Insomni’hackGeneva, Switzerland

Ange Albertini2014/03/21

funky PoCs & visual docs

http://corkami.com

reverse engineering&

visual documentations

boring?

● file formats were supposed to be safe○ public specs○ open-source parsers

● {weirdness} == {exploits} ?● software = parse, sanitize, recover

formats’ diversity 1/2

no header● COM (1982), MBR (1982)magic signature● none: DOL (2001)● 2: TIFF, PE● 4: most standard● >4: PNG, PDF

start offset:● archives● range: PDF● mostly 0special properties● deprecated header: PE● variable scanning direction: PDF● multi-versions: BMP● scanned chunk: JPEG● no official names: ZIP

formats’ diversity 2/2

quine (relay)

polyglot

schizophren

misc

128, 217, 255, 217,128, 38, 1, 38

crypto-tology:for anything crypto, ask @veorq

(coz he’s awesome)

conclusionon binary formats

On binary formats

● specs far from perfect● plenty of fun● many consequences for infosec

○ unforeseen attack channels

on visual docshttp://pics.corkami.com

http://prints.corkami.com

disclaimerno awards, no studies

goalcreate useful

documentationsbased on reality

postersself-contained

● immediate ‘big picture’● no roleplay gamebook

use common senseand your own eyes

creativity?give yourself time!

to fail!

define your audiencelower and upper limits

“you should add …”see “setting a upper limit”

“too simple/simplified”? 1/ teach others, beginners, kids

2/ no more excuses for not knowing

remove the obviousguessing doesn’t hurt

spaceoptimal separator

left right

left right

left right

no unnecessary extrasleave doors closed

(to be opened somewhere else)

requirements

a computera transparent tablecloth

http://src.corkami.com

@jaredcatkinson’s prefetch101

conclusionon visual docs

On visual documentations

● it doesn’t hurt● it’s not so hard● requires time

Questions ?

thank YOU !

@angealbertini✉ ange@corkami.com