ssdeep / Feature Requests / #7 Compare unknown signatures to known ones

#7 Compare unknown signatures to known ones

Status: closed

Owner: Jesse Kornblum

Labels: None

Priority: 1

Updated: 2010-02-25

Created: 2010-02-24

Creator: Jesse Kornblum

Private: No

Develop a method to compare unknown signatures (without computation) to known signatures. Unlike -x mode, this should*not* compare the known signatures to each other. Given a set of known signature k1, k2, k3, ... kn, and a set of unknown signatures u1, u2, u3... um, you would like the program to compare:

u1 vs k1
u1 vs k2
u1 vs k3
...
u1 vs kn

u2 vs k1
u2 vs k2
u2 vs k3
...
u2 vs kn

...

um vs k1
um vs k2
um vs k3
...
um vs kn

Suggested syntax:

The -k flag could be used to specify files of known hashes. The FILES parameters could be used to specify the files of unknown hashes. For example:

$ ssdeep -k known1.txt -k known2.txt -k known3.txt unknown1.txt unknown2.txt

Which should produce results like this:

unknown1.txt:harmless.exe matches known1.txt:EVILEVIL.EXE

Discussion

Jesse Kornblum - 2010-02-24

A possible solution has been checked into SVN and is undergoing testing.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jesse Kornblum - 2010-02-25

The patch in SVN has been accepted.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jesse Kornblum - 2010-02-25

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Compare unknown signatures to known ones

Group

Searches

Help

#7 Compare unknown signatures to known ones

Discussion