A program diffing extension for Ghidra.

Overview

Dragon Fang

A program diffing extension for Ghidra.

Dragon Fang attempts to map corresponding functions present in two versions of the same binary application. At a high-level, the approach taken by Dragon Fang is similar to BinDiff. Features are extracted from all candidate functions and are matched according to uniqueness. These features describe characteristics of functions (e.g., number of basic blocks and edges) and are represented as numeric values stored inside vectors. A propagation step then follows after the initial matching to derive additional results, leveraging structural information of the programs. In particular, based on properties of call-graphs, sets of unmatched functions, relative to already matched functions, are obtained. Crucially, it is these smaller and limited sets which are then considered during the matching process as the chance of finding a unique feature vector increases as a result.

Dragon Fang is implemented as a correlator that can be invoked via Ghidra's Version Tracker tool.

Build

In order to build Dragon Fang, simply use gradle, passing the path to Ghidra's home directory as an argument.

cd dragon-fang
/gradle-7.3/bin/gradle -PGHIDRA_INSTALL_DIR=$GHIDRA_HOME

Finally, install the extension through Ghidra (via File --> Install Extensions..)

You might also like...

Extension module to properly support datatypes of javax.money

Jackson Datatype Money Jackson Datatype Money is a Jackson module to support JSON serialization and deserialization of JavaMoney data types. It fills

Jan 2, 2023

A spatial extension of the H2 database.

H2GIS H2GIS is a spatial extension of the H2 database engine in the spirit of PostGIS. It adds support for managing spatial features and operations on

Oct 19, 2022

Spring Integration provides an extension of the Spring programming model to support the well-known Enterprise Integration Patterns (EIP)

Spring Integration Code of Conduct Please see our Code of conduct. Reporting Security Vulnerabilities Please see our Security policy. Checking out and

Dec 30, 2022

Copy as XMLHttpRequest BurpSuite extension

Copy as XMLHttpRequest BurpSuite extension The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's Xm

Dec 25, 2022

An MIT AI2 extension to allows developers to show media style notifications for their applications.

An MIT AI2 extension to allows developers to show media style notifications for their applications.

Media Notifications An MIT AI2 extension to allows developers to show media style notifications for their applications.

Jan 7, 2023

Terminal UI JMX (Java management extension) viewer

Terminal UI JMX (Java management extension) viewer

JMXViewer Terminal UI JMX (Java management extension) viewer Usage java -jar jmxviewer.jar [pid] The PID is optional. If it is not provided, the appli

Sep 15, 2022

fabric-carpet extension mod which attempts to fix as many vanilla bugs as possible. Feel free to add as many fixes as you want!

Carpet-Fixes Fabric Carpet extension mod which attempts to fix as many vanilla bugs as possible! Feel free to contribute by adding as many fixes as yo

Jan 6, 2023

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

BFAC - Burp Extension Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications). What is BFAC - Burp Extension ? Backup fi

Jul 16, 2022

Quarkus Couchbase Extension

Quarkus Couchbase Extension Integrates Couchbase into Quarkus. This extension is currently in alpha status. It supports: Dependency injecting a Couchb

May 10, 2022

A Minestom extension that opens the port that the Minestom server is running on!

OpenPortStom A project that uses weupnp to forward the port for you when starting your server, it will also attempt to close the port. Yes this is a s

Apr 24, 2022

Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.

CYS4-SensitiveDiscoverer Introduction Burp Suite is a useful tool used to do web application security testing. While Burp Suite provides a lot of func

Nov 16, 2022

Examples and HowTos for BouncyCastle and Java Cryptography Extension (JCE)

CryptographicUtilities Examples and HowTos for BouncyCastle and Java Cryptography Extension (JCE) See class "/src/main/java/de/soderer/utilities/crypt

Dec 19, 2021

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.

param-miner This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities. It combin

Jan 27, 2022

Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities

Jan 8, 2022

Google Gmail Extension

 Google Gmail Extension

Google Gmail Extension Extension Name: Google Gmail Description: A Non-Visible component that helps you to send mail from your App Inventor App using

Jan 20, 2022

☁️ Simple Extension for SuperiorSkyblock2 plugin. After creating the island, a custom mob will spawn.

☁️ Simple Extension for SuperiorSkyblock2 plugin. After creating the island, a custom mob will spawn.

☁️ Simple Extension for SuperiorSkyblock2 plugin. After creating the island, a custom mob will spawn.

Mar 10, 2022

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.

Nov 29, 2022

hybris redirect extension

hybris redirect extension

hybris redirect extension This extension adding redirect functionalty to SAP CX Commerce (hybris). Motivation Sometimes we need to remove page, catego

Aug 2, 2022

Community extension to generate a Java client from the provided Camunda 7 OpenAPI descitpion and also warp it into Spring Boot

Camunda Engine OpenAPI REST Client Java and Spring Boot This community extension is a convenience wrapper around the generated Java client from the Ca

Dec 28, 2022
Comments
  • Abstract granularity to Entity

    Abstract granularity to Entity

    Abstract Dragon Fang algorithms to work on an abstract class called "Entity", rather than functions. This is a step forward so that the algorithms can work with different code granularities, including basic blocks!

    Updates tests with the new abstraction.

    opened by johnfxgalea 0
Owner
John F.X. Galea
John F.X. Galea
A collection of my Ghidra scripts

ghidra-scripts A collection of my Ghidra scripts. iOS FOX: This script locates all calls to objc_msgSend family functions, tries to infer the actual m

null 63 Dec 25, 2022
Ghidra Wasm plugin with disassembly and decompilation support

Module to load WebAssembly files into Ghidra, supporting disassembly and decompilation. This plugin borrows loader functionality from this repo: https

Garrett Gu 54 Nov 22, 2022
The new bridge between Ghidra and Frida!

ghidra2frida ghidra2frida is a Ghidra Extension that, working as a bridge between Ghidra and Frida, lets you create powerful Ghidra scripts that take

null 92 Dec 5, 2022
Ghidra is a software reverse engineering (SRE) framework

Ghidra Software Reverse Engineering Framework Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security

National Security Agency 36.5k Dec 28, 2022
Ghidra Plugin for Texas Instrument CC 8051 SOC's especially CC1110 and CC2510

Texas Instruments CCxxxx Ghidra CPU Plugin Ghidra Plugin for Texas Instrument CC 8051 core SOC's especially CC1110 and CC2510 This helps to name the d

null 6 Dec 22, 2022
Hexagon decompiler for Ghidra

Ghidra hexagon plugin WIP Hexagon decompiler plugin for ghidra Pcode is more or less autogenerated, essentially copying and adapting from binja-hexago

Toshi Piazza 17 Dec 15, 2022
Ghidra Plugin for Fujitsu FR60 Processors. Focused on DVRP's MB91302A in the Sony PSX.

Fujitsu FR60 Ghidra Plugin This repository contains a plugin for Ghidra that enables decompilation support for FR60 processors from Fujitsu. In partic

null 13 Jan 3, 2023
Ghidra plugin for querying the Symgrate databases.

Howdy y'all, This repo contains client scripts for accessing the Symgrate databases from Ghidra to recover symbol names, part number and I/O addresses

null 8 Jul 15, 2022
Ghidra plugin for HashDB

hashdb-ghidra This is a Ghidra plugin for HashDB. It allows you to compile a list of API hashes and then to query the HashDB web service for possible

OALabs 9 Apr 7, 2022