Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
1
250

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014
Tweet

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
880
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.2k
A question of time
Avatar for Ange Albertini ange
0
1.1k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
890
Generating Weird Files
Avatar for Ange Albertini ange
0
410
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.3k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
1.9k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.2k
Beyond your studies v2
Avatar for Ange Albertini ange
2
1k

Other Decks in Technology

See All in Technology
共有と分離 - Compose Multiplatform "本番導入" の設計指針
Avatar for Ryo WATANABE error96num
2
530
dbt開発 with Claude Codeのためのガードレール設計
Avatar for 10xinc 10xinc
2
1.2k
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
Avatar for sh_fk2 sh_fk2
3
260
TS-S205_昨年対比2倍以上の機能追加を実現するデータ基盤プロジェクトでのAI活用について
Avatar for K.Mitsuhashi kaz3284
1
150
COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用
Avatar for Yuto Osawa osawa
1
280
Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」
Avatar for KoheiOgawa shisyu_gaku
0
240
Aurora DSQLはサーバーレスアーキテクチャの常識を変えるのか
Avatar for TomoyaIwata iwatatomoya
1
980
バイブスに「型」を!Kent Beckに学ぶ、AI時代のテスト駆動開発
Avatar for amixedcolor amixedcolor
2
550
EncryptedSharedPreferences が deprecated になっちゃった!どうしよう! / Oh no! EncryptedSharedPreferences has been deprecated! What should I do?
Avatar for Yuki Anzai yanzm
0
350
開発者を支える Internal Developer Portal のイマとコレカラ / To-day and To-morrow of Internal Developer Portals: Supporting Developers
Avatar for Kento Kimura aoto
PRO
1
460
250905 大吉祥寺.pm 2025 前夜祭 「プログラミングに出会って20年、『今』が1番楽しい」
Avatar for Masaya Kudo msykd
PRO
1
910
自作JSエンジンに推しプロポーザルを実装したい!
Avatar for Saji sajikix
1
180

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.8k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
160
23k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
112
20k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.1k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
279
23k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
29
5.5k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
4k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.8k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
72
11k

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]