Parse your binaries with Kaitai WebIDE

Gábor Pék (CTO, Avatao)
kaitai
Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) that help you to understand their internal structure, however, most of these tools are not generic enough and do not expose APIs or SDKs. As a result, when automated analysis is required you have to implement your own scripts to parse those binaries. It may bring you some joyful moments in the beginning, but after your third parser, you realize that this is not necessarily the thing you would like to spend your RE hours with.

    The solution is a domain-specific language

    To resolve these issues a DSL (domain-specific language) called Kaitai Struct was suggested by Mikhail Yakshin. According to the original website “Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.

    The main idea is that a particular format is described in Kaitai Struct language only once and then can be compiled with a ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file/stream and give access to it in a nice, easy-to-comprehend API.”

      webIDE for Kaitai Struct

      This sounds really good. To make your life even more easier Tamás Koczka, the ex-captain and one of the key members of the !SpamAndHex CTF team created a WebIDE for Kaitai Struct. In this way, you can generate parsers for all the file formats supported by Kaitai Struct with only a few clicks.
      Tamás also prepared some nice challenges on Avatao to help you learn the use of Kaitai WebIDE and also get a quick understanding of different file formats.

      Share this post on social media!

      Related Articles

      JWT handling best practices

      JWT handling best practices

      The purpose of this post is to present one of the most popular authorization manager open standards JWT. It goes into depth about what JWT is, how it works, why it is secure, and what the most common security pitfalls are.

      Ruby needs security

      Ruby needs security

      Every year, Ruby is becoming more and more popular thanks to its elegance, simplicity, and readability. Security, however, is an issue we can’t afford to neglect.

      Python best practices and common issues

      Python best practices and common issues

      Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.