Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems using the project #2

Closed
knowpwr opened this issue Sep 13, 2022 · 4 comments
Closed

Problems using the project #2

knowpwr opened this issue Sep 13, 2022 · 4 comments

Comments

@knowpwr
Copy link

knowpwr commented Sep 13, 2022

Hello. I have attempted to use the project with the following file:

https://www.mediafire.com/file/mt04qhvv17a3ic7/test.bin/file

Though, it does not show any structure at all. Does the project require something to do in order for it to work?

Thanks for your time.
@kwsch
Copy link
Owner

kwsch commented Sep 13, 2022
edited
Loading

The program is a command line crawler; once the program is run, you tell it what to do.

At the moment, the commands it supports aren't documented outside of the source code. If you want to see where it is processing commands, see here.

Upon starting the program, we see it ask for us to open a file. So I tell it which file:
image

After entering some commands to try and interpret data at certain nodes, some of the structure becomes apparent:
image

The program does not make guesses as to the data structure. It's up to you to try certain field types and progressively document what each field is.

@knowpwr
Copy link
Author

knowpwr commented Sep 20, 2022

Thanks a lot for the information and for examining my file. It is much appreciated. It would be really great if you provide a guide on how to use the commands. This project is unique. There is nothing like it out there and the demand for a tool to reverse engineer FlatBuffers binary files is high. Also, if it is not too much to ask, can you explain the representation above. I am not quite sure what I am looking at. Also, is the structure in the image above exact, or it is just prediction? Lastly, I have a suggestion, if it is possible, can you offer the option to generate JSON as output.

@kwsch
Copy link
Owner

kwsch commented Sep 21, 2022
edited
Loading

I've added a wiki to describe how the program works, and a basic explanation of each command that can be entered.

https://github.com/kwsch/FlatCrawler/wiki/Commands-How-To

This program does not automatically reverse & validate a schema due to multiple interchangeable field types being valid in certain scenarios (a float is 32bit, same as an integer). It is up to the reverse-engineer to guess & check on their own; it would be a pretty big effort (logically and computationally) to guess (bruteforce) every single possible arrangement and validate the deserialized data serializes back to the input file. Plus there's so many hard-to-handle cases like unions, and inline structs that aren't currently handled by the program.

Once you have transcribed a fbs that you believe represents the serialized data, you can run the flatc compiler to try and dump json (bin+fbs->json) via flatc's command line.

@kwsch kwsch closed this as completed Sep 21, 2022
@knowpwr
Copy link
Author

knowpwr commented Oct 2, 2022

@kwsch Thanks for the wiki. Though, a use case would actually do wonders. You can offer a binary flatbuffers file and use your tool to show the reversing the process. This would actually make your repo very popular. There is not much reverse FB engineering resources out there. Anyway, it is just a thought.

Regards and thanks for your time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kwsch @knowpwr