A bit of a sampler-tray to start the week off…

ImHex

I've viewed proprietary or undocumented file formats as a Rubik's-esque challenge for most of my silicon-enabled existence. When I had more free hobby time, one of my more enjoyable distractions was to make R packages (e.g. {arabia}) that revealed the seekrits of such binary blobs. Such work usually involves looking at the raw bytes of said files.

From a cybersecurity perspective, unknown binary blobs can be dangerous entities, so having tools and methods for inspecting them is paramount.

To mine hidden treasure in these opaque objects, one often turns to a hex editor/viewer, a tool that enables decoding and manipulation of the binary data that constitutes a computer file. "Hex" refers to the base 16 hexidecimal format.

As I am always on the lookout for new tools, I recently discovered ImHex [GH], a "Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM." The more serious self-description is that ImHex is a "tool to display, decode and analyze binary data to reverse engineer their format, extract information or patch values in them".

There are many such tools out there, but ImHex has some features that one generally only finds in commercial software:

What makes ImHex special is that it has many advanced features that can often only be found in paid applications. Such features are a completely custom binary template and pattern language to decode and highlight structures in the data, a graphical node-based data processor to pre-process values before they're displayed, a disassembler, diffing support, bookmarks and much much more. At the same time ImHex is completely free and open source under the GPLv2 language.

The basics are all there: string and hex search; positional bookmarks; "goto offset"; support for huge files.

On top of those, you can define C++-esque header files to enable pattern highlighting or apply "ROM diff patches" if that's your thing. Cyber folk will appreciate the built-in capability to disassemble the bytes, paired with the in-tool YARA processor to help squash malware.

With an ever-increasing library of patterns and magic support, ImHex may even be able to save you from having to do work when trying to identify gnarly files of seemingly random bits.

It also has a "low/no-code" pre-processor GUI to apply rules before diving into files.

One super neat feature is "Copy as…", which will let you select bytes in the interface and turn them into an array declaration in many programming languages, like this four-byte sequence converted to Rust:

let data: [u8; 0x04] = [ 0xD4, 0xC3, 0xB2, 0xA1 ];

The docs are great, and the program is definitely easy on the eyes (as advertised) at 0300.

Best of all, it works across all platforms, can take advantage of offloading processing to GPUs, and is actively maintained.

Share

Unimperiling Homebrew

(macOS-specific, so letter OS denizens can jump to the last section)

macOS folk reading this either use or are at least familiar with Homebrew. You are likely not aware that they recently released [direct PDF] the details of a year-ish old security audit that had a number of findings, including two "extreme" ones:

• Automatically merged pull requests on the homebrew-casks repository allow path traversal vulnerabilities in Casks that interpolate the version into the download URL.

• The review and automerge CI jobs will automatically merge pull requests, which only bump the version or alter the hash of a Cask. The validation steps on the version can be bypassed to include string interpolations, which allow code execution upon loading of the relevant Cask.

You can read the details of those and five other ones in the aforelinked PDF.

I start off with said "FYI" as a backdrop to introduce a gist-blogs/screed by Michael Lynn dubbed "brew is a bad neighbor".

In it, Michael presents a guide that discusses some additional safety and resilience shortcomings in the Homebrew world and further offers suggestions for shoring up your defenses.

It's a short/quick read and worth your time if you're wont to do the occasional brew install ….

Leave a comment

Wonder In The Woods

I keep going back to the pictures in this story and thought it'd be a good item to include to bring some joy into the beginning of the week. I'll not ruin the fine article further, save to drop the setup:

When, in 1968, Bruno Ferrin first set foot in the poplar forest on a hill near Treviso, Italy, he knew he had found a good spot. “I was looking for a way to work in my spare time,” he says. “And thought I could open a casual food stand in the woods.” Fifty-three years later, that patch of woods on Montello hill is home to something a fair bit larger and more unexpected.

How a Self-Trained Italian Blacksmith Built Himself an Amusement Park

Share

FIN

We were up in DownEast, Maine this past weekend, and the leaves are definitely beginning their colorful death march. Check out the best weeks to get out into nature and watch the kaleidoscope unfold. ☮