Talk Title:
Reverse engineering raw firmware: a tool to get you started
Abstract:
Starting the reverse engineering of an ELF or a firmware with a known format is relatively easy because the meta-data from the format provides useful information. Reversing a raw binary can be more challenging, especially if the loading address is a bit weird. It happens quite often during the missions we get at Quarkslab, so we developed a small tool to help us reversing raw binary firmware: binbloom.
This tool is being open-sourced, and we will present its usage during the webinar. It may help you in similar situations.
This tool is composed of several modules. Each module is in charge of a specific task
- Find the loading/base address of the firmware.
- Find the endianness.
- Find the arrays of pointers.
- Find the UDS functions (in case of an automotive firmware).
We will explain the heuristics used by each module and demonstrate their usage. If you can upload a non-sensitive raw firmware, we will pick one or two to analyze it live and see what binbloom can find on it.
Speaker Bio:
Guillaume Heilles is a security engineer at Quarkslab. He's mainly focused on hardware attacks on IoT devices, but also reverse engineering and exploitation. He has presented the Hardware CTF at hardwear.io since 2017 & talk on How to drift with any car at 3r4th CCC 2017. Performing security assessments on connected ECUs is part of his daily work.
