re-lab project. formats reverse engineering: tools and results

RE-LAB Project

Reverse-engineering of proprietary file formats

A little shy joint efforts project of the GIMP.RU and Giadram Inc.

Alexandre Prokoudine & Valek Filippov

TOOOOLZ

OLE Toy colupatr

“I'm not a programmer”

https://gitorious.org/re-lab/

abr_struct

exp

matcap

OLE Toy

Started as a tool to research MS Publisher files

Mutated into a little monster who digested its predecessors: mfview, cdrvu, fhstruct, vsdump/vsdviewer etc.

“Supports”:

DOC

XLSPPT

WMF

EMF

PUB MDB

VSD

FH

SVM

QPW

EMF+

CDRCMX

CDW

CLP ICC

“Escher”

ZIP

VBA

CFB

CPL

WLD

OLE Toy

OLE Toy features● Search for ASCII, Unicode string or Hex value

● Copy tree path, go to leaf by path

● Scroll hexdump to addr (abs or +/-)

● Search for leaf (with ASCII/Unicode/Hex)

● Collect «dictionaries» for CDR, FH

● Specific searches for XLS and CDR

● Hints on selected bytes

● Parse some formats at selected position

colupatr

Hexviewer on ster^W LSD

Made to reduce r.engineering pains with normal hexviewers:

● Variable lengths of lines

● Comments

● CLI commands to change lines

● Parse hexdump from clipboard

YIELD

Photoshop ABR/GRD specs (Krita, SwatchBooker)

MS Publisher (98,2k-2k7) (LibreOffice GSoC 2012 Project)

Troubleshooting of XLS/WMF/EMF/CLP-related issues in LibreOffice, Gnumeric

Embroidery file formats

YIELD

MS Visio VSD specs LibreOffice GSoC 2011: libvisio

YIELD

Corel DRAW CDR LibreOffice libcdr

YIELD

Aldus/Macromedia FH fh2svg PoC

YIELD

Live demo

Q&A

Tomatoes