Comment by tptacek

It has been a minute since I routinely did this kind of work, but I have to mention this because it's fun:

You can do something in between reverse-engineering the code and reverse-engineering the format if you can instrument the reader: attach breakpoints on every basic block in the reader, load a file, take a baseline trace of what gets hit, then vary bytes in the file and diff the new trace against the baseline.

It's a pretty fun tool to write, too.