
corkami
this website will slowly move to GitHub
About Corkami - sources & PoCs - posters - order prints
<wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/twitter_corkami.xml" height=400 width=460 border=0/>
- 2015/01/21 PNG Merge, a script to store several images in the same PNG
31C3
- 2014/01/28 Preserving arcade games http://www.youtube.com/watch?feature=player_embedded&v=vg7LPcFUxg8' target='_blank'>http://img.youtube.com/vi/vg7LPcFUxg8/0.jpg' width='425' height=344 />
- 2014/01/29 Funky file formats http://www.youtube.com/watch?feature=player_embedded&v=hdCs6bPM4is' target='_blank'>http://img.youtube.com/vi/hdCs6bPM4is/0.jpg' width='425' height=344 />
Posters (prints)
- I covered enough formats to get a complete calendar !
mini
- 2014/07/30-2014/12/01 mini binary posters with black background ELF/PE/DEX/Mach-O/Class/COM/DOL TAR/GZ/BZ2/ZIP/RAR BMP/PNG/GIF/JPG/TIF/TGA/XBM/PPM/PGM x86/x64 PDF SWF WAV
101 walkthroughs
- WAV101 (2014/01/08)
- Happy new year!
(2013/12/24-2014/01/02) *Mach-O* (32b+old format, 64b+new format)
(2013/12/24) ZIP, Java Class, PDF
- (2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM)
- (2013/03/26) COM (also explains PEs' DOS stub)
(2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish
overview
(2013/07/30) PE102 - a Windows executable format overview
Binary files
- 2014/09/08 PoC a PDFLaTeX quine+polyglot: A PDF that is also its own .TeX source
- 2014/08/10 PoC PoC||GTFO 0x5 a Flash, Iso, PDF, ZIP polyglots
- article A cryptographer and a binarista walk into a bar
- 2014/06/27 PoC PoC||GTFO 0x4 a TrueCrypt, PDF , ZIP polyglots
- This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
- How to Manually Attach a File to a PDF
- 2014/04/02 When your slides read themselves: a binary inception (follow-up to 44Con 2013 slides)
- 2014/03/30 a JPG/ZIP/PDF binary chimera (the file is a JPG image, a ZIP containing the same image, a PDF showing the same image, but the image data is present only once) - 1 data body, 3 heads of different types.
- (2014/03/17) PoC||GTFO 0x03 is a PDF/ZIP/JPG/Audio (raw AFSK)/PNG (encrypted with AES)
- This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
- A Binary Magic Trick, Angecryption
(2013/12/28) a MBR/PDF/ZIP polyglot + article
(2013/10/06) a schizophrenic PE + article
- (2013/09/13) 'inception' slides a PE+PDF+HTML+ZIP polyglot and PDF schizophrenic file - the PE file is a PDF viewer, viewing itself.
- (2013/01/02) CorkaM-OsX, a Mach-O+PDF+HTML+Java polyglot file
- (2012/12/13) CorkaMInuX, an ELF+PDF+HTML+Java polyglot file
- (2012/08/01) CorkaMIX, a PE+PDF+HTML(+JavaScript)+(Jar[Class+Zip] ^ PY) polyglot file
Crypto
- AngeCryption
- 2014/03/16 AngeCryption getting valid files after (AES) encryption
- 2014/04/03 when AES(☢) = ☠ - a crypto-binary magic trick
- 2014/07/09 Joue à la crypto !: Présentation in French on AngeCryption and TrueCrypt polyglot - doesn't require any prior knowledge.
- http://www.youtube.com/watch?feature=player_embedded&v=iIesDpv9F4s' target='_blank'>http://img.youtube.com/vi/iIesDpv9F4s/0.jpg' width='425' height=344 />
- 2014/07/23 Let's play with crypto! (English translation of my slides)
- 2014/09/07 a JPEG that becomes a PNG after AES encryption and a PDF after 3DES decryption
- PoCs, slides, video Malicious SHA-1 backdooring
- 2014/02/12 teaser New SHAllenge - aber das ist Skein MD5 Kollision!
- 2014/01/21 on Adobe password security
- 2014/01/21 When cryptographic functions go bad - with Jean-Philippe Aumasson
Presentations
- 2014/05/17 when AES(☢) = ☠ - Episode V <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/whenaes2_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=wbHkVZfCNuE' target='_blank'>http://img.youtube.com/vi/wbHkVZfCNuE/0.jpg' width='425' height=344 />
2014/05/17 PDF Secrets - hiding and revealing secrets in PDF documents <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/pdfsecrets_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=JQrBgVRgqtc' target='_blank'>http://img.youtube.com/vi/JQrBgVRgqtc/0.jpg' width='425' height=344 />
2014/03/21 Binary Arts - funky PoCs and visual docs, presented at Insomni'hack, Geneva, Switzerland
- 2014/01/13 on hacking & security a security 101, targeted at (defensive) beginners (released as is, never presented publicly)
- on binary polyglots, first in french at SSTIC, then improved at 44CON
- (2013/06/05) SSTIC, Rennes, France: Polyglottes binaires et implications Slides & PoCs SlideShare
- (2013/09/13) 44CON, London, England: Messing with binary formats 'inception' slides SlideShare
- on the PE file format, first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)
- (2012/06/22) a bit more of PE (+video)
- (2012/11/03) Binary Art - byte-ing the PE that fails you
- on x86 oddities first presented and recorded at hashdays, then improved at BerlinSides
- (2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
- (2011/12/28) x86 & PE (+screencasts)
Portable Executable
- article with PoCs (2011/09/26 - 2013/10/07) the PE format
- PoC a fully working PE in a tweet (encoded in a python string):
"MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
- source a rewrite of the PE header of Traceless demo
- PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, FreeBasic, FreePascal, OpenWatcom, Fasm, GoAsm...)
- graphics (2010/10) PE file format (file & memory layout, headers, data directories)
misc
- 2014/03/12 HexII an attempt at getting a better generic binary representation
- PoCs (2013/06/10) valid hand-made GIF/BMP, useable as JavaScript (commented source + binaries)
- doc (2012/02/22) Opcodes' tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
- article with PoCs (2012/03/18) curious encodings
- Explaining what’s a computer virus to grandma
- PoC Kernel31, a trampoline DLL to enable >XpSp3 binaries work on previous OS.
- old crackmes solutions: PredatorPirupiru LilcwXor
- screencast OllyDbg Tracing (easy level) setting OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
- screencast reJava create a .class from scratch
- PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE
- article with PoCs (2011/07/12-2013/03/15) a summary of PDF tricks - encodings, structures, JavaScript... (Français 日本語)
brainteasers
- page (2013/02/04) notes and hints
- presentation (2013/01/16) A challenge in your pocket: an introduction to brainteasers
x86/x64 asm
- article (2011/09) x86 oddities
- PoC (2011/08/12) Corkami Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.
- article how to get the current IP
- article values of general and system registers on TLS/EntryPoint/... of most Windows versions, Wine, etc..
- article (2011/03/22) Calling conventions, seen from ASM
- doc Opcodes (x86 & x64 simplified tables, one-liners)
- related doc: a very nice and simple opcode table, by Daniel Plohmann
packers
- PoCs categories: patcher, protecter, crypter, compresser, mutater, virtualizer
- PoCs crypters algos: xor, prng, rc4
- PoCs architectures of virtualization: standard, stack, SubLeq, TTA
- source a one-file aPLib compression/decompression in python
- PoCs imports loading obfuscation
- PoCs string encodings
- toolkit a toolkit to run drivers in user-mode, and unpack them directly from OllyDbg
- doc anti-debugs
- doc packers (models, categories & features, landscape, detailed features, entrypoints, algorithms)
more
...for more information, check the (old) blog map, and the downloads tab.
PoCs links
Funky File Formats PoCs PE CorkaMiX mini-posters' Chimeras (polyglots sharing data) PoC||GTFO SNES/Megadrive/PDF NSF/PDF * with Gynvael Coldwind Schizophrenic files * with Philippe Teuwen BMP/Wav 3 PNG in one * external reversity's PNG
'>
Project Information
- License: New BSD License
- Content License: Creative Commons 3.0 BY
- 491 stars
- svn-based source control
Labels:
Assembly
Python
Java
PDF
x86
PE
executable
Documentation
puzzles