Notices by Ange (ange@mastodon.social)

This Friday, we’ll explore the Wad archive format, used in Doom.
https://www.youtube.com/live/g0VyFDYefqQ?si=4tKlJ0gQ9TVFV_Ir

What is your favorite pdf hack (not file-format based):
Change text?
Remove watermark?
Remove ads pictures on documents to print?

What's your favorite file format challenge / trick / bug / surprise / work / art ?
Bonus point if it's underrated or obscure!

My stream about crafting a PDF file from scratch is over.
https://www.youtube.com/live/q6KgFezu8tw?si=Ep9Gm-scYSr1FFcg
It was nice and chill to take the time to answer questions, thanks again for joining!

I will stream in 8h about the basics of the PDF format, teaching how to make a basic PDF from scratch.

This is an easy-level introduction to the PDF [portable document format], aimed at all audiences: infosec, but also digipres, DFIR, and others.

This will not cover complex cases, polyglots, abuses or exploit.
That will come next but this stream is the start on the topic.
The stream will be recorded and available publicly.

Some tools detect the EICAR file in Zip files by size and CRC so that it even detects it in password-protected zips without having the password.
This can of course lead to accidental or intentional FPs.

CRC-forging is also useful to collide arbitrary contents inside a ZIP archive. It makes possible re-usable and instant MD5 collisions for ZIP-based documents such as DOCX, XLSX, EPUB, XPS, 3MF.
https://speakerdeck.com/ange/inside-out-abusing-archive-file-formats

Some even detect a CRC-colliding file if there's no password.

An extreme example of a weird file construct, applicable to most formats:
a polymock, with fake file formats signatures at their correct offset.

My file formats dissection repo should be now up-to-date.
https://github.com/corkami/pics/blob/master/binary/README.md#images