a4lg.com

libffuzzy / ffuzzy++

libffuzzy is a fuzzy hash comparison library compatible with ssdeep version 2.11.

This library is designed to be fast and thread-safe. It does not even allocate memory dynamically during the process (which may increase performance on parallel computation). The another purpose to write this library is to find implementation issues in ssdeep. During this re-implementation, I found several issues which may affect robustness and portability of ssdeep.

The source code of the library is available on GitHub.

ffuzzy++ is now a testbed of new versions of libffuzzy in C++ and now in preview. This implementation is even faster than libffuzzy and has important feature to generate digests.

See GitHub for details.

libffuzzy

Usage

Global functions of libffuzzy are named like ffuzzy_SOMETHING. ffuzzy_compare is very similar to libfuzzy's fuzzy_compare. libffuzzy has ability to hold ssdeep digest after parsing. ffuzzy_read_digest function can be used to parse digest and ffuzzy_compare_digest to compare against another digest after parsing.

In version 2.1, unnormalized form is added. ffuzzy_udigest can be used to preserve ssdeep-generated hash values (except file names) as it possible. This can be easily converted to ffuzzy_digest.

Performance

Version 1.1 of libffuzzy achieved expected performance gain and version 1.1.1 got even faster. libffuzzy is now faster than libfuzzy in most cases. In version 2.0, interfaces for specialized comparison and clustering are added. Clustering applications will get faster if you use this optimized implementation correctly. In the large clustering job (about 100k hashes), libffuzzy 2.0 was about 60% faster than libfuzzy 2.11.

Portability

libffuzzy is written in pure C99. It does not use the type which may not be defined in the environment so it is safe for any environment.

Download

libffuzzy is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See COPYING file in the archive for credits.

VersionRelease DateFile NameFile Size (Bytes)MD5Docs
2.1.42014-11-03libffuzzy-2.1.4.tar.xz223,8081a54af9212e9b8d226a3d973d49d2041HTML
(Doxygen)
libffuzzy-2.1.4.tar.gz310,179f83004c058fe91c9101e6b364b49106d
2.1.32014-10-28libffuzzy-2.1.3.tar.xz223,4084e5fc70628d663bf1e77c5b0de22900cHTML
(Doxygen)
libffuzzy-2.1.3.tar.gz309,9838aab6ff659344d652e216ed3ddb83f95
2.1.22014-10-28libffuzzy-2.1.2.tar.xz223,3765173a4fbdcddfade6ff645d2006ab386HTML
(Doxygen)
libffuzzy-2.1.2.tar.gz309,6789ad646a44157055287abd5e0210a3859
2.1.12014-10-25libffuzzy-2.1.1.tar.xz223,3041ebb28f0adb9a00a1950b6682934230fHTML
(Doxygen)
libffuzzy-2.1.1.tar.gz309,750dfab2b4453d58867ffc9fa98c3247bc8
2.12014-10-25libffuzzy-2.1.tar.xz223,304cba13569eefd9cc673329fec8a99700bHTML
(Doxygen)
libffuzzy-2.1.tar.gz309,64713ac09c69cbe6b052093f7518d924930
2.0.12014-10-25libffuzzy-2.0.1.tar.xz222,1201fdc643bcb86733484529e9630ce18c0HTML
(Doxygen)
libffuzzy-2.0.1.tar.gz308,25602e773412019fcf98b47781c9743f77a
1.1.12014-10-20libffuzzy-1.1.1.tar.xz214,860664f52dd95ee2ced8c086288c81c4e06-
libffuzzy-1.1.1.tar.gz299,23054402fd50ccf2e540ebe25bfc10130de
1.12014-10-20libffuzzy-1.1.tar.xz214,736f25ddd85075606c68afc0da0f5546736-
libffuzzy-1.1.tar.gz299,087cca40903d79d8b4f42cd5254d8a06825
1.02014-10-20libffuzzy-1.0.tar.xz214,560f3c8bfff9294fbf78a9a3da792d6a3c1-
libffuzzy-1.0.tar.gz298,873d7bd8530cce921fdf292e8fb991ee0d4

Vulnerable Version(s)

These versions are known to be vulnerable and dangerous to use.

VersionRelease DateFile NameFile Size (Bytes)MD5Docs
2.02014-10-22libffuzzy-2.0.tar.xz221,808ada83fde887f7837a91edae493de11f9-
libffuzzy-2.0.tar.gz307,8349063b41fa53c73773c70af7ba0e607c4

Changes

Version 2.1.4 (2014-11-03)

  • Added block size bounds from the original version of ssdeep

Version 2.1.3 (2014-10-28)

  • Added bootstrap script to build from git repository

Version 2.1.2 (2014-10-28)

  • libffuzzy now accepts all unsigned long values as block sizes
  • Optimized block size capping
  • Fixed implementation where is different from documentation

Version 2.1.1 (2014-10-25)

  • Removed redundant debug code

Version 2.1 (2014-10-25)

  • Added interface for unnormalized form

Version 2.0.1 (2014-10-25)

  • Changed internal interface for future extension
  • Fixed buffer overflow vulnerability on ffuzzy_pretty_digest function

Version 2.0 (2014-10-22)

  • Optimized the code (further more)
  • Added specialized comparison/clustering/manipulation interface
  • Fixed parser to prevent arithmetic overflow
  • Added debug/assertion code
  • Fixed documentation
  • Added documentation for Doxygen

Version 1.1.1 (2014-10-20)

  • Optimized edit distance code
  • Fixed changelog on version 1.1

Version 1.1 (2014-10-20)

  • Added ffuzzy_digest structure (which holds ssdeep digest after parsing)
  • Optimized digest reader and edit distance code
  • Improved compatibility with ssdeep

Version 1.0 (2014-10-20)

  • The initial release.