Can I rely on this github repository files?Which file encryption algorithm is used by Synology's Cloud Sync feature?GitHub pages and same originDoes GitHub have an endpoint for reading a users GPG keys?API credentials visible when creating Github pages website?Why host third party libs instead of relying on CDN, Nuget, GitHub?Making an API repository private vs publicHow does Github preserve versioning integrity?How does Github authentication work (command line, api)?Is it a good idea to upload your gnupg files to github?How could malicious code changes in a GitHub pull request be masked by an attacker?

Divine apple island

If a character with the Alert feat rolls a crit fail on their Perception check, are they surprised?

Reply 'no position' while the job posting is still there

Can I sign legal documents with a smiley face?

Find last 3 digits of this monster number

Proving a function is onto where f(x)=|x|.

Why does Async/Await work properly when the loop is inside the async function and not the other way around?

How do ground effect vehicles perform turns?

Is it possible to have a strip of cold climate in the middle of a planet?

Will adding a BY-SA image to a blog post make the entire post BY-SA?

Open a doc from terminal, but not by its name

How can "mimic phobia" be cured or prevented?

Is it possible to use .desktop files to open local pdf files on specific pages with a browser?

Would it be legal for a US State to ban exports of a natural resource?

Can I use my Chinese passport to enter China after I acquired another citizenship?

Flux received by a negative charge

Do Legal Documents Require Signing In Standard Pen Colors?

Why has "pence" been used in this sentence, not "pences"?

We have a love-hate relationship

In Star Trek IV, why did the Bounty go back to a time when whales are already rare?

How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?

Melting point of aspirin, contradicting sources

Drawing ramified coverings with tikz

Drawing a topological "handle" with Tikz



Can I rely on this github repository files?


Which file encryption algorithm is used by Synology's Cloud Sync feature?GitHub pages and same originDoes GitHub have an endpoint for reading a users GPG keys?API credentials visible when creating Github pages website?Why host third party libs instead of relying on CDN, Nuget, GitHub?Making an API repository private vs publicHow does Github preserve versioning integrity?How does Github authentication work (command line, api)?Is it a good idea to upload your gnupg files to github?How could malicious code changes in a GitHub pull request be masked by an attacker?













1















I recently found this GitHub repo https://github.com/userEn1gm4/HLuna, but after cloned it I note that the comparison between the file compiled (using g++) from source HLuna.cxx and the binary included in the repo (HLuna) is different: differ: byte 25, line 1. Is the provided binary file secure? I've already analyzed that in VirusTotal without any issues, but I don't have the expertise to decompile and read the output, and I've previously executed the binary provided without thinking about the risks.









share









New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • If you're able to compile from source, then just use your computer version.

    – Daisetsu
    41 mins ago















1















I recently found this GitHub repo https://github.com/userEn1gm4/HLuna, but after cloned it I note that the comparison between the file compiled (using g++) from source HLuna.cxx and the binary included in the repo (HLuna) is different: differ: byte 25, line 1. Is the provided binary file secure? I've already analyzed that in VirusTotal without any issues, but I don't have the expertise to decompile and read the output, and I've previously executed the binary provided without thinking about the risks.









share









New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • If you're able to compile from source, then just use your computer version.

    – Daisetsu
    41 mins ago













1












1








1








I recently found this GitHub repo https://github.com/userEn1gm4/HLuna, but after cloned it I note that the comparison between the file compiled (using g++) from source HLuna.cxx and the binary included in the repo (HLuna) is different: differ: byte 25, line 1. Is the provided binary file secure? I've already analyzed that in VirusTotal without any issues, but I don't have the expertise to decompile and read the output, and I've previously executed the binary provided without thinking about the risks.









share









New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I recently found this GitHub repo https://github.com/userEn1gm4/HLuna, but after cloned it I note that the comparison between the file compiled (using g++) from source HLuna.cxx and the binary included in the repo (HLuna) is different: differ: byte 25, line 1. Is the provided binary file secure? I've already analyzed that in VirusTotal without any issues, but I don't have the expertise to decompile and read the output, and I've previously executed the binary provided without thinking about the risks.







reverse-engineering c++ github





share









New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










share









New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








share



share








edited 6 hours ago









schroeder

77.9k30173209




77.9k30173209






New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 6 hours ago









mcruz2401mcruz2401

61




61




New contributor




mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






mcruz2401 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • If you're able to compile from source, then just use your computer version.

    – Daisetsu
    41 mins ago

















  • If you're able to compile from source, then just use your computer version.

    – Daisetsu
    41 mins ago
















If you're able to compile from source, then just use your computer version.

– Daisetsu
41 mins ago





If you're able to compile from source, then just use your computer version.

– Daisetsu
41 mins ago










1 Answer
1






active

oldest

votes


















6














Compilation is not a directly verifiable deterministic process across compiler versions, library versions, operating systems, or a number of other different variables. The only way to verify is to perform a diff at the assembly level. There are lots of tools that can do this but you still need to put the manual work in.






share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    mcruz2401 is a new contributor. Be nice, and check out our Code of Conduct.









    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206000%2fcan-i-rely-on-this-github-repository-files%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    Compilation is not a directly verifiable deterministic process across compiler versions, library versions, operating systems, or a number of other different variables. The only way to verify is to perform a diff at the assembly level. There are lots of tools that can do this but you still need to put the manual work in.






    share|improve this answer



























      6














      Compilation is not a directly verifiable deterministic process across compiler versions, library versions, operating systems, or a number of other different variables. The only way to verify is to perform a diff at the assembly level. There are lots of tools that can do this but you still need to put the manual work in.






      share|improve this answer

























        6












        6








        6







        Compilation is not a directly verifiable deterministic process across compiler versions, library versions, operating systems, or a number of other different variables. The only way to verify is to perform a diff at the assembly level. There are lots of tools that can do this but you still need to put the manual work in.






        share|improve this answer













        Compilation is not a directly verifiable deterministic process across compiler versions, library versions, operating systems, or a number of other different variables. The only way to verify is to perform a diff at the assembly level. There are lots of tools that can do this but you still need to put the manual work in.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 6 hours ago









        PolynomialPolynomial

        101k31246339




        101k31246339




















            mcruz2401 is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            mcruz2401 is a new contributor. Be nice, and check out our Code of Conduct.












            mcruz2401 is a new contributor. Be nice, and check out our Code of Conduct.











            mcruz2401 is a new contributor. Be nice, and check out our Code of Conduct.














            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206000%2fcan-i-rely-on-this-github-repository-files%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Are there any AGPL-style licences that require source code modifications to be public? Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Force derivative works to be publicAre there any GPL like licenses for Apple App Store?Do you violate the GPL if you provide source code that cannot be compiled?GPL - is it distribution to use libraries in an appliance loaned to customers?Distributing App for free which uses GPL'ed codeModifications of server software under GPL, with web/CLI interfaceDoes using an AGPLv3-licensed library prevent me from dual-licensing my own source code?Can I publish only select code under GPLv3 from a private project?Is there published precedent regarding the scope of covered work that uses AGPL software?If MIT licensed code links to GPL licensed code what should be the license of the resulting binary program?If I use a public API endpoint that has its source code licensed under AGPL in my app, do I need to disclose my source?

            2013 GY136 Descoberta | Órbita | Referências Menu de navegação«List Of Centaurs and Scattered-Disk Objects»«List of Known Trans-Neptunian Objects»

            Mortes em março de 2019 Referências Menu de navegação«Zhores Alferov, Nobel de Física bielorrusso, morre aos 88 anos - Ciência»«Fallece Rafael Torija, o bispo emérito de Ciudad Real»«Peter Hurford dies at 88»«Keith Flint, vocalista do The Prodigy, morre aos 49 anos»«Luke Perry, ator de 'Barrados no baile' e 'Riverdale', morre aos 52 anos»«Former Rangers and Scotland captain Eric Caldow dies, aged 84»«Morreu, aos 61 anos, a antiga lenda do wrestling King Kong Bundy»«Fallece el actor y director teatral Abraham Stavans»«In Memoriam Guillaume Faye»«Sidney Sheinberg, a Force Behind Universal and Spielberg, Is Dead at 84»«Carmine Persico, Colombo Crime Family Boss, Is Dead at 85»«Dirigent Michael Gielen gestorben»«Ciclista tricampeã mundial e prata na Rio 2016 é encontrada morta em casa aos 23 anos»«Pagan Community Notes: Raven Grimassi dies, Indianapolis pop-up event cancelled, Circle Sanctuary announces new podcast, and more!»«Hal Blaine, Wrecking Crew Drummer, Dies at 90»«Morre Coutinho, que editou dupla lendária com Pelé no Santos»«Cantor Demétrius, ídolo da Jovem Guarda, morre em SP»«Ex-presidente do Vasco, Eurico Miranda morre no Rio de Janeiro»«Bronze no Mundial de basquete de 1971, Laís Elena morre aos 76 anos»«Diretor de Corridas da F1, Charlie Whiting morre aos 66 anos às vésperas do GP da Austrália»«Morreu o cardeal Danneels, da Bélgica»«Morreu o cartoonista Augusto Cid»«Morreu a atriz Maria Isabel de Lizandra, de "Vale Tudo" e novelas da Tupi»«WS Merwin, prize-winning poet of nature, dies at 91»«Atriz Márcia Real morre em São Paulo aos 88 anos»«Mauritanie: décès de l'ancien président Mohamed Mahmoud ould Louly»«Morreu Dick Dale, o rei da surf guitar e de "Pulp Fiction"»«Falleció Víctor Genes»«João Carlos Marinho, autor de 'O Gênio do Crime', morre em SP»«Legendary Horror Director and SFX Artist John Carl Buechler Dies at 66»«Morre em Salvador a religiosa Makota Valdina»«مرگ بازیکن‌ سابق نساجی بر اثر سقوط سنگ در مازندران»«Domingos Oliveira morre no Rio»«Morre Airton Ravagniani, ex-São Paulo, Fla, Vasco, Grêmio e Sport - Notícias»«Morre o escritor Flavio Moreira da Costa»«Larry Cohen, Writer-Director of 'It's Alive' and 'Hell Up in Harlem,' Dies at 77»«Scott Walker, experimental singer-songwriter, dead at 76»«Joseph Pilato, Day of the Dead Star and Horror Favorite, Dies at 70»«Sheffield United set to pay tribute to legendary goalkeeper Ted Burgin who has died at 91»«Morre Rafael Henzel, sobrevivente de acidente aéreo da Chapecoense»«Morre Valery Bykovsky, um dos primeiros cosmonautas da União Soviética»«Agnès Varda, cineasta da Nouvelle Vague, morre aos 90 anos»«Agnès Varda, cineasta francesa, morre aos 90 anos»«Tania Mallet, James Bond Actress and Helen Mirren's Cousin, Dies at 77»e