2026-07-01 –, Amphitheater 122
If you want to understand binary code, you first need to disassemble and decompile it. But to do that, you must know the target architecture the code was built for. Think of it like using Google Translate: if you feed a Spanish text but tell the tool it’s German, the English output will be complete nonsense. The same is true for machine code: the wrong architecture produces garbage.
When working with executable file formats such as ELF, Mach-O, or PE, this information is conveniently stored in file metadata. That is how your favorite disassembler knows what to do. With raw binary files, however, there is no metadata. Just raw bytes. And that makes architecture detection much harder.
In this rump I'll present a machine learning approach using classifiers to train a model capable of identifying architecture from binaries in less than a second, with a model weighting less than 10MB, that's correct 95% of the time over all 28 architecture variants it supports. I'll present our approach and how you can reproduce it using open source tools such as sklearn.
Quentin Kaiser is a former penetration tester turned binary analysis nerd. He is currently the Lead Security Researcher at ONEKEY, where he focuses on binary exploitation of embedded devices and large-scale bug-finding automation across firmware corpora.
As part of his work, he maintains the firmware extraction tool unblob among other open-source tools such as jefferson, ubi-reader, or sasquatch.
He has published extensive research on offensive security for eCOS and maintains https://ecos.wtf
, a resource hub dedicated to eCOS exploitation. He also (infrequently) updates his blog at https://quentinkaiser.be.