this website will slowly move to GitHub

About Corkami - sources & PoCs - posters - order prints

<wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/twitter_corkami.xml" height=400 width=460 border=0/>

• 2015/01/21 PNG Merge, a script to store several images in the same PNG

31C3

• 2014/01/28 Preserving arcade games http://www.youtube.com/watch?feature=player_embedded&v=vg7LPcFUxg8' target='_blank'>http://img.youtube.com/vi/vg7LPcFUxg8/0.jpg' width='425' height=344 />
• 2014/01/29 Funky file formats http://www.youtube.com/watch?feature=player_embedded&v=hdCs6bPM4is' target='_blank'>http://img.youtube.com/vi/hdCs6bPM4is/0.jpg' width='425' height=344 />

Posters (prints)

• I covered enough formats to get a complete calendar !

mini

• 2014/07/30-2014/12/01 mini binary posters with black background ELF/PE/DEX/Mach-O/Class/COM/DOL TAR/GZ/BZ2/ZIP/RAR BMP/PNG/GIF/JPG/TIF/TGA/XBM/PPM/PGM x86/x64 PDF SWF WAV

  

101 walkthroughs

• WAV101 (2014/01/08)
• Happy new year!

• (2013/12/24-2014/01/02) *Mach-O* (32b+old format, 64b+new format)

• (2013/12/24) ZIP, Java Class, PDF

• (2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM)
• (2013/03/26) COM (also explains PEs' DOS stub)

• (2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish

  overview

• (2013/07/30) PE102 - a Windows executable format overview

Binary files

• 2014/09/08 PoC a PDFLaTeX quine+polyglot: A PDF that is also its own .TeX source
• 2014/08/10 PoC PoC||GTFO 0x5 a Flash, Iso, PDF, ZIP polyglots
  • article A cryptographer and a binarista walk into a bar
• 2014/06/27 PoC PoC||GTFO 0x4 a TrueCrypt, PDF , ZIP polyglots
  • This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
  • How to Manually Attach a File to a PDF
• 2014/04/02 When your slides read themselves: a binary inception (follow-up to 44Con 2013 slides)
• 2014/03/30 a JPG/ZIP/PDF binary chimera (the file is a JPG image, a ZIP containing the same image, a PDF showing the same image, but the image data is present only once) - 1 data body, 3 heads of different types.
• (2014/03/17) PoC||GTFO 0x03 is a PDF/ZIP/JPG/Audio (raw AFSK)/PNG (encrypted with AES)
  • This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
  • A Binary Magic Trick, Angecryption

• (2013/12/28) a MBR/PDF/ZIP polyglot + article

• (2013/10/06) a schizophrenic PE + article

• (2013/09/13) 'inception' slides a PE+PDF+HTML+ZIP polyglot and PDF schizophrenic file - the PE file is a PDF viewer, viewing itself.
• (2013/01/02) CorkaM-OsX, a Mach-O+PDF+HTML+Java polyglot file
• (2012/12/13) CorkaMInuX, an ELF+PDF+HTML+Java polyglot file
• (2012/08/01) CorkaMIX, a PE+PDF+HTML(+JavaScript)+(Jar[Class+Zip] ^ PY) polyglot file

Crypto

• AngeCryption
  • 2014/03/16 AngeCryption getting valid files after (AES) encryption
  • 2014/04/03 when AES(☢) = ☠ - a crypto-binary magic trick
  • 2014/07/09 Joue à la crypto !: Présentation in French on AngeCryption and TrueCrypt polyglot - doesn't require any prior knowledge.
  • http://www.youtube.com/watch?feature=player_embedded&v=iIesDpv9F4s' target='_blank'>http://img.youtube.com/vi/iIesDpv9F4s/0.jpg' width='425' height=344 />
  • 2014/07/23 Let's play with crypto! (English translation of my slides)
  • 2014/09/07 a JPEG that becomes a PNG after AES encryption and a PDF after 3DES decryption
• PoCs, slides, video Malicious SHA-1 backdooring
  • 2014/02/12 teaser New SHAllenge - aber das ist Skein MD5 Kollision!
• 2014/01/21 on Adobe password security
• 2014/01/21 When cryptographic functions go bad - with Jean-Philippe Aumasson

Presentations

• 2014/05/17 when AES(☢) = ☠ - Episode V <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/whenaes2_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=wbHkVZfCNuE' target='_blank'>http://img.youtube.com/vi/wbHkVZfCNuE/0.jpg' width='425' height=344 />

• 2014/05/17 PDF Secrets - hiding and revealing secrets in PDF documents <wiki:gadget url="https://corkami.googlecode.com/svn/wiki/gadgets/pdfsecrets_slideshare.xml" width=595 height=497 border=0/> http://www.youtube.com/watch?feature=player_embedded&v=JQrBgVRgqtc' target='_blank'>http://img.youtube.com/vi/JQrBgVRgqtc/0.jpg' width='425' height=344 />

• 2014/03/21 Binary Arts - funky PoCs and visual docs, presented at Insomni'hack, Geneva, Switzerland

• 2014/01/13 on hacking & security a security 101, targeted at (defensive) beginners (released as is, never presented publicly)
• on binary polyglots, first in french at SSTIC, then improved at 44CON
  • (2013/06/05) SSTIC, Rennes, France: Polyglottes binaires et implications Slides & PoCs SlideShare
  • (2013/09/13) 44CON, London, England: Messing with binary formats 'inception' slides SlideShare
• on the PE file format, first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)
  1. (2012/06/22) a bit more of PE (+video)
  2. (2012/11/03) Binary Art - byte-ing the PE that fails you
• on x86 oddities first presented and recorded at hashdays, then improved at BerlinSides
  1. (2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
  2. (2011/12/28) x86 & PE (+screencasts)

Portable Executable

• article with PoCs (2011/09/26 - 2013/10/07) the PE format
• PoC a fully working PE in a tweet (encoded in a python string): "MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
• source a rewrite of the PE header of Traceless demo
• PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, FreeBasic, FreePascal, OpenWatcom, Fasm, GoAsm...)
• graphics (2010/10) PE file format (file & memory layout, headers, data directories)

misc

• 2014/03/12 HexII an attempt at getting a better generic binary representation
• PoCs (2013/06/10) valid hand-made GIF/BMP, useable as JavaScript (commented source + binaries)
• doc (2012/02/22) Opcodes' tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
• article with PoCs (2012/03/18) curious encodings
• Explaining what’s a computer virus to grandma
• PoC Kernel31, a trampoline DLL to enable >XpSp3 binaries work on previous OS.
• old crackmes solutions: PredatorPirupiru LilcwXor
• screencast OllyDbg Tracing (easy level) setting OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
• screencast reJava create a .class from scratch
• PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE

PDF

• article with PoCs (2011/07/12-2013/03/15) a summary of PDF tricks - encodings, structures, JavaScript... (Français 日本語)

brainteasers

• page (2013/02/04) notes and hints
• presentation (2013/01/16) A challenge in your pocket: an introduction to brainteasers

x86/x64 asm

• article (2011/09) x86 oddities
  • PoC (2011/08/12) Corkami Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.
• article how to get the current IP
• article values of general and system registers on TLS/EntryPoint/... of most Windows versions, Wine, etc..
• article (2011/03/22) Calling conventions, seen from ASM
• doc Opcodes (x86 & x64 simplified tables, one-liners)
• related doc: a very nice and simple opcode table, by Daniel Plohmann

packers

• PoCs categories: patcher, protecter, crypter, compresser, mutater, virtualizer
• PoCs crypters algos: xor, prng, rc4
• PoCs architectures of virtualization: standard, stack, SubLeq, TTA
• source a one-file aPLib compression/decompression in python
• PoCs imports loading obfuscation
• PoCs string encodings
• toolkit a toolkit to run drivers in user-mode, and unpack them directly from OllyDbg
• doc anti-debugs
• doc packers (models, categories & features, landscape, detailed features, entrypoints, algorithms)

more

...for more information, check the (old) blog map, and the downloads tab.

PoCs links

Funky File Formats PoCs PE CorkaMiX mini-posters' Chimeras (polyglots sharing data) PoC||GTFO SNES/Megadrive/PDF NSF/PDF * with Gynvael Coldwind Schizophrenic files * with Philippe Teuwen BMP/Wav 3 PNG in one * external reversity's PNG

'>