re-lab project. formats reverse engineering: tools and results
DESCRIPTION
Insight on re-lab's reverse engineering tools and their usage to implement/improve support for proprietary file formats in your program. Progress report on latest achievements.TRANSCRIPT
RE-LAB Project
Reverse-engineering of proprietary file formats
A little shy joint efforts project of the GIMP.RU and Giadram Inc.
Alexandre Prokoudine & Valek Filippov
TOOOOLZ
OLE Toy colupatr
“I'm not a programmer”
https://gitorious.org/re-lab/
abr_struct
exp
matcap
OLE Toy
Started as a tool to research MS Publisher files
Mutated into a little monster who digested its predecessors: mfview, cdrvu, fhstruct, vsdump/vsdviewer etc.
“Supports”:
DOC
XLSPPT
WMF
EMF
PUB MDB
VSD
FH
SVM
QPW
EMF+
CDRCMX
CDW
CLP ICC
“Escher”
ZIP
VBA
CFB
CPL
WLD
OLE Toy
OLE Toy features● Search for ASCII, Unicode string or Hex value
● Copy tree path, go to leaf by path
● Scroll hexdump to addr (abs or +/-)
● Search for leaf (with ASCII/Unicode/Hex)
● Collect «dictionaries» for CDR, FH
● Specific searches for XLS and CDR
● Hints on selected bytes
● Parse some formats at selected position
colupatr
Hexviewer on ster^W LSD
Made to reduce r.engineering pains with normal hexviewers:
● Variable lengths of lines
● Comments
● CLI commands to change lines
● Parse hexdump from clipboard
YIELD
Photoshop ABR/GRD specs (Krita, SwatchBooker)
MS Publisher (98,2k-2k7) (LibreOffice GSoC 2012 Project)
Troubleshooting of XLS/WMF/EMF/CLP-related issues in LibreOffice, Gnumeric
Embroidery file formats
YIELD
MS Visio VSD specs LibreOffice GSoC 2011: libvisio
YIELD
Corel DRAW CDR LibreOffice libcdr
YIELD
Aldus/Macromedia FH fh2svg PoC
YIELD
Live demo
Q&A
Tomatoes