Home/Binary Diff

🧬 Binary Diff Explorer

Upload two versions of any file and see exactly which bytes changed. Byte-level diff with colour-coded hex view, entropy comparison, file type detection, and change statistics. Essential for malware diff, firmware comparison, and document forensics.

Drop file A or click
Drop file B or click

Side-by-Side Binary and Code Diffing with Hex View, Entropy Analysis, and String Extraction

The Binary & Code Differ is a forensic file comparison tool that reveals exactly what changed between two versions of any file — executable, document, archive, image, or source code. While text diff tools only compare visible characters, this tool operates at the byte level, making it possible to compare compiled binaries, encrypted files, and proprietary formats where traditional diff tools are blind.

The hex viewer renders any file as a grid of hexadecimal bytes alongside the ASCII representation — the standard view used in reverse engineering, malware analysis, and protocol dissection. Changed bytes are highlighted in context, making it immediately clear which sections of a binary were modified between two versions. This is critical for malware analysis, where even a single byte change can alter execution behavior.

The entropy visualization chart plots Shannon entropy across the file in sliding windows. High-entropy regions indicate compressed or encrypted data. Sudden jumps in entropy within an executable can reveal injected shellcode, appended payloads, or packed sections — all hallmarks of malware. String extraction pulls all embedded human-readable strings from binaries, often revealing hardcoded credentials, URLs, and command-and-control server addresses.

How to Use

  1. 1Upload File A (the original) and File B (the modified version) using the two dropzones.
  2. 2The hex view loads immediately — scroll through to see the byte-level content.
  3. 3Click "Compare" to highlight changed bytes in red across both files.
  4. 4Switch to the Entropy tab to visualize high-entropy (encrypted/compressed) regions.
  5. 5Use the Strings tab to extract and search human-readable content from either binary.

🎯 Who Uses This

  • Malware analysts comparing clean and infected versions of executables
  • Software developers verifying that a build produces identical binary output
  • Security researchers diffing firmware updates to identify changed code regions
  • Forensic investigators comparing document versions for evidence of tampering
  • CTF players examining binary challenge files for hidden strings and payloads
  • Penetration testers comparing before/after snapshots of filesystem binaries

Frequently Asked Questions

Q: What file types can be compared?
Any file type can be analyzed — the tool works at the raw byte level regardless of format. This includes EXE, DLL, ELF, Mach-O, PDF, DOCX, ZIP, firmware images, and any other binary format.
Q: What is file entropy and what does it indicate?
Entropy measures the randomness of data, expressed as bits per byte (0–8). Plain text has low entropy (~4–5 bits/byte). Compressed data (ZIP, GZIP) and encrypted data both have high entropy (~7.9–8 bits/byte). Executable code falls in the middle (~5–6.5 bits/byte). A section of an executable with entropy above 7.5 is almost certainly packed or encrypted — a common malware obfuscation technique.
Q: Can it compare text/source code files?
Yes. For text files, the tool provides both a traditional line-by-line diff view and the underlying byte comparison. This is useful for detecting hidden characters, encoding differences (CRLF vs LF), and BOM markers that text editors typically hide.