corkami


Reverse engineering & visual documentations

this website will slowly move to GitHub

About Corkami - sources & PoCs - posters - order prints

<wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/twitter_corkami.xml" height=400 width=460 border=0/>

  • 2015/01/21 PNG Merge, a script to store several images in the same PNG

31C3

  • 2014/01/28 Preserving arcade games http://www.youtube.com/watch?feature=player_embedded&v=vg7LPcFUxg8' target='_blank'>http://img.youtube.com/vi/vg7LPcFUxg8/0.jpg' width='425' height=344 />
  • 2014/01/29 Funky file formats http://www.youtube.com/watch?feature=player_embedded&v=hdCs6bPM4is' target='_blank'>http://img.youtube.com/vi/hdCs6bPM4is/0.jpg' width='425' height=344 />

Posters (prints)

mini

101 walkthroughs

  • WAV101 (2014/01/08)
  • Happy new year!
  • (2013/12/24-2014/01/02) *Mach-O* (32b+old format, 64b+new format)

  • (2013/12/24) ZIP, Java Class, PDF

  • (2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM)
  • (2013/03/26) COM (also explains PEs' DOS stub)
  • (2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish

    overview

  • (2013/07/30) PE102 - a Windows executable format overview

Binary files

  • 2014/09/08 PoC a PDFLaTeX quine+polyglot: A PDF that is also its own .TeX source
  • 2014/08/10 PoC PoC||GTFO 0x5 a Flash, Iso, PDF, ZIP polyglots
    • article A cryptographer and a binarista walk into a bar
  • 2014/06/27 PoC PoC||GTFO 0x4 a TrueCrypt, PDF , ZIP polyglots
    • This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
    • How to Manually Attach a File to a PDF
  • 2014/04/02 When your slides read themselves: a binary inception (follow-up to 44Con 2013 slides)
  • 2014/03/30 a JPG/ZIP/PDF binary chimera (the file is a JPG image, a ZIP containing the same image, a PDF showing the same image, but the image data is present only once) - 1 data body, 3 heads of different types.
  • (2014/03/17) PoC||GTFO 0x03 is a PDF/ZIP/JPG/Audio (raw AFSK)/PNG (encrypted with AES)
    • This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
    • A Binary Magic Trick, Angecryption
  • (2013/12/28) a MBR/PDF/ZIP polyglot + article

  • (2013/10/06) a schizophrenic PE + article

  • (2013/09/13) 'inception' slides a PE+PDF+HTML+ZIP polyglot and PDF schizophrenic file - the PE file is a PDF viewer, viewing itself.
  • (2013/01/02) CorkaM-OsX, a Mach-O+PDF+HTML+Java polyglot file
  • (2012/12/13) CorkaMInuX, an ELF+PDF+HTML+Java polyglot file
  • (2012/08/01) CorkaMIX, a PE+PDF+HTML(+JavaScript)+(Jar[Class+Zip] ^ PY) polyglot file

Crypto

Presentations

  • 2014/05/17 when AES(☢) = ☠ - Episode V <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/whenaes2_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=wbHkVZfCNuE' target='_blank'>http://img.youtube.com/vi/wbHkVZfCNuE/0.jpg' width='425' height=344 />
  • 2014/05/17 PDF Secrets - hiding and revealing secrets in PDF documents <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/pdfsecrets_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=JQrBgVRgqtc' target='_blank'>http://img.youtube.com/vi/JQrBgVRgqtc/0.jpg' width='425' height=344 />

  • 2014/03/21 Binary Arts - funky PoCs and visual docs, presented at Insomni'hack, Geneva, Switzerland

  • 2014/01/13 on hacking & security a security 101, targeted at (defensive) beginners (released as is, never presented publicly)
  • on binary polyglots, first in french at SSTIC, then improved at 44CON
  • on the PE file format, first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)
    1. (2012/06/22) a bit more of PE (+video)
    2. (2012/11/03) Binary Art - byte-ing the PE that fails you
  • on x86 oddities first presented and recorded at hashdays, then improved at BerlinSides
    1. (2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
    2. (2011/12/28) x86 & PE (+screencasts)

Portable Executable

  • article with PoCs (2011/09/26 - 2013/10/07) the PE format
  • PoC a fully working PE in a tweet (encoded in a python string): "MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
  • source a rewrite of the PE header of Traceless demo
  • PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, FreeBasic, FreePascal, OpenWatcom, Fasm, GoAsm...)
  • graphics (2010/10) PE file format (file & memory layout, headers, data directories)

misc

  • 2014/03/12 HexII an attempt at getting a better generic binary representation
  • PoCs (2013/06/10) valid hand-made GIF/BMP, useable as JavaScript (commented source + binaries)
  • doc (2012/02/22) Opcodes' tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
  • article with PoCs (2012/03/18) curious encodings
  • Explaining what’s a computer virus to grandma
  • PoC Kernel31, a trampoline DLL to enable >XpSp3 binaries work on previous OS.
  • old crackmes solutions: PredatorPirupiru LilcwXor
  • screencast OllyDbg Tracing (easy level) setting OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
  • screencast reJava create a .class from scratch
  • PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE

PDF

brainteasers

  • page (2013/02/04) notes and hints
  • presentation (2013/01/16) A challenge in your pocket: an introduction to brainteasers

x86/x64 asm

  • article (2011/09) x86 oddities
    • PoC (2011/08/12) Corkami Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.
  • article how to get the current IP
  • article values of general and system registers on TLS/EntryPoint/... of most Windows versions, Wine, etc..
  • article (2011/03/22) Calling conventions, seen from ASM
  • doc Opcodes (x86 & x64 simplified tables, one-liners)
  • related doc: a very nice and simple opcode table, by Daniel Plohmann

packers

more

...for more information, check the (old) blog map, and the downloads tab.

PoCs links

Funky File Formats PoCs PE CorkaMiX mini-posters' Chimeras (polyglots sharing data) PoC||GTFO SNES/Megadrive/PDF NSF/PDF * with Gynvael Coldwind Schizophrenic files * with Philippe Teuwen BMP/Wav 3 PNG in one * external reversity's PNG

'>

Project Information

Labels:
Assembly Python Java PDF x86 PE executable Documentation puzzles