Written by Gábor Pék
Binary analysis starts with the understanding of different file formats. Fortunately, there are several tools (e.g., CFF explorer, FileAlyzer) which help you to understand their internal structure, however, most of these tools are not generic enough and do not expose APIs or SDKs. As a result, when automated analyis is required you have to implement your own scripts to parse those binaries. It may bring you some joyful moments at the beginning, but after your third parser you realize that this is not necessarily the thing you would like to spend your RE hours with.
The solution is a domain-specific language
To resolve these issues a DSL (domain-specific language) called Kaitai Struct was suggested by Mikhail Yakshin. According to the original website “Kaitai Struct is a declarative language used for describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
The main idea is that a particular format is described in Kaitai Struct language only once and then can be compiled with a ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file / stream and give access to it in a nice, easy-to-comprehend API.”
webIDE for Kaitai Struct
This sounds really good. To make your life even more easier Tamás Koczka, the ex-captain and one of the key members of the !SpamAndHex CTF team created a WebIDE for Kaitai Struct. In this way, you can generate parsers for all the file formats supported by Kaitai Struct with only a few clicks.
Tamás also prepared some nice challenges on avatao to help you learn the use of Kaitai WebIDE and also get a quick understanding of different file formats.
How can we make security education a whole lot more accessible and fun? The tutorial framework is the answer. In this article we dive into how to create interactive learning environments running inside containers. The Phantom Menace Something is not quite right with...
Containers have been around for over a decade. Yet before Docker’s explosive success beginning in 2013 they were not wide-spread or well-known. Long gone are the days of chroot, containers are all the rage, and with them we have a whole new set of development and...
Cybersecurity: a tough reality Cybersecurity is an inherently negative asset. As with any protective measure, the major challenge is to measure the value (or Return on Investment, ROI) of cybersecurity. It is significantly more difficult to make this value apparent to...