SkyDogCon 2012 : Cryptanalysis of the enigma

At the recent SkyDogCon conference, Bob Weiss and Benjamin Gatti presented this talk analyzing Enigma, the World War II era Nazi encryption machine. The encryption theory behind Enigma is covered, including a detailed under-the-hood view of a typical device. Finally, a demo is conducted using a laptop in an effort to crack an Enigma message. […]

Video: Android app insecurity and reversing

In this just released video from the Open Web App Security Project (OWASP) AppSecUSA 2011 conference held in Minneapolis, MN, Mike Park discusses the insecurity of Android “.apk” apps and covers the ease with which Android Apps can be reversed, the ability to store sensitive data locally, and how these apps can be trojaned to […]

Reverse engineered layout of tiny TL-WR703N router

Squonk informs us that he’s reverse engineered the layout of the small TP-Link TL-WR703N 802.11n WiFi router using EagleCad. He writes: “Unlike what it is marketed for, the TP-LINK TL-WR703N is not a “3G travel router”: it does not include a 3G modem at all, it simply means that the firmware support external USB 3G […]

Hacking USB webkeys with Bus Pirate

Brad Antoniewicz has been exploring USB webkeys, the dongle devices used as marketing tools which guide Windows users to a seller’s webpage when plugged into the USB port. Essentially, webkeys function as a USB HID, emulate a keyboard and send commands stored in EEPROM to the host PC. Brad explored his webkey’s EEPROM using the […]

Reverse engineering a home security system

Ken from OverEngineered writes us about his recent efforts in reverse engineering, I recently reverse-engineered the security system installed in my house and re-implemented the control board for it using a JeeNode (arduino-compatible with on-board RFM12 radio). I created a post about the reverse-engineering here. And another post about a demo of the wireless Security […]

Atmel AT90SC3232CS smartcard destruction

Flylogic is known for their skills in reverse engineering chips. They were familiar with Atmel smartcards AT90SC3232 and AT90SC3232C and assumed that the AT90SC3232CS was similar but with an extra IO pad. They discovered the AT90SC3232CS is a completely new design based on the larger AT90SC6464C device, Get all the fascinating details on the exploration […]

Hacking the FPGA bitstream

Squok writes referring us to several documents he’s found regarding hacking the bitstream in secure FPGAs: In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature, which is advertised by manufacturers as “making it virtually impossible for […]

Oscilloscope USB connection reversed

András Veres-Szentkirályi is part of the H.A.C.K. hackerspace in Hungary. They acquired an affordable, slightly used UNI-T UT2025B digital storage oscilloscope. He wondered what useful information could be gained from sniffing the USB port using Wireshark on a Linux box. Andras writes: I managed to reverse engineer the USB connection of the Chinese digital storage […]

Facepunch Reverse Engineering Challenge #1

Facepunch is conducting a software reverse engineering contest! “The FPREC is a week long challenge where you are provided with an executable to reverse engineer. There will be a goal, such as “access this website”, or “decrypt this file”. Hopefully, there’ll be rewards. To participate, go to the Facepunch website forum and follow the instructions […]

Reprogramming USB Webkey dongle using Bus Pirate

JJShortcut took one of the webkey USB devices his school was discarding and decided to reverse engineer it. The device plugs into the USB port on a PC and when its on-board button is pushed it opens the computer’s web browser, directing the user to a specific URL. He found that the heart of the […]

Deconstructing a retail anti theft sensor device

In this short video, Jeri and company answer the age old question: what’s inside one of those anti-theft sensor alarm devices used by the big box stores? You could call this destructive reverse engineering, or literal brute forcing. It looks like the alarm is triggered by the cutting of the attached bands surrounding the package. […]

28C3: Reverse engineering USB devices

In this talk from the recent 28C3 conference in Berlin, Drew Fisher discusses the process of reverse engineering the Kinect audio protocol. He shows how the USB standard can help a reverse engineer out and proceeds to analyze a set of USB logs, finding patterns, building understanding, developing hypotheses of message structure, and eventually implementing […]

UPB home automation system clone

Arpad Toth has released the results of three years of research on the Universal Powerline Bus (UPB) home automation system. This system is widely used in Europe for control of home lighting and other applicances and appears similar to the X10 systems. Arpad’s article titled “Cloning the UPB home automation system” details the reverse engineering […]

28C3: Reverse engineering a Qualcomm baseband

At the recently concluded Chaos Communication Congress 28C3 “behind enemy lines” conference in Berlin, Germany, Guillaume Delugré presented this talk on reverse-engineering a Qualcomm baseband. Despite their wide presence in our lives, baseband chips are still nowadays poorly known and understood from a system point of view. Some presentations have highlighted vulnerabilities in GSM stacks […]

CVSD audio compression codec in an FPGA

In this video Jeri Ellsworth demonstrates her design of a Continuously Variable Slope Delta (CVSD) audio compression codec in an FPGA. She was in need of a replacement for a damaged HC-55564 IC from (where else) a pinall machine and reverse engineered the chip, coding up a replacement in a Xilinx FPGA on a Papilio […]

Nike+iPod reverse engineering (protocol too)

Dmitry Grinberg informs us of his latest project reverse engineering the Nike + iPod protocol. Basically this is a wireless protocol used by Nike to communicate data from certain shoe products to programs running on an iPod or iPhone. He says: “Nike+iPod is a very interesting piece of hardware for all kinds of reasons, not […]

Radare2 open source reverse engineering software

Radare2 is an open source tool to disassemble, debug, analyze and manipulate binary files. Edd at Canthack has posted a detailed example demonstrating use of Radare2 to reverse shellcode. You may also want to check out the Radare talks and docs pages for more information on this tool. They have a 152 page book covering […]

The US wants YOU to help verify chip integrity

The US government’s intelligence community research arm, the Intelligence Advanced Research Projects Agency or IARPA, is responsible for verifying the integrity of chips procured by the government and destined for mission critical national security applications. They are well aware that foreign suppliers can adulterate the supply of mission critical chips in various ways, including designing […]

Hacking the PIC 18F1320

Andrew “Bunnie” Huang is well known for his Xbox hacks. He wanted to try out some reversing techniques on programmed PIC 18F1320 chips he acquired in order to read the secured FLASH memory. After having the PICs commercially decapped, he analyzed the silicon under an electron microscope revealing the location of security bits relative to […]