Drop file here

Description

IceBuddha is an open-source hex viewer and generic binary file parser that runs in the browser. Drag and drop a Windows executable file onto this page to see it in action.

Why?

I wanted to leverage the HTML5 FileReader capability, to do something interesting, in this case to perform analysis locally (entirely client-side). No bandwidth problems for me and no privacy concerns from you of uploading data to my server, because it doesn't happen.

Goals

1. To become the goto tool for binary analysis. Next time FireEye publishes an article like "More Phish", instead of their screenshot of 010 editor, I want to see a screen shot of IceBuddha.
2. To crowd-source help in creating parse scripts for different formats. This means I need to make a great tool people want to use, make a parsing language that is easy to use, and create the back-end support so people can easily share their parsers. When something like Stuxnet comes out and people want to look at the .lnk files, I want them to use IceBuddha to create the parse scripts.

Read more about IceBuddha in my post on http://0xdabbad00.com/icebuddha-generic-file-parser/.

Similar projects/products

010 editor: Windows & Mac (commercial), odd format for binary templates to parse files, but looks similar to C structs and is often referenced.
Synalize It!: Mac only (commercial); XML based grammar format which means limited capability for more advanced binary file formats.

Status

Last update: 2012-11-21
IceBuddha is in active development, but somewhat in a proof-of-concept stage now. There is still a lot of functionality lacking and some bugs.