Drop file here
Fork me on GitHub

Check out Summit Route for end-point protection.

About

IceBuddha is an open-source (MIT license) hex viewer and generic binary file parser that runs in the browser.

See an example.

Why?

I wanted to test the limits of what was possible in the browser from a static site. Because all the files are static (no database, and no server-side functionality) IceBuddha is hosted on github pages.

Ridiculous things IceBuddha does

  1. "Submitted" files are not uploaded anywhere. Everything happens in your browser locally.
    If you're concerned, you can clone and host this project locally by running it in a simple web server, such as using "python -m SimpleHTTPServer" in the folder you clone the repo to.
  2. Files are parsed via >Python scripts that define the structure of the files. The python is converted to Javascript in your browser via the skulpt library. By clicking on the "Parse as" tab when you drop a file, you can see this Python code. You can then edit it, and your file will parsed again immediately using your new code. Again, this is all happening entirely in your browser without hitting the server.
  3. You can take your python parse scripts, and run them directly on files to generate JSON data, without using your browser, as explained here

Similar projects/products

010 editor: Windows & Mac (commercial), odd format for binary templates to parse files, but looks similar to C structs and is often referenced.
Synalize It!: Mac only (commercial); XML based grammar format which means limited capability for more advanced binary file formats.

File parsing

IceBuddha can parse a few of the main structures in the following file types:
  1. PE files (.exe, .dll, .sys)
  2. GIF image files
  3. Mach-O (Mac OS X files)

Expanding and adding your own file parsing

File types are automatically identified in drop.js via the function "ChooseParseScript". Look at pe.py to see an example of how files are parsed.
  1. Change the PE in the line ib = icebuddha.IceBuddha(filedata, "PE") to be name of your file type.
  2. The line imageDosHeader = ib.parse(0, "IMAGE_DOS_HEADER", """ creates a structure at offset 0 with name IMAGE_DOS_HEADER. Then the next lines in that file describe what is in that structure.
  3. Known variable types are:
    1. BYTE, CHAR, and anything unknown: 1 byte
    2. WORD: 2 bytes
    3. DWORD: 4 bytes
    4. ULONGLONG: 8 bytes
    You can also create arrays such as WORD e_res2[10];
  4. ib is the root object, so we then append imageDosHeader to that. Later we append objects to imageDosHeader
  5. The line e_lfanew = imageDosHeader.getInt("e_lfanew") gets the value of PE.IMAGE_DOS_HEADER.e_lfanew in the file it parses, and sets the variable e_lfanew which is then used as the offset in the next line.
  6. Usually you can specify an offset simply by using something like imageNtHeader.end() to specify the end of the previous object.
  7. To describe a bit field, you can look at what I did for dllCharacteristics.
  8. Finally, you just need to return everything with the lines return ib.getParseTree() and parser = Parse()
  9. You can have loops, other functions, and other logic in your code, as shown in gif.py.
  10. You can also describe what a value means as shown with the function setMeaningFromConstants in the file mach_o.py
  11. You can set the endianness as shown with setBigEndian in the file mach_o.py

Project status

IceBuddha is mostly abandoned (last update on 2014-11-13). It does a lot of stuff, but a lot of things are impossible for a webapp based on static files (ex. saving files).

This was my first javascript project. The codebase is not pretty.