Post on 15-Jan-2015
description
Insomni’hackGeneva, Switzerland
Ange Albertini2014/03/21
funky PoCs & visual docs
http://corkami.com
reverse engineering&
visual documentations
boring?
● file formats were supposed to be safe○ public specs○ open-source parsers
● {weirdness} == {exploits} ?● software = parse, sanitize, recover
formats’ diversity 1/2
no header● COM (1982), MBR (1982)magic signature● none: DOL (2001)● 2: TIFF, PE● 4: most standard● >4: PNG, PDF
start offset:● archives● range: PDF● mostly 0special properties● deprecated header: PE● variable scanning direction: PDF● multi-versions: BMP● scanned chunk: JPEG● no official names: ZIP
formats’ diversity 2/2
quine (relay)
polyglot
schizophren
misc
128, 217, 255, 217,128, 38, 1, 38
crypto-tology:for anything crypto, ask @veorq
(coz he’s awesome)
conclusionon binary formats
On binary formats
● specs far from perfect● plenty of fun● many consequences for infosec
○ unforeseen attack channels
on visual docshttp://pics.corkami.com
http://prints.corkami.com
disclaimerno awards, no studies
goalcreate useful
documentationsbased on reality
postersself-contained
● immediate ‘big picture’● no roleplay gamebook
use common senseand your own eyes
creativity?give yourself time!
to fail!
define your audiencelower and upper limits
“you should add …”see “setting a upper limit”
“too simple/simplified”? 1/ teach others, beginners, kids
2/ no more excuses for not knowing
remove the obviousguessing doesn’t hurt
spaceoptimal separator
left right
left right
left right
no unnecessary extrasleave doors closed
(to be opened somewhere else)
requirements
a computera transparent tablecloth
@jaredcatkinson’s prefetch101
conclusionon visual docs
On visual documentations
● it doesn’t hurt● it’s not so hard● requires time
Questions ?
thank YOU !
@angealbertini✉ ange@corkami.com