Google has announced the release of security software BinDiff for free.
In a blog post on Monday, Google software engineer Christian Blichmann said the software, a creation of zynamics -- which was acquired by Google in 2011 -- is now a free addition for security researcher toolkits.
BinDiff is a comparison tool for scrutinising disassembled binary files and finding both similarities and differences in code through reverse engineering. The software can be used to identify and isolate flaws and bugs in software, namely, "fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary," according to Blichmann.
Binary files for x86, MIPS, ARM/AArch64, PowerPC, and other architectures can be analysed with the software.
BinDiff can also be used to transfer fixes, port function names, comments and variables from one workstation to another.
At Google, BinDiff acts as the underbelly of a large-scale malware processing pipeline used by the tech giant's security teams.
"Ever since zynamics joined Google in 2011, we have been committed to keeping our most valuable tools available to the security research community," Blichmann said. "We first lowered the price, and today we are taking the next logical step by making it available free of charge."
By making the plugin free, Google has contributed towards better security by giving the community an advanced tool which doesn't burn a hole in your wallet to acquire. As BinDiff can be used not only to double-check vendor-issued security patches but as a means to find vulnerabilities in the first place, this could equip security researchers more effectively for bug bounties and disclosure programs.
The software plugin is now free for researchers, but they will still have to purchase Hex-Rays IDA Pro disassembler, 6.8 or later, in order to take advantage of the freebie.
Interested parties can download the software directly from zynamics.