Showing Posts About
Reverse Engineering
-
Alex Pettifer Miłosz Gaczkowski - 6 Feb 2024
Multiple vulnerabilities in eLinkSmart padlocks
Multiple vulnerabilities were found in the eLinkSmart smart lock range. Flaws in the implementation of the locks' Bluetooth Low Energy (BLE) communication and the back-end API enable an attacker to unlock any lock within Bluetooth range, identify the location of any lock in the world, and compromise user credentials. This blog post describes the vulnerabilities, as well as the process followed to identify them, and demonstrates the issues in action.
-
Jake LaBelle - 27 Apr 2021
Heavy Metal Debugging
This article provides a detailed walkthrough of reverse engineering and debugging techniques on IBM zOS using the TSO TEST debugger. A vulnerable C program with a buffer overflow vulnerability is analyzed through low-level assembly language examination. The guide covers compiling, running, and debugging a sample program on the zOS mainframe environment, demonstrating techniques for finding passwords and exploiting buffer overflow vulnerabilities.
- Oliver Simonnet
- 21 Oct 2020
GWTMap - Reverse Engineering Google Web Toolkit Applications
GWTMap is a novel tool for reverse engineering Google Web Toolkit (GWT) applications. The tool extracts and maps service method endpoints from obfuscated client-side code across different GWT versions. It enables cybersecurity professionals to generate example GWT-RPC request payloads and analyze the attack surface of GWT-based web applications.
- 8 Nov 2018
Intro to Binary Analysis with Z3 and angr
A workshop presentation introduces binary analysis techniques using Z3 and angr for security professionals. The presentation covers SMT solvers and their applications in reverse engineering and vulnerability research. Sample code and labs are provided to help participants understand and apply SMT solving techniques.
- Piotr Osuch
- 16 Sep 2016
H-field electromagnetic sniffing
An electromagnetic side-channel attack technique using a custom H-field sensor is demonstrated to sniff secret information from electronic devices. The method involves capturing electromagnetic emissions during data transmission using off-the-shelf components like a shielded-loop antenna, low-noise amplifier, and software-defined radio. By processing the captured signals through cross-correlation and statistical analysis, hidden serial communication data can be successfully extracted.
- 24 Jun 2016
Don't Try This at Home: Decapping ICs With Boiling Acid.
A technical blog post details the process of decapping integrated circuits using boiling nitric and sulphuric acids. The technique involves dissolving the epoxy packaging to expose the silicon chip inside. Decapping can be used for identifying counterfeit chips, resetting lock bits, and performing hardware reverse engineering.
- 19 Apr 2016
Heap tracing with WinDbg and Python
This article demonstrates how to use Python and PyKd to create WinDbg scripts for heap tracing in Windows. The script hooks memory allocation functions like RtlAllocateHeap and RtlFreeHeap to log heap operations. The technique allows visualization of memory allocation patterns and can support exploit development by providing insights into heap behavior.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: 99 Problems but a Microkernel ain't one!
This presentation explores security research on the QNX microkernel operating system used in critical systems like automotive and consumer devices. The talk examined QNX's security architecture through reverse engineering and fuzzing techniques. The goal was to provide insights into QNX subsystems and potential attack surfaces for privilege escalation.
- Alex Plaskett Georgi Geshev
- 16 Mar 2016
QNX: Security Architecture Whitepaper
A whitepaper by Alex Plaskett and Georgi Geshev examines the security architecture of QNX, a microkernel operating system. The document explores key operating system features and potential attack vectors against QNX-based platforms. The research identifies security weaknesses and suggests opportunities for further investigation into the QNX platform's security.
- 8 Mar 2010
Video: How To Be An RSol: Effective Bug Hunting in Solaris - ShmooCon 2010
A video from ShmooCon 2010 presents a Ruby-based Solaris debugging library. The presentation includes a video and slides discussing the library and its proof-of-concept tools. Materials from the talk are available online for review.
- 5 Mar 2010
Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Matt Hillman presented a research talk at ShmooCon 2010 about Solaris bug hunting techniques. The presentation demonstrated a Ruby-based debugging interface for Solaris that enables advanced software testing methods. The tool supports fault monitoring, code coverage, run tracing, code profiling, and fault injection.
- 18 Jan 2010
Solaris Debugging and Bug Hunting at ShmooCon 2010
Matt Hillman introduces RSol, a Ruby-based debugging tool for Solaris at ShmooCon 2010. The tool explores the effectiveness of DTrace for bug hunting and reverse engineering compared to traditional debugging techniques. RSol aims to become a comprehensive suite that combines debugging and DTrace-based methods.