Category: Reverse Engineering

• Another Chinese backdoor that isn’t

  On Thursday (Oct 4 2018) Bloomberg claims to have been informed of widespread modifications of server hardware made by Super Micro, a company that manufacturers their hardware in China. Amazon, Apple and now the US DHS and UK GCHQ have refuted their claims. Most of the claims made by Bloomberg’s intelligence sources appear to come from a […]

  cyphunk

  October 7, 2018

  Reverse Engineering

• A Terrorists Phone and Phantom Wipe

  Update2: Apple responded to a request for clarification in a rather noncommittal manner. Until they clarify or until I have a chance to test the attack I would assume it effects the current iPhone 6 hardware and possibly the to-be-released iPhone 7 hardware as well. Update: This was published only a few days before the news […]

  cyphunk

  March 25, 2016

  Reverse Engineering

• Embedded Analysis CCC Wiki

  I revived the Embedded Analysis wiki entry from 2010 and updated it for the 2014 31C3. The updated version includes some additional information: Finding JTAG by hand Based on the electrical characteristics of contact points on a target PCB one can either reduce the number of pins required for brute force scanning with JTAGEnum or […]

  cyphunk

  April 8, 2015

  Reverse Engineering, Tools

• Backdoor Silicon FUD

  Update 10/06/12: Another response from CAM gives more detail of the feature in question and claims Microsemi do not inform their customers of the fuse that disables the Internal Test mode. Microsemi implied that they do. Questions rest there. To those aware of the “backdoor silicon” paper episode I’ll summarize it in one run-on sentence: Someone mistakes undocumented JTAG instructions […]

  cyphunk

  June 8, 2012

  Reverse Engineering

• Predicting location of one hop proxy users

  Herein I will describe a simple technique that attempts to determine the location of a user in relation to their proxy. Obvious use-cases include restricting content based on location of user, augmenting existing fraud metrics for banks and online payment systems or by law enforcement. For anonymity systems this technique should exmplify why onion based routing systems […]

  cyphunk

  March 13, 2011

  Reverse Engineering, Tools

• Bincrowd communal reverse engineering framwork

  Update: link to Halvar & SP at Zynamics post and slides from CanSecWest Bincrowd, a project I had the pleasure of co-authoring with Zynamics, from conception to co-coding back-end and front-end.. Bincrowd simplifies the collaborative option in reverse engineering and brings it en masse. Any function a user has ever submitted documentation for can be […]

  cyphunk

  March 25, 2010

  Reverse Engineering, Tools