BinDiff to inspect releases
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Aug 3 19:57:46 UTC 2012
#5837: Use IDA Pro and/or BinDiff to inspect releases
-------------------------------------------+--------------------------------
Reporter: mikeperry | Owner: cypherpunks
Type: project | Status: new
Priority: major | Milestone:
Component: Quality Assurance and Testing | Version:
Keywords: volunteer | Parent: #5292
Points: | Actualpoints:
-------------------------------------------+--------------------------------
Comment(by tom):
I don't have a smoking gun "safe" or "not safe" (obviously) - what I do
have is some prelimiary results that hopefully will help with the process.
I do have BinDiff. I tried to generate reports for non-matching
dlls/binaries, but bindiff hung. I'm investigating. Here's what I do
have:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/
The installer matched perfectly:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/(tbb)tor-browser-2.2.37
-2_en-US%20vs%20(tbb)shon-tor-browser-2.2.37-2_en-US%20difference.html
As did tbb-firefox:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/(Firefox)tbb-
firefox%20vs%20(Firefox)tbb-firefox%20difference.html
And plugin-container:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/(Firefox)plugin-
container%20vs%20(Firefox)plugin-container%20difference.html
libeay had a lot of changes. But it seemed to be mostly due to inlining
on a couple I spot-checked. For example:
On the left, inlined, on the right: no. http://ritter.vg/misc/stuff/tbb-
diff-2012-08-02/libeay-digestfinal-bindiff.PNG
Official inlined: http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/libeay-
digestfinal-official.PNG
Shon's Not Inlined: http://ritter.vg/misc/stuff/tbb-diff-2012-08-02
/libeay-digestfinal-shon.PNG
Official's _ex function: http://ritter.vg/misc/stuff/tbb-diff-2012-08-02
/libeay-digestfinal_ex-official.PNG
Shon's ex function: http://ritter.vg/misc/stuff/tbb-diff-2012-08-02
/libeay-digestfinal_ex-shon.PNG
That makes a lot of things to go through. There may be some way to do
this in an automated way (in fact, I'm sure there is, and Rolf Rolles has
probably done it) but I'm not good enough/don't have to free time to
figure it out....
Tor:
438 out of 3560 matched at 95% similarity or less. 40 unmatched in
official, 22 in shon.
Here's an example of one difference:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/tor-tlscallback-
bindiff.PNG
I also went after the monster, xul.dll:
3,241 of 79970 functions did not match perfectly, 24 unmatched in
official, 28 in shon
There's definetly some odd things things, like this:
http://ritter.vg/misc/stuff/tbb-diff-2012-08-02/xul-random1-bindiff.PNG
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5837#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list