@Ange

3.3K Followers
196 Following
786 Posts
Reverse engineer, file formats expert.
Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika...
Security engineer @ Google. He/him.
Githubhttps://github.com/angea
Githubhttps://github.com/corkami
Pronounshe/him
Show threadAngeMar 10
@gsuberland @azonenberg @emily indeed!
Here‘s my mirror with more info:
https://github.com/angea/pocorgtfo
GitHub - angea/pocorgtfo: a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.

a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs. - angea/pocorgtfo

GitHub
AngeDec 26
On my way #39c3 #ICE612
Show threadAngeDec 13
@azonenberg @gantua @nspace correct!
AngeDec 10
Damien GuardDec 10

Oh dear the entire https://www.lyonlabs.org site is offline *and* excluded from archive.org.

It's a massive archive of vintage and modern GEOS and C64 material a lot of it seemingly not found elsewhere.

Show threadAngeDec 6
@nspace @azonenberg all the Sha1 collisions create collision blocks with the same Xor mask. No ascii-only, no control over the collision blocks.
Show threadAngeDec 2
@damieng Absolutely. It's not just about fonts, it's about your dedication, trying to identify the games, the technical details and the graphical oddities.
Thank you for making this!
AngeNov 18
My relative is looking for a 39C3 ticket.
No scammers please ;)
Show threadAngeNov 14

To check if a file starts with MZ or GIF, just use file/libmagic.
You don't need AI or Magika for that.
TrID has a lot of heuristics, but a lot of false positives.

Magika is useful in different ways, across binary and source types, and is quite fast. But not useful against weird or adversary files.

Show threadAngeNov 14

Magika is a fast file type identifier that covers many file types, binary formats or source texts.
It's not made to detect adversarial attacks.
It's useful for different things that classic binary scanning can't do at this speed.

Magika was trained on all the file types with enough available samples.

Show threadAngeNov 14

Weird files are out of scope of Magika. It just wasn't trained on them.

It's trivial to inject some data in a file and keep it functional (w/ my tool Mitra, for example).
So take a JPG, inject a lot of JavaScript data, and ...guess what ?

Check it out: https://github.com/corkami/mitra

GitHub - corkami/mitra: A generator of weird files (binary polyglots, near polyglots, polymocks...)

A generator of weird files (binary polyglots, near polyglots, polymocks...) - corkami/mitra

GitHub