We talked to Jesse Michael (@jessemichael) and Mickey Shkatov(@hackingthings) about BIOS/UEFI reverse engineering and more!
Here’s a list of some of the things we talked about:
Eclypsium Driving Down the Rabbit Hole (DEFCON 25 talk about Nissan Leaf exploit) Intel WiGig BIOS Port 0x80 UEFI https://github.com/tianocore/edk2 for UEFI DediProg SF100(And SF600) Chip Clips chipsec UEFITool BusPirate Tigard QEMU VMWare Workstation UEFI exploitation for the masses (DEFCON 26 presentation) One Bootloader to Load Them All (DEFCON 30 presentation) BIOS Dehumidifier Function Remotely Attacking System Firmware (BlackHat 2018) Intel System Studio 2020 Intel DCI USB A/A cable for DCI Debugging Damn Vulnerable UEFI (Look out for BlackHat talk) UEFI DOOM Flappy Bird in UEFI UEFI Tetris Self-Replicating UEFI App (In 420 bytes!) System Management Interrupt Unknown Cheats Forum System Management Mode Edk-devel mailing list Xenoh Kovah’s UEFI training videos efiSeek for ghidra efiXplorer for IDA Binary Ninja Intel Management Engine me_cleaner ME analyzer (By platomav) CPUMicrocodes (By platomav) Coreboot 010 Hex Editor Stardock Fences (For Icon management) Notepad++ The Newlywed Game Streamdeck ToorcampHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Ian from DangerousPrototypes (@DangerousProto) joined us to chat about the new BusPirate 5, DirtyPCB’s, and more!
Check out this BusPirate 5 post for pictures of many things we mentioned on the show.
Ian’s Halloween onion rings (And other instructables) BusPirate Taobao Ian’s Maker Faire 2012 Video Seedstudio BusBlaster Haxelerator Bunnie’s “The Essential Guide to Electronics in Shenzen” Naomi Wu’s updated version of the guide OSHPark DirtyPCBs DirtySLA DirtyAcryllics DirtyCables Arduboy Canned Cheese (Alvaro’s recommendation) Expressway to Pleasure Hacker Camp Shenzhen PCBite PIZZAbite Sigrok Saleae Prusa MINI Flylin ConsultingHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Saknas det avsnitt?
We talked to Laurie Wired (X/Twitter, YouTube, Github) about malware reverse engineering, making youtube videos, and more! Check out her excellent series on Reverse Engineering 101 as well as her many Conference Talks.
Here are links to some other topics we covered:
Serial Experiments Lain EIEIO instruction Java Native Interface (JNI) .ipa file Virustotal MalwareBazaar RetroBar for Windows https://alula.github.io/SpaceCadetPinball/ Neon White game vx underground trivia Operation Triangulation and Video Presentation “What You Get When Attack iPhones of Researchers” Dalvik Executable Format (.dex) UPX packer Apk file Neon Genesis Evangelion XcodeGhost https://frida.re/ https://github.com/Ch0pin/medusaHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Jen and Alvaro briefly chat with Jacob Creedon outside a restaurant. Sorry for the terrible sound quality 😅! We’ll try to get back on track this year :)
ImHex - Hex editor Jacob mentioned.
Reverse Engineering the MegaII with James Lewis.
James (https://www.baldengineer.com/) joined Jen and Alvaro to chat about MegaII reverse engineering.
Here are links to some of the topics we covered:
Element 14 Presents Youtube
Hackster.io News
MegaIIe Video
Apple II Versions
Logo (Programming Language)
7400 Series Logic
PLCC Package
The MiSTer Project
Digilent Digital Discovery
Schmitt Trigger
Analog Discovery 2
Checkmate Retro Display
HP/Agilent/Keysight 17600
Silicon Valley Maps
James’ HDDG Capacitor Talk (video)
HALT Testing
Have comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
No guest this time! Jen and Alvaro catch up 😀
NOTE: Alvaro will be at CCCamp in a few weeks https://events.ccc.de/camp/2023/infos/Episode 03 - Barbies and Keyboards
Barbie Liberation Organization
Small Soldiers Movie
Toys Movie
Jumpin’ Jack Flash
Rust - I Hear People Talk About It (shirt)
Maker Faire Bay Area 2023
Alvaro’s USB Cable Tester
Book Recommendations
ARM Assembly and Reverse Engineering
Fancy Bear Goes Phishing
Fatal System Error
Murdoch’s Pirates
Cult of the Dead Cow
Past guest David teaching the first lady how to solder!
RECESSIM - Reverse Engineering News on YouTube
Excellent CAN Injection Write-up (And Great interview with Ken on The Amp Hour)
Reverse Engineering A Mysterious UDP Stream in My Hotel
Alvaro’s IR Volume Controller
Have comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Jen and Alvaro chat with Nika/ic3qu33n about 16-bit MS-DOS malware reverse engineering!
You can find Nika in the following places:
https://ic3qu33n.fyi/ https://github.com/nikaroxanne https://twitter.com/nikaroxanne https://infosec.exchange/@ic3qu33nHere are links to some of the topics we covered:
Leviathan Security Group Hardware Happy Hour (3H) San Francisco BSidesSF Presentation - MTV Reboot — my Super Sweet 16-bit malware. Mikko Hypponen Darknet Diaries - Mikko Internet Archive Malware Museum R2 IDA Rizin/Cutter (Listen to Episode 45 for more info!) Masm32 vx-underground github nasm QEMU FreeDOS bochs emulator Programming Boot Sector Games by Oscar Toledo VMware Interview with Spanska (virus author) Dark Angel’s Phunky Virus Writing Guide Tequila virus Bitsavers.org https://ic3qu33n.fyi/ (blog posts!) TSRs Screen Mode 13h Demoscene LayerOne Creeper virus Elk Cloner MTVRE Electronics Flea Market Ken Shirriff ATT 26A RECON 2023 https://ben.the-collective.net/ https://twitter.com/suidrootHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Jen and Alvaro chat with Thomas Roth (@ghidraninja on Twitter) about Airtag reverse engineering, debugging iPhones, and GameBoy RE! You can also find Thomas on his stacksmashing.net, YouTube, and @stacksmashing@infosec.exchange.
stacksmashing youtube channel Linux on iPod Airtag fault injection twitter thread Bypassing code protection on NRF52 Raspberry pi pico PIO Joe Grand wallet glitch video Wallet.fail Lennert’s Starlink terminal glitching DEFCON talk DEF CON 29 - Thomas Roth - Hacking the Apple AirTags How the Apple AirTags were hacked Hardwear.io NL 2021: Over The Air-Tag: Shenanigans With A Keyfinder by Jiska , Fabian And Thomas Kanzi Cable Bonobo Cable MFi IDBus and Lightning The Secrets of Apple Lightning - Part 1 (Video) The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking (DEF CON 30 Presentation) DCSD cable (lightning uart) Frida Saleae Openocd Tamarin Firmware Repo USB Cable Tester Picoprobe rpi2040 swd adapter Mario Kart AI training video Tetris movie Multiplayer tetris Webusb Online Multiplayer on the Game Boy (video) Gameshark Ghidra ChipSHOUTER-PicoEMP F$#k powerpoint there’s no power in the point
Here are some links to the topics we covered:Have comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
David from Cyber City Circuits (@MakeAugusta) joined us to chat about reverse engineering, manufacturing, escape rooms, and more!
Here are links to some of the topics we covered:
HackerBoxes KiCad GIMP Inkscape SVG2Shenzen TwinkleTwinkie on Twitter and Mastodon 83Redux Twitter Thread (TI-83 RE project) Sensor Watch on CrowdSupply arturo182 on Twitter and Mastodon http://datamath.org/ https://tiplanet.org/ DigiHack Thread (Digimon Reversing Project) Joe Grand’s pizza finder Joe's PCB Deconstruction Techniques YouTube Playlist electronicstwitter.com #newprop on Twitter ChatGPTHave comments or suggestions for us? Find us on Mastodon @unnamedre@infosec.exchange, Twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Note: We have 5 year anniversary T-Shirts available for sale. Order is open until Nov 28.
We chatted with Sultan Qasim Khan (github) about BLE reverse engineering, relay attacks, and more!
Libusb FTDI D2XX Motorola Mobility NCC Group Mike Ryan Ubertooth Mike’s Paper on BLE Security TI BLE sniffer Nordic BLE nRF sniffer
https://www.ellisys.com/products/bex400/ Time-of-flight 802.15z Relay attack Sniffle Presentation at Hardwear.io 2019 and blog post Sniffle Git Repo https://fortune.com/2022/05/17/tesla-hacker-shows-how-to-unlock-start-and-drive-off-with-car/ nOBEXHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Jen and Alvaro chat about the last 5 years!
Don’t forget to get past guest @TubeTimeUS’s new book Open Circuits over at https://nostarch.com/open-circuits. You can use promo code UNNAMEDRE25 to get 25% off.
Alvaro is going to be in a panel about Debugging Embedded Devices in Production on August 25th run by the awesome folks at Memfault.
Here are some links to things we mentioned:
Toorcamp Ran into past guests: Joe Grand Jared Boon Rick Altherr https://hardwear.io/ One of Alvaro’s side projects: SWD over USB-C Behind the Rind Podcast Ferrite Recording Studio (iPad) Audacity Zencastr xArm 6 Robot https://www.jencostillo.com/ Buy Jen’s NFT https://makezine.com/ Kitty Yeung Jen’s Supercon Talk Hackaday Supercon Asahi Linux (and 2022 Progress Report) Jeri’s Episode Micah’s Episode Ken Shirfiff's Episode It’s Not Magic Evil Mad Scientist Labs Windell’s interview about the book on Embedded.fmHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Mike Ryan (bluetooth.expert) joins us once again to talk SDR’s, bluetooth, and more! If you need some consulting help, you can find him at ice9.us.
Here are some links to things we talked about:
Episode with Jiska Episode with Michael Ossmann Toorcon Toorcon 13 Badge Ice9 Consulting Web of Make Believe on Netflix Caltrain MTVRE Hacking Electric Skateboards Video @ DEFCON23 Inspectrum Rapid Radio Reversing Talk by Michael Ossmann NRF24 Ubertooth CC2400 Yardstick One Waterfall display/plot OOK FSK URH Baudline GNU Radio Companion Fcc.io Alvaro’s Quadcopter Reversing (github) SMC Connector RF Attenuator RF Splitter Natalie’s webRTC talk where the fuzzer “Fred” is mentioned WirelessUSB BLE Coded PHY HOGP (HID over GATT Profile) You Can Lose in So Many Colors HackRF BladeRF USRP Polyphase channelizer Wireshark Wireshark’s extcap Kismet Dragorn Other Mike Ryans: Michael W. Ryan - Murderer Dr. Michael J. Ryan - Epidemiologist Dr. Michael J. Ryan - PaleontologistHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Special thanks to Andrea of Hardwear.io team for inviting us. We learned a ton and meet a bunch of new people while (as of this writing) stayed COVID-free.
Interviews in order:
Eric Schlaepfer - author of the new book with co-author Windell Oskay (of “Evil Mad Scientists Laboratories” fame ) “Open Circuits” on No Starch press. Notes there are PREORDER discounts. Jacob Creedon: Just before his talk… at the Mountain View Reverse Engineering Meetup. Spencer Moss from Google (I’m sure you can google the company) security engineer Ken from Somerset Recon Will McGuiness as the workshop assistant for John McMaster’s microprobing workshop. Mike Ryan: Bluetooth expert from Ice 9 Consulting and previous guest. As promised he would be on this next show… but the part2 of our RF tools with him will be the next episode.Have comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Michael Ossmann (@michaelossmann) from Great Scott Gadgets joined us to chat all things SDR, Open Source Hardware, education, and more!
Here are links to some of the topics we covered:
HackRF One Ubertooth One GreatFET One A Mathematician's Lament WEP Wep dead again article APCO P25 Ettus USRP NTLMv1 Dominic Spill GNU Radio Michael’s KiCon Talk gr-bluetooth Michael’s awesome video series on SDR http://www.nsaplayset.org/ https://en.wikipedia.org/wiki/NSA_ANT_catalog IMSI Catcher DEF CON 22 - Michael Ossmann - The NSA Playset: RF Retroreflectors https://en.wikipedia.org/wiki/The_Thing_(listening_device) Cyberspies book Samy Kamkar (Featured in Episode 41!) Rolljam Yardstick One https://github.com/nonamecoder/CVE-2022-27254 https://www.rtl-sdr.com/tesla-charging-ports-opened-with-hackrf-replay-attack/ How To Write Pop Horn Parts -
Oleg Kutkov (@olegkutkov) joined us from Kyiv to chat about Starlink reverse engineering, astrophysics, and more! Check out his awesome website for some excellent write ups on various topics.
Here are some links to the topics we covered:
Back To The Future SpaceX Starlink Phased array antenna Arecibo observatory Crimean Astrophysical Observatory Oleg's Allsky Camera Writeup Medical Research that Referenced Oleg's Writeup NASA's Spooky Space Sounds NOAA GOES Satellites https://usradioguy.com/goes-satellite-imagery-reception/ RTL-SDR HackRF ADS-B HackRF supercluster DBV-S DBV-S2 Phase Noise Starlink Patents Starlink Beacons Doppler shift NORAD’s Celestrak Low Noise Block (LNB) Starlink Dishy SpaceX's starlink-wifi github Oleg's Tesla LTE Modem Replacement Devicetree Boxee Iridium Reversing Episode Eccentric Orbits Book Saleae IDA ProUsed the following NASA recordings in the episode:
https://soundcloud.com/nasa/sun-sonification https://soundcloud.com/nasa/jupiter-sounds-2001 https://soundcloud.com/nasa/juno-crossing-jupiters-bow-shockHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Laura Abbott (website, @openlabbott) from Oxide.computer joins us to chat about reverse engineering the LPC55S69, linux kernel development, and more!
Hubris Operating System Episode with Rick Altherr Laura’s Coworker Cliff’s Website Ghidra objdump SVD Loader for Ghidra Log4j ghidra DEF CON 29 - Breaking TrustZone M: Privilege Escalation on LPC55S69 Arm TrustZone-M TrustedFirmwareM project Oxide’s ROM patch POC Code Golfing Arm assembly manual CVE-2021-31532 PhD Thesis on Linux Kernel community Video about collaboration in kernel mailing lists Episode about Containers Moving the Kernel to Modern C QEMU
Some of the topics we covered:Have comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Willem Melching(@PD0WM) joins us to chat about reverse engineering cars!
We discovered him through his excellent blog. Willem is the head of openpilot at comma.ai. They are hiring!Here are links to some of the topics we discussed:
LEGO Mindstorms PICBasic PIC Microcontroller ARM Mbed VHDL CTF Comma.ai CAN Bus Automotive ethernet CAN FD FlexRay DBC Files Opendbc The Car Hackers Handbook Hacking a VW Golf Power Steering ECU Series - https://blopart1/ Adventures with Flexray: performing a man-in-the-middle attack (Audi Q8 Hacking) Automotive Right to Repair Toyota Tech Info (for example) Unified Diagnostic Services (UDS) Comma.ai's Panda USB->CAN Tool (And Github Project) https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part1/ V850 Processor Binwalk XOR Cypher Airbus’ cpu_rec Ghidra Ghidra SLEIGH ELF File CAN Calibration Protocol Openpilot Levels of Driving Automation Consumer Reports - Active Driving Assistance Systems Tesla Rolling Stop Recall GlScopeClient (Hackaday Article) GNURadioHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Jen and Alvaro chat with Hash (@bitbangingbytes) about reverse engineering smart power meters! Check out Hash’s RECESSIM community as well as their Discord! Hash is also on TikTok @bitbangbytes.
Here are some links:
Remoticon presentation https://en.wikipedia.org/wiki/ZX81 Night rider lights Kinect reversing challenge ROS https://www.engadget.com/2010-11-29-neato-xv-11-robot-vacuum-gets-its-very-own-open-source-lidar-hac.html Tamper evident presentation by past guest Datagram! Bunnie Huang Hacking the Xbox (Available as a free PDF!) The Hardware Hacking Handbook by past guest Colin O'Flynn and Jasper van Dallas Hackers Association Geographical routing protocol GNU Radio Landis+Gyr Revelo California Blackouts + Enron Yardstick one HackRF One USRP B200 URH (Universal Radio Hacker) Baudline Inspectrum Saleae Logic Analyzers Beagle I2C/SPI Protocol Analyzer Travis Goodspeed Chris Gerlinsky (Past guest on episode 22!) Chris Tarnovsky xv11hacking.wikispaces.com (Archive.org) Precursor on CrowdSupplyHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
In this episode, we chat with @TubeTimeUS about reverse engineering sound cards, how the MOnSter 6502 came to be, the Snappy Video Snapshot, ethics in engineering, troubleshooting techniques, and much more!
Here’s a detailed list to many of the things we talked about:
Eric's Website (TubeTime.us) MoNSter 6502 PCB Reverse Engineering - Hackaday Supercon Presentation Cloning a Sound Card - Hardware.io Presentation Fermi Estimation Bunny Huang Bill Mensch NMOS logic I2C Visual6502 project Windell and Lenore from Evil Mad Scientist Laboratories Snappy Video Snapshot Saleae Excess Solutions in San Jose Electronics flea market Fry’s Electronics Winamp 555 timer kit 741 timer kit FIB Maker Faire Power line thread San Bruno gas explosion Dieselgate Technology adoption curve California public utilities commission Regulatory Capture This is How They Tell Me the World Ends Responsible disclosure Command and Control Nuclear Weapons, the Damascus Accident, and the Illusion of Safety by Eric Schlosser X-Unit Logic analyzer capture modes Ghidra IDA Radare (See Episode 45 for more details!) Cutter Hertha Ayrton Herta’s famous paper about the Arc Lamp and Negative ResistanceHave comments or suggestions for us? Find us on twitter @unnamed_show, or email us at show@unnamedre.com.
Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)
Our guest, Jiska Classen (@naehrdine) is a security researcher at University of Darmstadt (why, yes you can specialize in Security here) and focuses on reverse engineering wireless things. She is a speaker at this year’s Hardwear.io. We did a deep dive on ROM patches on Broadcom chips. You'll want to listen to this episode if you are thinking about using iOS devices for your reversing.
https://github.com/seemoo-lab/frankenstein (Jan Ruge)
https://github.com/seemoo-lab/internalblue (Dennis Mantz) - not be confused for eternal blue.
Nexmon --- Nexus monitor wifi https://github.com/seemoo-lab/nexmon
https://github.com/seemoo-lab/polypyus (Jan Friebertshäuser)
Thumbs up - ARM function identification https://karta.readthedocs.io/en/latest/Thumbs%20Up.html
Checkra1n - bootloader to jailbreak on iOS. https://checkra.in/
ToothPicker (Dennis Heinze, aka Dennis #2*) https://github.com/seemoo-lab/toothpicker
fpicker - Another/2 Dennis (Dennis Heinze) https://github.com/ttdennis/fpicker
Xnuspy https://github.com/jsherman212/xnuspy
Frida objection https://github.com/sensepost/objection
“funniest fuzzer ever wrote” (ComCenter but this has the parsing guts)
Obligatory video of AirTechno on AirTag.
AirGuard - android air tag app. https://github.com/seemoo-lab/airguard
* Sorry Dennis. You were just the second Dennis in this interview. Certainly this doesn’t reflect upon you as a person or a professional.
- Visa fler