Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
1
250

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014
Tweet

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
850
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.2k
A question of time
Avatar for Ange Albertini ange
0
1.1k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
880
Generating Weird Files
Avatar for Ange Albertini ange
0
400
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.3k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
1.9k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.2k
Beyond your studies v2
Avatar for Ange Albertini ange
2
1k

Other Decks in Technology

See All in Technology
Wasmで社内ツールを作って配布しよう
Avatar for asuka askua
0
150
TypeScript 上達の道
Avatar for Kanon ysknsid25
23
4.8k
CSPヘッダー導入で実現するWebサイトの多層防御:今すぐ試せる設定例と運用知見
Avatar for llamakko llamakko
1
270
大規模イベントを支える ABEMA の アーキテクチャ 変遷 2025
Avatar for Katsutoshi Nagaoka nagapad
5
530
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
Avatar for NTT docomo Business nttcom
1
220
ビジネス文書に特化した基盤モデル開発 / SaaSxML_Session_2
Avatar for Sansan R&D sansan_randd
0
150
Jitera Company Deck / JP
Avatar for Jitera Inc. jitera
0
270
Kiro Hookを Terraformで検証
Avatar for ao-inoue ao_inoue
0
140
LLMでAI-OCR、実際どうなの? / llm_ai_ocr_layerx_bet_ai_day_lt
Avatar for sbrf248 sbrf248
0
210
なぜAI時代に 「イベント」を中心に考えるのか? / Why focus on "events" in the age of AI?
Avatar for yuuki takezawa ytake
2
810
Amazon CloudWatchのメトリクスインターバルについて / Metrics interval matters
Avatar for ymotongpoo ymotongpoo
3
290
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
Avatar for Akitomo Sato akitomonam
2
200

Featured

See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
860
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
Done Done
Avatar for chrislema chrislema
184
16k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
207
24k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]