DEF CON Forum Site Header Art
DEF CON Forum Site Header Art


No announcement yet.

About the Demo

  • Filter
  • Time
  • Show
Clear All
new posts

  • About the Demo

    Title: ParseAndC - A Universal Parser and Data Visualization Tool for Security Testing

    Discord Channel: #dl-parse-and-c

    Location: virtual Video 1

    When: Sat 14:00 – 15:50

    Presenter(s): Parbati Kumar Manna

    Abstract: Parsing is the process of extracting the data values of various fields by mapping the data format (known) onto the datastream (known) from a certain offset (known). Parsing is often an integral part of hacking - even when we do not know the exact format of the data, we still have some vague idea, and we want to parse the data based on our assumed data format to see if our hunch is true. While it is trivial to write a parser that will output the values corresponding to the fields of a single C structure, that parser becomes useless if now we have to deal with a different C structure. A parser that can handle any and all C structures as its input is essentially a compiler, since even C header files contain enough complexity (#define constants, macros calling macros, variadic macros, conditional code via #if-#else etc., included files, packed/aligned attributes, pragmas, bitfield, complex variable declarations, nested and anonymous structure declaration etc.). This tool is capable of mapping any C structure(s) to any datastream from any offset, and then visually displaying the 1:1 correspondence between the variables and the data in a very colorful, intuitive display so that it becomes very easy to understand which field has what value. This tool is extremely portable - it is a single 800KB Python text file, supports all versions of Python, is cross-platform (Windows/Mac/Unix), and also works in the terminal /batch mode without GUI. For multi-byte datatypes (e.g. integer or float) it supports both endianness (little/big) and displays value in both decimal and Hex formats. The tool needs no internet connection and works fully offline. It is self-contained - it doesn't import almost anything, to the extent that it implements its own C compiler (front-end) from scratch!! This tool is useful for both security- and non-security testing alike (reverse engineering, network traffic analyzing, packet processing etc.). It is currently being widely used at Intel, and in the users' own words, this tool has reduced their days' work into minutes. The author of this tool led many security hackathons at Intel and there this tool was found to be very useful.

    Audience: White Hat Testing, Black Hat Testing


    Bio(s): Parbati Kumar Manna got his Bachelor of Technology from Indian Institute of Technology, Kharagpur in 1997. After spending a bit of time in the software industry, he went back to school to earn his MS and PhD in Computer Science from University of Florida in 2008. His dissertation involved the creation and detection of some of the smartest malware (particularly internet worms) that leave minimal footprint during their spread yet propagate at the maximal speed. After his PhD he joined the premier security group within Intel, working with other like-minded security researchers looking over the security of various Intel products, including hardware, firmware and software. He has published and reviewed in eminent conferences and journals.