The Recurity Lablog

Intellectual Property Theft: Source or Binary Code

Recurity Labs just finished an analysis of two software products, answering the questing if the vendor of product A did in fact use code from product B or vice versa. Using BinDiff and BinNavi, we were able to actually prove code equality far beyond any reasonable doubt, and quickly at that. The two products provide a very nice and effective way to perform such analysis for the experienced auditor. Your competitor, who you might suspect to copy code from your product, is rarely willing to disclose his source for a comparison. But obtaining a copy of the product is usually easy and legal and you don't have to disclose your code either. And the best of all: the method works on any CPU platform we can disassemble (read: almost all). Big kudos to Halvar's team for BinDiff 2.0.