This project is a part of my final work for CMSC388F: Functional Pearls, a Student Initiated Course (STIC) at the University of Maryland, College Park.
This project offers a parser for the Forensic Playground File Format (FPFF) in Haskell. A modified version of the specification on which this parser is based can be found here, while the original specification can be found here.
The Forensic Playground File Format (FPFF) is an open format designed to serve as a sandbox for forensics education and competition. It has three main goals:
- Resemblance. FPFF is similar to many common binary formats, making it a good tool for familiarizing students with binary layouts and parsing.
- Uniqueness. FPFF is different enough from real formats, preventing
automatic analysis with tools like
binwalk. - Flexibility. FPFF's specification is simple, making extension and modification straightforward.
The binary package is required
for running this program. This can be installed by running:
$ cabal install binaryA standalone binary can be produced by compiling src/fpff.hs.
$ ghc -o fpff fpff.hsIt can also be interpreted directly by running:
$ runhaskell fpff.hsThis program will prompt a user for a filename in the FPFF format defined in the aforementioned specification. It then prints out information as found in the file, as well as dumps any image data with their filenames being their SHA256 sum (inclusive of their proper file signatures).
An example FPFF file can be found at
examples/greetz.fpff.
Because a reference implementation is available, future course designers and CTF challenge-builders are encouraged to modify the specification.
The FPFF specification and this implementation are released under the MIT license.