ICYDK the issue 0x14 of PoC or GTFO has articles about PostScript, GIF, PDF and NES (code) hashquines by @teh_gerg, @__spq__ , @makomk, @ESultanik and @evan_teran.
github.com/angea/pocorgtf…
The issue itself is a PDF/NES hashquine. And @doegox’s small article about putting the MD5 on the front cover of the PDF via PDFLaTeX.

From a file format perspective, it's pretty cool to get different payloads - both authenticated - from the same ciphertext with different keys.

https://twitter.com/SchmiegSophie/status/1303105136974131200

It's a neat way to exploit key rotation: clean now, malicious tomorrow. Naturally, from a format perspective, it was always doable with any form of polyglots, as both formats typically don't overlap.
However, it's even more powerful: when one format is decrypted, the other format is garbled, which bypasses polyglot blacklisting (easy PDF polyglots).

When people ask me about the French language,
I tell them about "99 birds".

Why... what could go wrong?... We read 99 as 'quatre vingt dix neuf' (4 20 10 9),
because 4*20=80 and 80+10+9 = 99 ;)

yes, '4 20' is the official way in France to read "80".

In other countries, they sometimes say "80" huitante (8 = huit),
which makes sense since 60 is soixante, even in France (6 = six).

MP3 players... Cubic Players DOSAmp

Recap thread on files set I've contributed to depending on your needs.

Mocks to understand magic signatures

https://twitter.com/angealbertini/status/1288028363429486592

A polymock to demonstrate magic abuse
github.com/corkami/pocs/t…

FWIW I made a set of minimal but self-descriptive pics of common file formats.
github.com/corkami/pocs/t… PoCs, not pics.

Another trick with `file` is that the types are checked by category, so some lesser known types will be checked before the classic exploitable ones (and not in the offset order either)

check the list:
github.com/file/file/tree… The Allegro magic is first,
But the Acorn one is scanned first. (Acorn < Allegro in the alpha order)

I made a file that is wrongly detected with 29 different formats.
It's mostly empty: just a collection of magic signatures at the right offsets, no format is valid. virustotal.com/gui/file/10a3e…

The evolution of my PE101 poster. 2012/04/08
started as a hex coloring test

A thread on file abuses:
the typical goal of file abuse is to make space for your foreign data, and optionally put in another header for a different file type if you want a polyglot. A polyglot is a file containing 2+ valid formats.
If the different formats share some data (for example, a disk image with 2 different file systems for the same files), it's a chimera.

FWIW I've been using Hiew for 20+ years (at least since I worked in CPS2shock and I made CallusPatch) - speakerdeck.com/ange/preservin…
As a hex viewer, with a lot of block manipulations, macros, some scripting, plugins, higlighting... as a [fast] disassembler - by the time you release the key to launch it, you'll get a disassembly of the entry point and you can easily navigate, search string, asm patterns, swap between files.

I wanted to introduce my son to real examples from my past that have a good lesson value...
Of course, since it's about my past or their present, the only thing that has any interest are video games... So of course, we needs to understand how computer store data:
we have 5 fingers per hand, computers have 8.
github.com/corkami/pics/b…

バイナリかるた - Binary Karuta
A card game where you have to guess formats / protocols / architectures:
kozos.jp/binary-karuta/ Also a book:
amazon.co.jp/dp/4839951020/

I pushed some drawings about charsets and encodings
github.com/corkami/pics/b… ASCII (printable & full)

ICYDK I wrote an article about making SHA-1 colliding PDFs via PDFLaTeX in PoC or GTFO 18 It's readable online on the internet archive:
archive.org/stream/pocorgt…

Someone ripped the prefixes from the 'Shattered' SHA1 collision computation of 2017.
The resulting files are colliding, but aren't valid. ICYDK I provide on my collision repository a set of small colliding PoCs that you can freely re-use.
github.com/corkami/collis…

Why do I care about researching about hash collisions with MD5?
Because it's still used, and usable in sane cases. It's important to know the true impact of its attacks, and there are only 3 of them for MD5, which is not too much.
You can understand the impact without the crypto. The fastest of them gives you instantly different files with same hash, but these files won't be valid. So to get instantly a pair of valid and colliding files, you need to combine with file format tricks. And these formats tricks will likely be reusable for SHA2 or whatever.

ICYDK I made a slide deck about the basics of PDF structures.
speakerdeck.com/ange/lets-writ… Once you know the basics, you might appreciate
speakerdeck.com/ange/an-overvi…

It took a bit less than 2h to compute an MD5 hash collision on Megadrive via @makomk's Toy Collider.
(tested on MegaSg and BlastEm) @makomk FTR that's the first rom I ran on that MegaSg and that Everdrive - kids were expecting Sonic or Shinobi ;)

Thanks everyone for your moral support. I'm now doing sport daily to sleep correctly, very happy to have good moments with the kids, and actively working on our future.

My underflow certainly hurt, but now I am doing OK. One thing I learned: keeping secrets fosters manipulation and bad behavior.
I learned that myself years ago when discussing with someone external about how I was handling kids: the instant surprise made me realize that I should soften my own ways.

Explaining hacking to kids ideas...

First, you can introduce yourself.

Then point out that some first names are super short (Yu, Tim, Ed) while some are much longer (Jean-Jacques, Seraphina...) and then hint at buffer overflows. Then ask if anyone has an uncommon character in their first names... Théo, François, Iñigo, Jörg, Rafał, Øivind, Þórður...
and discuss about encodings...