Tweet
Friday from 10:00 – 11:50 in Sunset 4 at Planet Hollywood
Audience: Offense, Defense, AppSec, Mobile, Hardware Max Compston
The ARM processor is the most prevalent processor in the world. ARM devices encompass mobile phones, network devices and appliances, and devices comprising what is now called the Internet of Things. Before April 2019, the only professional tool available for Reverse Engineering ARM processors was IDA Pro. With the release of Ghidra by the National Security Agency (NSA) to the Open Source Community this April, a professional grade Reverse Engineering tool is now available for ARM. This Demo Lab setup will include a Linux Host Laptop running Ubuntu Linux. The target system is an embedded Raspberry Pi ARM v8a running Ubuntu Linux Core. This demonstration will consist of static Reverse Engineering a demonstration Banking Application daemon using Ghidra. Static analysis of the fictitious application with this tool should reveal areas prone to PLT/GOT infection. This analysis will focus on shared libraries prone to infection. Next, an Injection / Hook program will perform Linux PTRACE Injection / Function Hooking on the Banking Application. The function hooking is based upon the results from the Ghidra analysis performed earlier. The hook function will send the user data back to our host using a method unknown to the developer of the Banking Application.
Max Compston
Max Compston is the Principal Software Engineer with Embedded Software Solutions. He has 30+ years of embedded software development experience. He has worked for 20+ years as a government defense contractor developing embedded systems. He has worked 10+ years in the commercial sector on mobile devices, network devices, network access points and IPTV set-tops. Max has a love of the outdoors. He plays tennis, hikes, bikes and is always training for his next triathlon. He has an undergraduate education in Computer Science with graduate work in Computer Security and Info Assurance.
Audience: Offense, Defense, AppSec, Mobile, Hardware Max Compston
The ARM processor is the most prevalent processor in the world. ARM devices encompass mobile phones, network devices and appliances, and devices comprising what is now called the Internet of Things. Before April 2019, the only professional tool available for Reverse Engineering ARM processors was IDA Pro. With the release of Ghidra by the National Security Agency (NSA) to the Open Source Community this April, a professional grade Reverse Engineering tool is now available for ARM. This Demo Lab setup will include a Linux Host Laptop running Ubuntu Linux. The target system is an embedded Raspberry Pi ARM v8a running Ubuntu Linux Core. This demonstration will consist of static Reverse Engineering a demonstration Banking Application daemon using Ghidra. Static analysis of the fictitious application with this tool should reveal areas prone to PLT/GOT infection. This analysis will focus on shared libraries prone to infection. Next, an Injection / Hook program will perform Linux PTRACE Injection / Function Hooking on the Banking Application. The function hooking is based upon the results from the Ghidra analysis performed earlier. The hook function will send the user data back to our host using a method unknown to the developer of the Banking Application.
Max Compston
Max Compston is the Principal Software Engineer with Embedded Software Solutions. He has 30+ years of embedded software development experience. He has worked for 20+ years as a government defense contractor developing embedded systems. He has worked 10+ years in the commercial sector on mobile devices, network devices, network access points and IPTV set-tops. Max has a love of the outdoors. He plays tennis, hikes, bikes and is always training for his next triathlon. He has an undergraduate education in Computer Science with graduate work in Computer Security and Info Assurance.
Comment