Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
1
250

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014
Tweet

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
900
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.2k
A question of time
Avatar for Ange Albertini ange
0
1.1k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
900
Generating Weird Files
Avatar for Ange Albertini ange
0
420
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.3k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
1.9k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.2k
Beyond your studies v2
Avatar for Ange Albertini ange
2
1k

Other Decks in Technology

See All in Technology
AI Agent Dojo #2 watsonx Orchestrateフローの作成
Avatar for Akira Onishi (IBM) oniak3ibm
PRO
0
120
Git in Team
Avatar for Yasunobu Kawaguchi kawaguti
PRO
3
370
データ戦略部門 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.7k
LLMアプリの地上戦開発計画と運用実践 / 2025.10.15 GPU UNITE 2025
Avatar for Shumpei Miyawaki smiyawaki0820
1
570
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
Avatar for emi emiki
3
1.9k
業務効率化をさらに加速させる、ノーコードツールとStep Functionsのハイブリッド化
Avatar for Makky12 smt7174
2
140
エンタメとAIのための3Dパラレルワールド構築(GPU UNITE 2025 特別講演)
Avatar for Preferred Networks pfn
PRO
0
330
コンテキストエンジニアリング入門〜AI Coding Agent作りで学ぶ文脈設計〜
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
3
1.4k
OCI Network Firewall 概要
Avatar for oracle4engineer oracle4engineer
PRO
2
7.9k
リセラー企業のテクサポ担当が考える、生成 AI 時代のトラブルシュート 2025
Avatar for kazzpapa3 kazzpapa3
1
350
[Codex Meetup Japan #1] Codex-Powered Mobile Apps Development
Avatar for Kenichi Kambara korodroid
2
860
やる気のない自分との向き合い方/How to Deal with Your Unmotivated Self
Avatar for Genki Sano sanogemaru
0
510

Featured

See All Featured
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
57k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
657
61k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.9k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
359
30k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
332
24k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
615
210k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]