about Corkami

misc

• poster (2013/03/26) COM 101 - a DOS executable walkthrough



• doc (2012/02/22) Opcodes' tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
• article with PoCs (2012/03/18) curious encodings
• Explaining what’s a computer virus to grandma
• PoC Kernel31, a trampoline DLL to enable >XpSp3 binaries work on previous OS.
• old crackmes solutions: PredatorPirupiru LilcwXor
• screencast OllyDbg Tracing (easy level) setting OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
• screencast reJava create a .class from scratch
• PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE

PDF

• article with PoCs (2011/07/12-2013/03/15) a summary of PDF tricks - encodings, structures, JavaScript... (Français 日本語)

Portable Executable

• poster (2012/05/03-2012/12/05) PE 101 - a Windows executable walkthrough (an easy introduction)

• PoC a fully working PE in a tweet (encoded in a python string): "MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
• presentation first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)
1. (2012/06/22) a bit more of PE (+video)
2. (2012/11/03) Binary Art - byte-ing the PE that fails you
• article with PoCs (2011/09/26 - 2013/02/01) the PE format
• source a rewrite of the PE header of Traceless demo
• PoC (2012/08/01) CorkaMIX, an all-in-one PE/PDF/Html[+JavaScript]/(Jar[Class+Zip] ^ PY) file written by hand
• PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, FreeBasic, FreePascal, OpenWatcom, Fasm, GoAsm...)
• graphics (2010/10) PE file format (file & memory layout, headers, data directories)

Mach Object

• PoC (2013/01/02) CorkaM-OsX, a Mach-O/PDF/HTML/Java file

brainteasers

• page (2013/02/04) notes and hints
• presentation (2013/01/16) A challenge in your pocket: an introduction to brainteasers

Executable and Linkable Format

• PoC (2012/12/13) CorkaMInuX, an ELF/PDF/HTML/Java file

x86/x64 asm

• presentation first presented and recorded at hashdays, then improved at BerlinSides
1. (2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
2. (2011/12/28) x86 & PE (+screencasts)
• article (2011/09) x86 oddities
• PoC (2011/08/12) Corkami Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.
• article how to get the current IP
• article values of general and system registers on TLS/EntryPoint/... of most Windows versions, Wine, etc..
• article (2011/03/22) Calling conventions, seen from ASM
• doc Opcodes (x86 & x64 simplified tables, one-liners)
• related doc: a very nice and simple opcode table, by Daniel Plohmann

packers

• PoCs categories: patcher, protecter, crypter, compresser, mutater, virtualizer
• PoCs crypters algos: xor, prng, rc4
• PoCs architectures of virtualization: standard, stack, SubLeq, TTA
• source a one-file aPLib compression/decompression in python
• PoCs imports loading obfuscation
• PoCs string encodings
• toolkit a toolkit to run drivers in user-mode, and unpack them directly from OllyDbg
• doc anti-debugs
• doc packers (models, categories & features, landscape, detailed features, entrypoints, algorithms)

more

...for more information, check the (old) blog map, and the downloads tab.