PyPI - reait - Versions diffs - 0.0.19__py3-none-any.whl → 0.0.20__py3-none-any.whl - Mend

reait 0.0.19py3-none-any.whl → 0.0.20py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

reait/__init__.py +3 -0
reait/api.py +429 -174
reait/main.py +246 -130
{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/METADATA +43 -21
reait-0.0.20.dist-info/RECORD +9 -0
{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/WHEEL +1 -1
reait-0.0.19.dist-info/RECORD +0 -9
{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/LICENSE +0 -0
{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/entry_points.txt +0 -0
{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/top_level.txt +0 -0

{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: reait
-Version: 0.0.19
+Version: 0.0.20
 Home-page: https://github.com/RevEng-AI/reait
 Author: James Patrick-Evans
 Author-email: James Patrick-Evans <james@reveng.ai>
@@ -714,19 +714,23 @@ NB: We are in Alpha. We support GNU/Linux ELF and Windows PE executables for x86
 ## Installation
-Install the latest stable version using pip.
+Install the latest stable version using `pip3`.
-`pip install reait`
+```shell
+pip3 install reait
+```
 ### Latest development version
-`pip install -e .`
+```shell
+pip3 install -e .
+```
 or
-```
+```shell
 python3 -m build .
-pip install -U dist/reait-*.whl
+pip3 install -U dist/reait-*.whl
 ```
 ## Using reait
@@ -734,7 +738,9 @@ pip install -U dist/reait-*.whl
 ### Analysing binaries
 To submit a binary for analysis, run `reait` with the `-a` flag:
-`reait -b /usr/bin/true -a`
+```shell
+reait -b /usr/bin/true -a
+```
 This uploads the binary specified by `-b` to RevEng.AI servers for analysis. Depending on the size of the binary, it may take several hours. You may check an analysis jobs progress with the `-l` flag e.g. `reait -b /usr/bin/true -l`.
@@ -742,30 +748,42 @@ This uploads the binary specified by `-b` to RevEng.AI servers for analysis. Dep
 Symbol embeddings are numerical vector representations of each component that capture their semantic understanding. Similar functions should be similar to each other in our embedded vector space. They can be thought of as *advanced* AI-based IDA FLIRT signatures or Radare2 Zignatures.
 Once an analysis is complete, you may access RevEng.AI's BinNet embeddings for all symbols extracted with the `-x` flag.
-`reait -b /usr/bin/true -x > embeddings.json`
+```shell
+reait -b /usr/bin/true -x > embeddings.json
+```
-#### Extract embedding for symbol at vaddr 0x19f0
-`reait -b /usr/bin/true -x | jq ".[] | select(.vaddr==$((0x19f0))).embedding" > embedding.json`
+#### Extract embedding for symbol at vaddr 0x19F0
+```shell
+reait -b /usr/bin/true -x | jq ".[] | select(.vaddr==$((0x19F0))).embedding" > embedding.json
+```
 ### Search for similar symbols using an embedding
 To query our database of similar symbols based on an embedding, use `-n` to search using Approximate Nearest Neighbours. The `--nns` allows you to specify the number of results returned. A list of symbols with their names, distance (similarity), RevEng.AI collection set, source code filename, source code line number, and file creation timestamp is returned.
-`reait -e embedding.json -n`
+```shell
+reait --embedding embedding.json -n
+```
-The following command searches for the top 10 most similar symbols found in md5sum.gcc.og.dynamic to the symbol starting at 0x4037e0 in md5sum.clang.og.dynamic. You may need to pass `--image-base` to ensure virtual addresses are mapped correctly.
+The following command searches for the top 10 most similar symbols found in md5sum.gcc.og.dynamic to the symbol starting at _0x33E6_ in md5sum.clang.og.dynamic. You may need to pass `--image-base` to ensure virtual addresses are mapped correctly.
-`reait -b md5sum.gcc.og.dynamic -n --start-vaddr 0x33e6 --found-in md5sum.gcc.o2.dynamic --nns 10 --base-address 0x100000`
+```shell
+reait -b md5sum.gcc.og.dynamic -n --start-vaddr 0x33E6 --found-in md5sum.gcc.o2.dynamic --nns 10 --base-address 0x100000
+```
 Search NN by symbol name.
-`reait -b md5sum.gcc.og.dynamic -n --symbol md5_buffer --found-in md5sum.gcc.o2.dynamic --nns 5`
+```shell
+reait -b md5sum.gcc.og.dynamic -n --symbol md5_buffer --found-in md5sum.gcc.o2.dynamic --nns 5
+```
 NB: A smaller distance indicates a higher degree of similarity.
 #### Specific Search
 To search for the most similar symbols found in a specific binary, use the `--found-in` option with a path to the executable to search from.
-`reait -n --embedding /tmp/sha256_init.json --found-in ~/malware.exe --nns 5`
+```shell
+reait -n --embedding /tmp/sha256_init.json --found-in ~/malware.exe --nns 5
+```
 This downloads embeddings from `malware.exe` and computes the cosine similarity between all symbols and `sha256_init.json`. The returned results lists the most similar symbol locations by cosine similarity score (1.0 most similar, -1.0 dissimilar).
@@ -775,7 +793,9 @@ The `--from-file` option may also be used to limit the search to a custom file c
 #### Limited Search
 To search for most similar symbols from a set of RevEng.AI collections, use the `--collections` options with a RegEx to match collection names. For example:
-`reait -n --embedding my_func.json --collections "(libc.*|lib.*crypt.*)"`
+```shell
+reait -n --embedding my_func.json --collections "(libc.*|lib.*crypt.*)"
+```
 RevEng.AI collections are sets of pre-analysed executable objects. To create custom collection sets e.g., malware collections, please create a RevEng.AI account.
@@ -786,14 +806,16 @@ Find common components between binaries, RevEng.AI collections, or global search
 Example usage:
-```
+```shell
 reait -M -b 05ff897f430fec0ac17f14c89181c76961993506e5875f2987e9ead13bec58c2.exe --from-file 755a4b2ec15da6bb01248b2dfbad206c340ba937eae9c35f04f6cedfe5e99d63.embeddings.json --confidence high
 ```
 ### RevEng.AI embedding models
 To use specific RevEng.AI AI models, or for training custom models, use `-m` to specify the model. The default option is to use the latest development model. Available models are `binnet-0.1` and `dexter`.
-`reait -b /usr/bin/true -m dexter -a`
+```shell
+reait -b /usr/bin/true -m dexter -a
+```
 ### Software Composition Analysis
 To identify known open source software components embedded inside a binary, use the `-C` flag.
@@ -807,7 +829,7 @@ To generate an AI functional description of an entire binary file, use the `-s`
 REAI signatures can be used to compute the binary similarity between entire executables with the `-S` flag. For example:
-```
+```shell
 reait -b d24ccf73aabca4192d33a07b4a238c8d40ac97a550c2e65b8074f03455a981ca.exe -S -t 00062cb01088cea245cd5f3eb03f65a0e6b11a8126ce00034d87935a451cf99c.exe,438d64bb831555caadaa92a32c9d62e255001bc8d524721c885f37d750ec3476.exe,755a4b2ec15da6bb01248b2dfbad206c340ba937eae9c35f04f6cedfe5e99d63.exe,05ff897f430fec0ac17f14c89181c76961993506e5875f2987e9ead13bec58c2.exe
 Computing Binary Similarity... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:01
                       Binary Similarity to RedlineInfoStealer/d24ccf73aabca4192d33a07b4a238c8d40ac97a550c2e65b8074f03455a981ca.exe
@@ -826,7 +848,7 @@ Computing Binary Similarity... ━━━━━━━━━━━━━━━━
 To perform binary ANN search, pass in `-n` and `-s` flag at the same time. For example:
-```
+```shell
 reait -b /usr/bin/true -s -n
 Found /usr/bin/true:elf-x86_64
 [
@@ -858,7 +880,7 @@ Found /usr/bin/true:elf-x86_64
 `reait` reads the config file stored at `~/.reait.toml`. An example config file looks like:
-```
+```shell
 apikey = "l1br3"
 host = "https://api.reveng.ai"
 model = "binnet-0.1"

reait-0.0.20.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,9 @@
+reait/__init__.py,sha256=24Gp5e7BQ8Sx-IMdRG6TTODTdKVpeZvpBSDk9W-2HY0,66
+reait/api.py,sha256=Zs3WmPN3E0NNjTitKwFCz-te4z68nKw7cjLF54J8Blk,20569
+reait/main.py,sha256=imr_AYq7ZPUZmmRs2tnPChfM_bVfIYlD_4hU8W2fjEU,23883
+reait-0.0.20.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+reait-0.0.20.dist-info/METADATA,sha256=qz3SdT5_tZcwd8HnRebUbGUH-dL9gcMbTvZddlQVfpg,50889
+reait-0.0.20.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+reait-0.0.20.dist-info/entry_points.txt,sha256=8Ek11o7a6O8hjBFw6-1vmkBfbv_45O2vOKj5CDUB1e4,42
+reait-0.0.20.dist-info/top_level.txt,sha256=EnJssmctKe3Ugjcmu66L9_Q4elLdAwaXK6M8E6E8f_M,6
+reait-0.0.20.dist-info/RECORD,,

{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.41.2)
+Generator: bdist_wheel (0.43.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

reait-0.0.19.dist-info/RECORD DELETED Viewed

@@ -1,9 +0,0 @@
-reait/__init__.py,sha256=EFo5s7KcuKtU5bEcB5MFjDsnNwwqIouVLvfwlUEkSDw,41
-reait/api.py,sha256=XamvwPFZXhDMPG1zaTCObgAJ2YOwIFc91OMY1I4_Xck,11494
-reait/main.py,sha256=Mk-3RgFogAN-zUkVcS0MYsNndIZUFdrKNorvctU4S0I,19276
-reait-0.0.19.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-reait-0.0.19.dist-info/METADATA,sha256=lz_Y9_nIcDAZtqjJnAmR-obcR5TlaqROCJqozhMyp78,50728
-reait-0.0.19.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
-reait-0.0.19.dist-info/entry_points.txt,sha256=8Ek11o7a6O8hjBFw6-1vmkBfbv_45O2vOKj5CDUB1e4,42
-reait-0.0.19.dist-info/top_level.txt,sha256=EnJssmctKe3Ugjcmu66L9_Q4elLdAwaXK6M8E6E8f_M,6
-reait-0.0.19.dist-info/RECORD,,

{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/LICENSE RENAMED Viewed

File without changes

{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{reait-0.0.19.dist-info → reait-0.0.20.dist-info}/top_level.txt RENAMED Viewed

File without changes

reait 0.0.19__py3-none-any.whl → 0.0.20__py3-none-any.whl

reait 0.0.19py3-none-any.whl → 0.0.20py3-none-any.whl