How to check whether two executable binary files are generated from same source code?

Question

For example, I have two C binary executable files. How can I determine whether the two were generated using same source code or not?

Answer 1

In general, this is completely impossible to do.

• You can generate different binaries from the same source
• Two identical binaries can be generated from different sources

It is possible to add version information in different ways. However, you can fool all of those methods quite easily if you want.

Here is a short script that might help you. Note that it might have flaws. It's just to show the idea. Don't just copy this and use in production code.

#!/bin/bash 

STR="asm(\".ascii \\\"$(md5sum $1)\\\"\");"
NEWNAME=$1.aux.c
cp $1 $NEWNAME
echo $STR >> $NEWNAME
gcc $NEWNAME

What it does is basically to make sure that the md5sum of the source gets included as a string in the binary. It's gcc specific, and you can read more about the idea here: embed string via header that cannot be optimized away