oinkie 🐽🐷🐖
[ 🗣️ Overview | 🚶 Procedures of Birthmarking | 🧭 Navigation ]

oinkie is a software birthmark toolkit designed for detecting software theft. It extracts unique characteristics (birthmarks) of software from binary formats and compares them to identify suspected plagiarism.
Currently, oinkie supports extracting and comparing birthmarks from Ghidra Pcode, and planned support includes LLVM IR/BC and Binary Ninja.
🗣️ Overview#
Software theft is difficult to detect because it is conducted stealthily, and the source code of stolen software remains private. Compilers and their options sensitively alter the binary formats (including executables) of software, and the problem is further complicated by the vast amount of software worldwide. Therefore, we need a method to detect software theft targeting binary formats from large software repositories.
To solve this, Tamada et al. proposed the concept of software birthmarking in 2004. A software birthmark refers to the native characteristics of programs and allows for comparison between them. The similarities of the two birthmarks reflect how similar the original programs are.
This toolkit extracts these birthmarks from binary code and compares them to calculate similarities. High similarity suggests that one program is suspected of being a copy of the other.
🚶 Procedures of Birthmarking#
To examine software birthmarks with oinkie, we apply the following 5-step workflow:
- Collect the binary files to be examined.
- Lift the binary files to an intermediate representation (IR), such as Ghidra Pcode.
- Extract the birthmarks from the lifted IR files.
- Compare the birthmarks to calculate similarities.
- Analyze the similarity results to determine if software theft is suspected.

🧭 Navigation#
- To get started and install
oinkie, see ⚓️ Install, - To learn how to use the CLI and its subcommands, see 🏃 Usage,
- To read about the scientific background, origin, and research papers, see About, and
- To learn the trend of the software birthmarks, see Academic.
