
Fearsome File Formats
2024-12-28 , Saal 1
Language: English

Specifications are enough, they say…

10 years after 31c3's "Funky File Formats" …

Have things improved?

With so many open-source parsers being tested and fuzzed, and widely available specs,
what could go wrong with file formats nowadays ? Nothing to fear, right?

Let's explore even darker corners of their landscape!
Even extreme simplicity can misleadingly lead to unexpected challenges.
And at the other end of the spectrum, new complex constructs appeared over the years:
near-polyglots, timecryption, hashquines … Even AI is an element of the game now.

Let's play FileCraft, and enjoy the ride!

See also: Slides (9.1 MB)

Ange Albertini has been a reverse engineer since the 80s, and started his Infosec career as a malware analyst decades ago.
His wide knowledge of file formats is available in his hundreds of Corkami posters and visualisations, and is essential for projects like Magika, the AI-powered file type detection at Google.
His passion for retrocomputing and funky files makes him explore the darkest corners of the files landscape: bypassing security with ancient techniques, analyzing parsers and breaking them with extreme files, writing tools to evade detections via mock files or polyglots such as PoC||GTFO, exploiting AES-GCM via crypto-polyglots or colliding SHA1 via Shattered.