pytai-hex 0.2.8

Description:

pytaihex 0.2.8

pytai
pytai is a Python-based Kaitai Struct visualizer and Hex viewer.

Kaitai Struct is a declarative language used for describing various binary data structures laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.

Given a binary file with a supported format, pytai can be used to browse the structure of the file and locate its members in the Hex view.
Install
$ pip install pytai-hex

Alternatively, the latest stable version of pytai.pyz can be downloaded from the Releases page.
Usage
$ pytai -h
usage: pytai [-h] [-kf FORMAT] [file]

pytai: A Python-based Kaitai Struct Visualizer and HEX Viewer

positional arguments:
file Path to binary file

optional arguments:
-h, --help show this help message and exit
-kf FORMAT, --kaitai-format FORMAT
Kaitai Format to use when parsing the file. Current formats found under "kaitai/formats" are:
aix_utmp, allegro_dat, andes_firmware, android_asus_bootldr, android_dto, android_img,
android_opengl_shaders_cache, android_super, apm_partition_table, apple_single_double, au,
avi, bcd, bitcoin_transaction, blender_blend, bmp, broadcom_trx, bson, btrfs_stream,
bytes_with_io, code_6502, compressed_resource, cpio_old_le, cramfs, creative_voice_file, dbf,
dex, dicom, dime_message, dns_packet, doom_wad, dos_datetime, dos_mz, ds_store, dune_2_pak,
edid, efivar_signature_list, elf, ethernet_frame, exif, ext2, fallout2_dat, fallout_dat,
ftl_dat, genmidi_op2, gettext_mo, gif, gimp_brush, glibc_utmp, gltf_binary, google_protobuf,
gpt_partition_table, gran_turismo_vol, gzip, hashcat_restore, hccap, hccapx, heaps_pak,
heroes_of_might_and_magic_agg, heroes_of_might_and_magic_bmp, icmp_packet, ico, id3v1_1,
id3v2_3, id3v2_4, ines, ipv4_packet, ipv6_packet, iso9660, java_class, jpeg, luks, lvm2, lzh,
mach_o, mac_os_resource_snd, magicavoxel_vox, mbr_partition_table, microsoft_cfb,
microsoft_network_monitor_v2, microsoft_pe, minecraft_nbt, monomakh_sapr_chg, mozilla_mar,
msgpack, nitf, ogg, openpgp_message, packet_ppi, pcap, pcf_font, pcx, pcx_dcx,
phar_without_stub, php_serialized_value, png, protocol_body, psx_tim, python_pickle,
python_pyc_27, quake_mdl, quake_pak, quicktime_mov, rar, regf, renderware_binary_stream,
resource_fork, riff, rtcp_payload, rtpdump, rtp_packet, ruby_marshal, saints_row_2_vpp_pc,
shapefile_index, shapefile_main, sqlite3, ssh_public_key, standard_midi_file, stl, sudoers_ts,
swf, systemd_journal, tcp_segment, tga, tls_client_hello, tr_dos_image, tsm, ttf,
udp_datagram, uefi_te, uimage, utf8_string, vdi, vfat, vlq_base128_be, vlq_base128_le,
vmware_vmdk, vp8_ivf, warcraft_2_pud, wav, websocket, windows_evt_log, windows_lnk_file,
windows_minidump, windows_resource_file, windows_shell_items, windows_systemtime, wmf, xwd,
zip, zx_spectrum_tap

Examples:
$ pytai
$ pytai ../../image.png
$ pytai ../../image.png -kf png
$ python3 ./pytai.pyz ../../archive.zip -kf zip
$ python3 __main__.py ../../program.exe -kf dos_mz

Screenshots
Main Window

Marking Elements


Metadata Members
These are members that are inferred from the binary contents (usually a user-friendly display for explicit data).

Cross References
It's possible to right-click an area in the Hex output and locate its logical structure in the structure tree.

Similar Tools

Kaitai Struct: Visualizer: Text-based visualizer written in Ruby
Kaitai Web IDE: A browser-based visualizer
Kaitai Struct: Visualization GUI Tool: GUI visualizer written in Java
Binary Ninja UI Plugin: A GUI plugin for Binary Ninja
Kaitai Struct VSCode: Extension for VS Code
Hobbits: Multi-platform GUI for bit-based analysis, processing, and visualization
PolyFile: A utility to identify and map the semantic structure of files

Find more tools under Awesome Kaitai or angea's 'Hex Viewers and Editors' list.
Requirements

Python3.8+ with tkinter

Formats
The supported formats were taken from the Kaitai Struct format gallery repo and compiled to Python using the Kaitai Struct Compiler.
Adding Support for New Formats


Create or download a format definition (*.ksy file) using the Kaitai Struct language


Install the Kaitai Struct Compiler


Compile the format definition file:
ksc --target python --debug --import-path /path/to/imports/if/needed /path/to/format.ksy


Copy the output file (*.py) to the pytai/kaitai/formats subfolder.


Known Limitations

No ability to interactively edit files (not a Hex editor, just a viewer).
Currently no special optimizations implemented in order to handle very large files.
Structure offsets are based on output from Kaitai. Kaitai doesn't fully support bit-field offsets, and therefore the GUI cannot accurately mark bit-field members.

Contributions
Contributions in the form of pull requests, comments, suggestions and issue reports are welcome!
As a general guideline, this project attempts to minimize the amount of external dependencies which it relies on. The preference of the project is to avoid adding external dependencies except for cases which involve complex logic that can be significantly simplified using a popular package.