Binary Analysis (Test Post)
Just testing markdown documentation...
show manual for radare2
$ man r2
show manual for radiff2
$ man radiff2
shows what bytes are changed and their corresponding offsets
$ radiff2 sysExecB sysExecB_1
0x0000100f 1901 => 9300 0x0000100f
used rax2 to convert the value of a hex into an int to try and see if anything was there
$ rax2 1901
0x76d
$ rax2 9300
0x2454
used radiff2 to compute the distance and the percentage of similarity between two files using the -s function
$ radiff2 -s /bin/true /bin/false
similarity: 0.996
distance: 139
used radiff2 to count the differences with the -c option
$ radiff2 -c sysExecB sysExecB_1
3083
read sysExecB ELF file's header
$ readelf -h sysExecB
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x454360
Start of program headers: 64 (bytes into file)
Start of section headers: 456 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 7
Size of section headers: 64 (bytes)
Number of section headers: 24
Section header string table index: 3
read sysExecB_1 ELF file's header
$ readelf -h sysExecB_1
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x454360
Start of program headers: 64 (bytes into file)
Start of section headers: 456 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 7
Size of section headers: 64 (bytes)
Number of section headers: 24
Section header string table index: 3