By: Mikhail Yakshin

Scheduled on: January 29 at 11:00

Kaitai Struct is the new declarative language and a free/open source toolset to aid “black box” reverse engineering of unknown file formats, network protocols and basically all other forms of binary data.

The basic idea is simple: a reverse engineer creates declarative format spec in Kaitai Struct language (.ksy), which can be rapidly checked against target binary files (or network captures) using our visualization tools. This enables the engineer to bring forth lots of conjectures and check them quickly, concentrating only on those that will prove to be valid. When the job is done, .ksy spec can be compiled to a ready-made parsing library in one of 8 supported target languages: C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby, or converted into human-readable format diagram (powered by GraphViz).

Kaitai Struct language is pretty powerful: it can be used to describe fairly complex data structures like file systems, data containers, media formats, disassemble bytecode, and do lots more.

The presentation will cover origin of the idea, compare various existing approaches to file format reversing problem, explain pros and cons, and give introduction to Kaitai Struct language, showcasing some reverse engineering techniques using it.