SlideShare a Scribd company logo

Analysis of (unknown) file formats

Mario Suvajac, profile picture
Mario Suvajac

This document provides an analysis of various file formats. It discusses how file formats can be structured, compressed, encrypted or a combination. File formats are also categorized as being open, proprietary, or generalized container formats. The document outlines why analyzing file formats is important for anti-virus protection, computer forensics, software development and more. It describes how to analyze file formats through specifications, reverse engineering, and observation. Tips are provided for coding unpackers and validators including security risks, practical problems, and using core libraries.

TechnologySports
Related topics:
Reverse Engineering
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
ANALYSIS OF (UNKNOWN) FILE FORMATS 22nd September 2011 Mario Suvajac
Hi, I’m Mario Suvajac @msuvajac suvajac.org reversinglabs.com
FILE FORMATS http://www.tripleman.com/index.php?showimage=6
FILE FORMATS • Structured information storage/carriers – Compressed – Encrypted – All of the above
CATEGORIZATION http://www.flickr.com/photos/fotomele/1072932978
CATEGORIZATION • Availability – Open – Proprietary • Different for each information type or contained in generalized container format • Executables, archives...
Resources Overlay* UPX Overlay 1.25 Data1.cab Setup.ibt LZsetup.ibt*.* Data1.hdr Engine32.cab Layout.bin Engine32.cab Setup.exe Engine32*.* Setup.ibt Unpacked Setup.ini Setup.inx File N PE32
WHY IS ANALYSIS IMPORTANT? http://www.flickr.com/photos/marodesu/5932256377
WHY IS ANALYSIS IMPORTANT? • Writing unpackers & validators – Anti-virus protection – Computer forensics – General software development – ...
HOW TO DO IT? http://www.flickr.com/photos/karenilagan/2163284814
HOW TO DO IT? • Specifications • Reverse Engineering • Asking Please
http://www.flickr.com/photos/19666640@N00/2884433955
FILE FORMAT PATTERNS • File header – Magic – Sizes – Offsets – Algorithm ids – Block descriptors – ... • Data
ZIP FILE FORMAT
Reverse engineering http://www.tripleman.com/index.php?showimage=520
BY Just Observing • Experience based • Hex editor • Diffing’
BY Debugging • Watching reads & further data manipulation • Compression & encryption algorithms reversing
CODING TIPS http://www.flickr.com/photos/the8rgrl/4642045
CODING TIPS • Security risks • Problems in practice • corelib
THANKS, QUESTIONS?! Btw. IS HIRING

More Related Content

PDF
Anatomy of File Analysis and Decomposition Engine
Mario Suvajac
 
PPT
Digital detective game
Bill Carver
 
PPT
Network forensics1
Santosh Khadsare
 
PPTX
Network forensics and investigating logs
anilinvns
 
PPTX
Network Forensics Intro
Jake K.
 
PPTX
Activity 6 home project - ppt presentation sample
Guilherme Pedro da Silva
 
PDF
Network Forensics
Andrea Lazzarotto
 
PPT
DETECTIVE ELEMENTS
diana.koscik
 
Anatomy of File Analysis and Decomposition Engine
Mario Suvajac
 
Digital detective game
Bill Carver
 
Network forensics1
Santosh Khadsare
 
Network forensics and investigating logs
anilinvns
 
Network Forensics Intro
Jake K.
 
Activity 6 home project - ppt presentation sample
Guilherme Pedro da Silva
 
Network Forensics
Andrea Lazzarotto
 
DETECTIVE ELEMENTS
diana.koscik
 

Similar to Analysis of (unknown) file formats (20)

PPT
Encryption
Nitin Parbhakar
 
PPTX
Data Management Crash Course
Kristin Briney
 
PPTX
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
RootedCON
 
PPTX
Digital Preservation with Archivematica: An Introduction
Artefactual Systems - Archivematica
 
PPT
File Carving
Aakarsh Raj
 
PPTX
EMBA - BlackHat Middle East and Africa 2024
EMBA Firmware Analyzer
 
PDF
AntiForensics - Leveraging OS and File System Artifacts.pdf
ekobelasting
 
PPTX
Practical Data Management - ACRL DCIG Webinar
Kristin Briney
 
PDF
Why btrfs is the Bread and Butter of Filesystems
degarden
 
PDF
LinuxCon_2013_NA_Eckermann_Filesystems_btrfs.pdf
degarden
 
PDF
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
PDF
Protecting confidential files using SE-Linux
Giuseppe Paterno'
 
PPTX
Android forensics an Custom Recovery Image
Mohamed Khaled
 
PPTX
Web security
Thet Aung Min Latt
 
PPTX
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Artefactual Systems - Archivematica
 
PDF
Metasploitation part-1 (murtuja)
ClubHack
 
PPT
Guide to computer forensics and investigation.ppt
MaluOffice
 
PPT
data acquisition in computer forensics and
ssuserec53e73
 
PDF
De-Anonymizing Live CDs through Physical Memory Analysis
Andrew Case
 
PPTX
Keith Norbie Flash Storage decision methodology - mnvmug
Keith Norbie
 
Encryption
Nitin Parbhakar
 
Data Management Crash Course
Kristin Briney
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
RootedCON
 
Digital Preservation with Archivematica: An Introduction
Artefactual Systems - Archivematica
 
File Carving
Aakarsh Raj
 
EMBA - BlackHat Middle East and Africa 2024
EMBA Firmware Analyzer
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
ekobelasting
 
Practical Data Management - ACRL DCIG Webinar
Kristin Briney
 
Why btrfs is the Bread and Butter of Filesystems
degarden
 
LinuxCon_2013_NA_Eckermann_Filesystems_btrfs.pdf
degarden
 
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Protecting confidential files using SE-Linux
Giuseppe Paterno'
 
Android forensics an Custom Recovery Image
Mohamed Khaled
 
Web security
Thet Aung Min Latt
 
Do Something Now: Why Perfect is the Enemy of Good (Enough) in Digital Preser...
Artefactual Systems - Archivematica
 
Metasploitation part-1 (murtuja)
ClubHack
 
Guide to computer forensics and investigation.ppt
MaluOffice
 
data acquisition in computer forensics and
ssuserec53e73
 
De-Anonymizing Live CDs through Physical Memory Analysis
Andrew Case
 
Keith Norbie Flash Storage decision methodology - mnvmug
Keith Norbie
 
Ad

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Encapsulation theory and applications.pdf
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Cloud computing and distributed systems.
kkkkkhan
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Ad

Analysis of (unknown) file formats