One thing we'll be doing is Binary Diffing. I fully believe every good penetration tester should be able to understand assembly, research new vulnerabilities and reverse engineer in some capacity. A good binary diffing program helps a LOT!
While I was waiting for our purchasing department to order Sabre's BinDiff I took a look at eEye's BinDiffingSuite. With my copy of IDA 5.1 installed I downloaded the tool and started the installation. I'm soon greeted with a message saying:
...requires requires IDA Pro Standard v5.0 or IDA Pro Advanced v5.0
During this month's eEye vulnerability forum I asked if there were any plans to update the tool to support IDA 5.1. Hackers take note - Alex's response is "We all use 5.0 here and it works well." Uh, aren't there are known vulnerabilities against IDA 5.0? Are you guys running out-dated software?!
Flame baiting aside, the MSI file is doing a very simple check for installed IDA versions. Here's how you can get it installed and running with the latest (and more secure.. ahem) version of IDA. The IDA SDK has been pretty stable since v4.9 so the suite works with v5.1 without hassle:
- Open RegEdit and go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDA Pro_is1
- Change the DisplayName to say "IDA Pro Standard v5.0" or "IDA Pro Professional v5.0"
- Re-rerun BinDiffSuite.exe and install
- Change it back to what it was previously (if you want)
- Have fun!