cons

1390 Articles

HOPE 2008: Cold Boot Attack Tools Released

July 18, 2008 by 11 Comments


The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they’ve provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They’ve also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.

Continue reading “HOPE 2008: Cold Boot Attack Tools Released”

The Trackable Last HOPE Conference Badge

July 18, 2008 by 6 Comments


While Defcon badges have taken on the habit of being hackable electronics, The Last Hope badge is taking a new shape this year. It’s dubbed the Attendee Meta-Data project (AMD for short). Aside from the tombstonian dimensions, it features a trackable RFID tag that’s going to be used to create a different sort of conference experience.

Sure, the creators might use the badges to make sure they meet all the lovely ladies in attendance, but the idea is to use the data to improve the conference experience for everyone. Attendees have the ability to add tags indicating their interests. Combine that data with actual location tracking and people can now network and interact based on what and who they’re looking for. It’s social networking coming full circle to include actual socializing.

HOPE 2008: The Impossibility Of Hardware Obfuscation

July 18, 2008 by 3 Comments


The Last HOPE is off and running in NYC. [Karsten Nohl] started the day by presenting The (Im)possibility of Hardware Obfuscation. [Karsten] is well versed in this subject having worked on a team that the broke the MiFare crypto1 RFID chip. The algorithm used is proprietary so part of their investigation was looking directly at the hardware. As [bunnie] mentioned in his Toorcon silicon hacking talk, silicon is hard to design even before considering security, it must obey the laws of physics (everything the hardware does has to be physically built), and in the manufacturing process the chip is reverse engineered to verify it. All of these elements make it very interesting for hackers. For the MiFare crack, they shaved off layers of silicon and photographed them. Using Matlab they visually identified the various gates and looked for crypto like parts. If you’re interested in what these logic cells look like, [Karsten] has assembled The Silicon Zoo. The Zoo has pictures of standard cells like inverters, buffers, latches, flip-flops, etc. Have a look at [Chris Tarnovsky]’s work to learn about how he processes smart cards or [nico]’s guide to exposing standard chips we covered earlier in the week.

Toool Picksets At The Last HOPE

July 12, 2008 by 14 Comments

Speaking of laser engraving, the blackbag blog announced that Toool has designed 2 unique picksets for The Last HOPE this year. First is the credit card sized snap-off set seen above. They have named this one The Last HOPE emergency pickset. The other pickset is a new version of the ‘double sided pick’ series. This set consists of picks with the same tool on either end, but they are sized differently. This set will contain 8 picks with promised improvements. If you are interested in more complex picks, check out the centipede.

Black Hat Hackers Face Off In Iron Chef Style Competition

July 7, 2008 by 1 Comment


Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]’s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

Recon 2008 Recap

July 3, 2008 by No comments

[Tiller Beauchamp] gave a presentation on applied reverse engineering in OS X at this year’s REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.

One of the highlights for him was Neohapsis’s [Chris Smith] discussing virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.

On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]’s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.

25th Chaos Communications Congress

July 2, 2008 by No comments


The 25th annual Chaos Communications Congress is happening December 27-30th in Berlin, Germany. They’ve just published their official call for papers. Last year’s 24C3 was incredible and we’ll take any chance we get to attend an event held by the fine folks in the CCC. We hope to see you there!

[via BoingBoing]