November 2019
Intermediate to advanced
346 pages
9h 36m
English
In the following recipe, we tamper with a binary file. We then compare it to the original to see that ssdeep determines that the two files are highly similar but not identical:
truncate -s +1 python-3.7.2-amd64-fake.exe
hexdump -C python-3.7.2-amd64.exe |tail -5
This results in the following output:
018ee0f0 e3 af d6 e9 05 3f b7 15 a1 c7 2a 5f b6 ae 71 1f |.....?....*_..q.|018ee100 6f 46 62 1c 4f 74 f5 f5 a1 e6 91 b7 fe 90 06 3e |oFb.Ot.........>| ...