Skip to content

s3rvac/ssdeep-rs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rust wrapper for ssdeep

docs.rs crates.io

A Rust wrapper for ssdeep by Jesse Kornblum, which is a C library for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length. In contrast to standard hashing algorithms, CTPH can be used to identify files that are highly similar but not identical. For more details, see this blog post.

Installation

Add the following lines into your Cargo.toml file:

[dependencies]
ssdeep = "0.6.0"

Then, when you run cargo build, it will automatically get the wrapper's source code from crates.io, compile the underlying C library, and build the wrapper. The C library is statically linked into the wrapper.

The build process is known to work under Linux with GCC. If you have a different operating system or compiler and the build fails, you can submit a pull request or open an issue.

Usage

To compute the fuzzy hash of the given bytes, use the hash() function:

extern crate ssdeep;

let h = ssdeep::hash(b"Hello there!").unwrap();
assert_eq!(h, "3:aNRn:aNRn");

To obtain the fuzzy hash of the contents of a file, use hash_from_file():

let h = ssdeep::hash_from_file("path/to/file").unwrap();

To compare two fuzzy hashes, use compare(), which returns an integer between 0 (no match) and 100:

let h1 = "3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C";
let h2 = "3:AXGBicFlIHBGcL6wCrFQEv:AXGH6xLsr2Cx";
let score = ssdeep::compare(h1, h2).unwrap();
assert_eq!(score, 22);

Each of these functions returns a Result, where an error is returned when the underlying C function fails.

Documentation

An automatically generated API documentation is available here:

License

The wrapper's code is licensed under the terms of GPLv3.

This wrapper includes the unchanged source distribution of ssdeep (commit d8705da60), which is compiled and statically linked into the wrapper during build. It is licensed under GPLv2.