Project Information

Project feeds
Code license
New BSD License
Content license
Creative Commons 3.0 BY
Labels
Assembly, Python, Java, PDF, x86, PE, executable, Documentation, puzzles

Members

Featured

Wiki pages

Links

About Corkami - sources & PoCs - posters - order prints

Posters (prints)

I covered enough formats to get a complete calendar !

mini

2014/07/30-2014/09/01 mini binary posters with black background ELF/PE/Mach-O/DOL ZIP/RAR BMP/PNG x86/x64 PDF SWF WAV

101 walkthroughs

WAV101 (2014/01/08)
Happy new year!
(2013/12/24-2014/01/02) *Mach-O* (32b+old format, 64b+new format)

(2013/12/24) ZIP, Java Class, PDF
(2013/11/20-2013/12/06) ELF (32b, 64b, AT&T, Pro, ARM)
(2013/03/26) COM (also explains PEs' DOS stub)
(2012/05/03-2013/06/28) PE 32b, 64b, Russian, French, German, Polish, Japanese, Arabic, Chinese, Korean, Spanish

overview

(2013/07/30) PE102 - a Windows executable format overview

Binary files

2014/09/08 PoC a PDFLaTeX quine+polyglot: A PDF that is also its own .TeX source
2014/08/10 PoC PoC||GTFO 0x5 a Flash, Iso, PDF, ZIP polyglots

article A cryptographer and a binarista walk into a bar

2014/06/27 PoC PoC||GTFO 0x4 a TrueCrypt, PDF , ZIP polyglots

This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
How to Manually Attach a File to a PDF

2014/04/02 When your slides read themselves: a binary inception (follow-up to 44Con 2013 slides)
2014/03/30 a JPG/ZIP/PDF binary chimera (the file is a JPG image, a ZIP containing the same image, a PDF showing the same image, but the image data is present only once) - 1 data body, 3 heads of different types.
(2014/03/17) PoC||GTFO 0x03 is a PDF/ZIP/JPG/Audio (raw AFSK)/PNG (encrypted with AES)

This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
A Binary Magic Trick, Angecryption

(2013/12/28) a MBR/PDF/ZIP polyglot + article

(2013/10/06) a schizophrenic PE + article
(2013/09/13) 'inception' slides a PE+PDF+HTML+ZIP polyglot and PDF schizophrenic file - the PE file is a PDF viewer, viewing itself.
(2013/01/02) CorkaM-OsX, a Mach-O+PDF+HTML+Java polyglot file
(2012/12/13) CorkaMInuX, an ELF+PDF+HTML+Java polyglot file
(2012/08/01) CorkaMIX, a PE+PDF+HTML(+JavaScript)+(Jar[Class+Zip] ^ PY) polyglot file

Crypto

AngeCryption

2014/03/16 AngeCryption getting valid files after (AES) encryption
2014/04/03 when AES(☢) = ☠ - a crypto-binary magic trick
2014/07/09 Joue à la crypto !: Présentation in French on AngeCryption and TrueCrypt polyglot - doesn't require any prior knowledge.
2014/07/23 Let's play with crypto! (English translation of my slides)
2014/09/07 a JPEG that becomes a PNG after AES encryption and a PDF after 3DES decryption

PoCs, slides, video Malicious SHA-1 backdooring

2014/02/12 teaser New SHAllenge - aber das ist Skein MD5 Kollision!

2014/01/21 on Adobe password security
2014/01/21 When cryptographic functions go bad - with Jean-Philippe Aumasson

Presentations

2014/05/17 when AES(☢) = ☠ - Episode V

2014/05/17 PDF Secrets - hiding and revealing secrets in PDF documents

2014/03/21 Binary Arts - funky PoCs and visual docs, presented at Insomni'hack, Geneva, Switzerland
2014/01/13 on hacking & security a security 101, targeted at (defensive) beginners (released as is, never presented publicly)
on binary polyglots, first in french at SSTIC, then improved at 44CON

(2013/06/05) SSTIC, Rennes, France: Polyglottes binaires et implications Slides & PoCs SlideShare
(2013/09/13) 44CON, London, England: Messing with binary formats 'inception' slides SlideShare

on the PE file format, first at Hack In Paris, then reworked and extended at hashdays, Luzern (Switzerland)

(2012/06/22) a bit more of PE (+video)
(2012/11/03) Binary Art - byte-ing the PE that fails you

on x86 oddities first presented and recorded at hashdays, then improved at BerlinSides

(2011/10/28) Such a weird processor - messing with opcodes (...and a little bit of PE) (+video)
(2011/12/28) x86 & PE (+screencasts)

Portable Executable

article with PoCs (2011/09/26 - 2013/10/07) the PE format
PoC a fully working PE in a tweet (encoded in a python string): "MZR\xc3"+"\0"*56+"@\0\0\0PE\0\0L\1"+"\0"*16+"\2\0\x0b\1"+"\0"*28+"@\0\1\0\0\0\1\0"+"\0"*10+"\4"+"\0"*7+"H\1\0\0G\1"+"\0"*6+"\3"+"\0"*171
source a rewrite of the PE header of Traceless demo
PoCs (2011/02) Binary corpus is a group of non malicious binaries, exhibiting various file formats, and more specifically, aspects of PE files (Formats: NE, PE, Elf, LX, LE, COM, EXE / Compilers: Digital Mars C, Lcc, Masm, Tasm, FreeBasic, FreePascal, OpenWatcom, Fasm, GoAsm...)
graphics (2010/10) PE file format (file & memory layout, headers, data directories)

misc

2014/03/12 HexII an attempt at getting a better generic binary representation
PoCs (2013/06/10) valid hand-made GIF/BMP, useable as JavaScript (commented source + binaries)
doc (2012/02/22) Opcodes' tables of Java, .Net, Android, x86 - as either compact single-page cheat sheets, or full descriptive posters.
article with PoCs (2012/03/18) curious encodings
Explaining what’s a computer virus to grandma
PoC Kernel31, a trampoline DLL to enable >XpSp3 binaries work on previous OS.
old crackmes solutions: PredatorPirupiru LilcwXor
screencast OllyDbg Tracing (easy level) setting OllyDbg as a JIT debugger, tracing, optimizing tracing, finding bug, patching, saving as a new executable
screencast reJava create a .class from scratch
PoC (2013/01/30-2013/02/16) a one-solution random labyrinth 'dumb' generator, in python (also with optimized algorithm), 16b x86 .COM in 126/122 bytes (on Pouet), GW-BASIC, Turbo Pascal 3.0 and x86 PE

PDF

article with PoCs (2011/07/12-2013/03/15) a summary of PDF tricks - encodings, structures, JavaScript... (Français 日本語)

brainteasers

page (2013/02/04) notes and hints
presentation (2013/01/16) A challenge in your pocket: an introduction to brainteasers

x86/x64 asm

article (2011/09) x86 oddities

PoC (2011/08/12) Corkami Standard Test, a PE/x86/x64 test program for your tools/emulators/skills.

article how to get the current IP
article values of general and system registers on TLS/EntryPoint/... of most Windows versions, Wine, etc..
article (2011/03/22) Calling conventions, seen from ASM
doc Opcodes (x86 & x64 simplified tables, one-liners)
related doc: a very nice and simple opcode table, by Daniel Plohmann

packers

PoCs categories: patcher, protecter, crypter, compresser, mutater, virtualizer
PoCs crypters algos: xor, prng, rc4
PoCs architectures of virtualization: standard, stack, SubLeq, TTA
source a one-file aPLib compression/decompression in python
PoCs imports loading obfuscation
PoCs string encodings
toolkit a toolkit to run drivers in user-mode, and unpack them directly from OllyDbg
doc anti-debugs
doc packers (models, categories & features, landscape, detailed features, entrypoints, algorithms)

...for more information, check the (old) blog map, and the downloads tab.