Reading Time: 3 minutes

Parse your binaries with Kaitai WebIDE

Gábor Pék (CTO, Avatao)

kaitai

Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) that help you to understand their internal structure, however, most of these tools are not generic enough and do not expose APIs or SDKs. As a result, when automated analysis is required you have to implement your own scripts to parse those binaries. It may bring you some joyful moments in the beginning, but after your third parser, you realize that this is not necessarily the thing you would like to spend your RE hours with.

    The solution is a domain-specific language

    To resolve these issues a DSL (domain-specific language) called Kaitai Struct was suggested by Mikhail Yakshin. According to the original website “Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.

    The main idea is that a particular format is described in Kaitai Struct language only once and then can be compiled with a ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file/stream and give access to it in a nice, easy-to-comprehend API.”

      webIDE for Kaitai Struct

      This sounds really good. To make your life even more easier Tamás Koczka, the ex-captain and one of the key members of the !SpamAndHex CTF team created a WebIDE for Kaitai Struct. In this way, you can generate parsers for all the file formats supported by Kaitai Struct with only a few clicks.
      Tamás also prepared some nice challenges on Avatao to help you learn the use of Kaitai WebIDE and also get a quick understanding of different file formats.

      Related Articles

      5 Steps your security program should include

      5 Steps your security program should include

      Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.

      5 Key Challenges When Building a Security Training Program

      5 Key Challenges When Building a Security Training Program

      Reading Time: 7 minutes To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).

      Getting started with Kotlin

      Getting started with Kotlin

      Reading Time: 9 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?