Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
1
250

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014
Tweet

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
830
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.1k
A question of time
Avatar for Ange Albertini ange
0
1.1k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
870
Generating Weird Files
Avatar for Ange Albertini ange
0
390
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.2k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
1.9k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.2k
Beyond your studies v2
Avatar for Ange Albertini ange
2
990

Other Decks in Technology

See All in Technology
変化する開発、進化する体系時代に適応するソフトウェアエンジニアの知識と考え方(JaSST'25 Kansai)
Avatar for みずのり mizunori
1
240
「Chatwork」の認証基盤の移行とログ活用によるプロダクト改善
Avatar for kubell kubell_hr
1
200
Lambda Web Adapterについて自分なりに理解してみた
Avatar for Makky12 smt7174
5
130
KubeCon + CloudNativeCon Japan 2025 Recap by CA
Avatar for YuyaKoda ponkio_o
PRO
0
150
GitHub Copilot の概要
Avatar for tomokusaba tomokusaba
1
140
Amazon ECS & AWS Fargate 運用アーキテクチャ2025 / Amazon ECS and AWS Fargate Ops Architecture 2025
Avatar for iselegant iselegant
17
5.8k
Fabric + Databricks 2025.6 の最新情報ピックアップ
Avatar for Ryoma Nagata ryomaru0825
1
150
フィンテック養成勉強会#54
Avatar for フィンテック養成コミュニティ finengine
0
180
AWS Summit Japan 2025 Community Stage - App workflow automation by AWS Step Functions
Avatar for matsuihidetoshi matsuihidetoshi
1
300
GeminiとNotebookLMによる金融実務の業務革新
Avatar for abenben abenben
0
240
Liquid Glass革新とSwiftUI/UIKit進化
Avatar for Fumiya Sakai fumiyasac0921
0
250
CI/CD/IaC 久々に0から環境を作ったらこうなりました
Avatar for Kaz Watanabe kaz29
1
190

Featured

See All Featured
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
17
950
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
8
670
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
Side Projects
Avatar for Sacha Greif sachag
455
42k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
54
11k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
48
2.8k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
930

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]