Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
260
1

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
1k
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.5k
A question of time
Avatar for Ange Albertini ange
0
1.2k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
960
Generating Weird Files
Avatar for Ange Albertini ange
0
480
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.3k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
2k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.4k
Beyond your studies v2
Avatar for Ange Albertini ange
2
1.1k

Other Decks in Technology

See All in Technology
Swift Sequence の便利 API 再発見
Avatar for treastrain / Tanaka Ryoga treastrain
1
270
「強制アップデート」か「チームの自律」か?エンタープライズが辿り着いたプラットフォームのハイブリッド運用/cloudnative-kaigi-hybrid-platform-operations
Avatar for みずほリサーチ&テクノロジーズ株式会社 先端技術研究部 mhrtech
0
190
ESP32 IoTを動かしながらメモリ使用量を観測してみた話
Avatar for ZOZO Developers zozotech
PRO
0
110
Purview 勉強会報告 Microsoft Purview 入門しようとしてみた
Avatar for masakichi masakichixo
1
390
How to learn AWS Well-Architected with AWS BuilderCards: Security Edition
Avatar for Kosuke ENOMOTO coosuke
PRO
0
130
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
700
『生成AI時代のクレデンシャルとパーミッション設計 — Claude Code を起点に』の執筆企画
Avatar for Takuro SASAKI takuros
3
2.4k
2026年春のAgentCoreアプデ 細かいやつ全部まとめ
Avatar for みのるん minorun365
3
230
Sociotechnical Architecture Reviews: Understanding Teams, not just Artefacts
Avatar for Eberhard Wolff ewolff
1
170
AI-Assisted Contributions and Maintainer Load - PyCon US 2026
Avatar for Paolo Melchiorre pauloxnet
1
120
「背中を見て育て」からの卒業 〜専門技術としてのテスト設計を軸に、品質保証のバトンを繋ぐ〜 #genda_tech_talk
Avatar for nihonbuson nihonbuson
PRO
3
1.3k
サンプリングは「作る」のか「使う」のか? 分散トレースのコストと運用を両立する実践的戦略 / Why you need the tail sampling and why you don't want it
Avatar for ymotongpoo ymotongpoo
4
170

Featured

See All Featured
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
1
440
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
230
Money Talks: Using Revenue to Get Sh*t Done
Avatar for Nikki Halliwell nikkihalliwell
0
220
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.8k
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
33k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
120
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
190
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
170
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
Designing for Performance
Avatar for Lara Hogan lara
611
70k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
274
21k

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]