This assignment has one part. It is due by 3/15/18 at 11:59PM. To submit your work, please post either a public note or a link to your publicly available writeup on Piazza.
There will be a late penalty of 5% per day late!
In this part, you are tasked with writing a parser for a novel binary format: FPFF. You can find the FPFF spec here. You will then use your parser to analyze a FPFF file (foo.fpff), and report the information you find within it.
Perform the following tasks:
-
Develop the parser, using both the specification and
foo.fpfffor reference.stub.pycontains the beginnings of a Python parser, if you'd like to develop in Python (2). -
Parse
foo.fpff, and report the following information:- When was
foo.fpffgenerated? - Who authored
foo.fpff? - How many sections does
foo.fpffsay it has? How many sections are there really? - List each section, giving us the data in it and its type.
- Report the two flags hidden in
foo.fpff, and the one flag on the web referenced byfoo.fpff.
- When was
- Make sure to submit all of the code you write, even if based on
stub.py! - Don't worry about implementing 100% of the specification. Your parser will only be tested on
foo.fpff, and any section types that do not appear infoo.fpffwill not be tested for.
Part 1 is worth 100 points, broken down between the parser (50 points) and analysis (50 points).
Remember to document your steps for maximum credit!
Look at the Forensics I and II slides for guidance.
If you're using Python, Ruby, or another scripting language, check out the pack and unpack
methods:
- Python 2 -
struct - Python 3 -
struct - Ruby -
Array#packandString#unpack