Gábor Pék (CTO, Avatao)
Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) that help you to understand their internal structure, however, most of these tools are not generic enough and do not expose APIs or SDKs. As a result, when automated analysis is required you have to implement your own scripts to parse those binaries. It may bring you some joyful moments in the beginning, but after your third parser, you realize that this is not necessarily the thing you would like to spend your RE hours with.
The solution is a domain-specific language
To resolve these issues a DSL (domain-specific language) called Kaitai Struct was suggested by Mikhail Yakshin. According to the original website “Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
The main idea is that a particular format is described in Kaitai Struct language only once and then can be compiled with a ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file/stream and give access to it in a nice, easy-to-comprehend API.”
webIDE for Kaitai Struct
This sounds really good. To make your life even more easier Tamás Koczka, the ex-captain and one of the key members of the !SpamAndHex CTF team created a WebIDE for Kaitai Struct. In this way, you can generate parsers for all the file formats supported by Kaitai Struct with only a few clicks.
Tamás also prepared some nice challenges on Avatao to help you learn the use of Kaitai WebIDE and also get a quick understanding of different file formats.
Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.
Reading Time: 6 minutes To build an enterprise security program, one has to go back to the well-known fundamentals of organizational change: People, Process, and Technology (originates from Harold Leavitt’s “Applied Organization Change in Industry”, 1964).
Reading Time: 10 minutes If you are working on Java projects you might have heard about other languages that run on the JVM, like Clojure, Kotlin, or Scala. Programmers like to try new things out but is it worth it to pick one of them over Java?