SlideShare une entreprise Scribd logo

INSIDE ARM-X - Countermeasure 2019

Saumil Shah
Saumil Shah

The closest you will get to a VM for testing IoT devices. The ARM-X IoT Firmware Emulation Framework is a tried-and-tested framework which has led to four 0-days discovered on SoHo routers, IP cameras and VoIP exchanges. In this talk, I shall cover the evolution of ARM-X, demonstrate a few use cases and discuss future directions of IoT firmware emulation.

Technologie
1  sur  35
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 INSIDE SAUMIL SHAH @therealsaumil 7 November 2019 COUNTERMEASURE|2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Great insight into embedded hardware by trying to emulate it.
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Inside an IoT device…
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram …same same but different
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 ARM-X Architecture
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 ARM-X Architecture
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Starting an ARM-X device
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 2 - Booting the device Kernel
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Kernel and hostfs ready hostfs NFS /armx
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 3 - ARM-X Userland
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 4 - nvram and userland init
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram nvram and userland init scripts conf conf init scripts libnvram
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram init scripts Services Apps libnvram ARM-X: Device "booted up" x x x x conf conf
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 5 - ARM-X hostfs/debug Shell
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 How to add a new device to ARM-X BUILDROOT Firmware image
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 1: Web/FTP site
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 2: Hidden UART interfaces Vcc (+3.3V) GND TX/RX GND
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Serial Console - working
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 3: Take it directly from the chip!
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 DEMO TIME!
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 HERE BE THE GOODS Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil IP Camera CTF Challenge - blog.exploitlab.net
NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Thank you and … QUESTIONS? @therealsaumil COUNTERMEASURE|2019

Recommandé

INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
AWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG KobeAWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG Kobe崇之 清水
 
3D Project network
3D Project network3D Project network
3D Project networkAdrian Barker
 
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistribution
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistributionUSB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistribution
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistributionNaoto MATSUMOTO
 
On the verification of configurable nocs in simulation and hardware emulation...
On the verification of configurable nocs in simulation and hardware emulation...On the verification of configurable nocs in simulation and hardware emulation...
On the verification of configurable nocs in simulation and hardware emulation...Sameh El-Ashry
 
Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Liz Warner
 

Recommandé

INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
AWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG KobeAWS ロボを作ろう JAWSUG Kobe
AWS ロボを作ろう JAWSUG Kobe崇之 清水
 
3D Project network
3D Project network3D Project network
3D Project networkAdrian Barker
 
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistribution
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistributionUSB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistribution
USB 3.0 CAPTURE HDMI 4K with Loop-through for Image redistributionNaoto MATSUMOTO
 
On the verification of configurable nocs in simulation and hardware emulation...
On the verification of configurable nocs in simulation and hardware emulation...On the verification of configurable nocs in simulation and hardware emulation...
On the verification of configurable nocs in simulation and hardware emulation...Sameh El-Ashry
 
Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Easing the Path to Network Transformation - Network Transformation Experience...
Easing the Path to Network Transformation - Network Transformation Experience...Liz Warner
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
 
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC..."Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...Edge AI and Vision Alliance
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
 
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric CaspoleHSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric CaspoleAMD Developer Central
 
Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019Arun Gupta
 
AWS SAM でLambda開発
AWS SAM でLambda開発AWS SAM でLambda開発
AWS SAM でLambda開発虎の穴 開発室
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19Daisuke Morishita
 
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...AMD Developer Central
 
Final lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tbFinal lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tbr Skip
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitAmazon Web Services
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side SwiftCiprian Redinciuc
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...KTN
 
IBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World ScenariosIBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World ScenariosJoe Cropper
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019Timothy Spann
 
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...Amazon Web Services
 
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...Seval Çapraz
 
Low code & technology stacks.
Low code & technology stacks.Low code & technology stacks.
Low code & technology stacks.Daniel Le Couilliard
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywhereGlobal Knowledge Training
 
The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 

Contenu connexe

Similaire à INSIDE ARM-X - Countermeasure 2019

Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
 
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC..."Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...Edge AI and Vision Alliance
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
 
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric CaspoleHSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric CaspoleAMD Developer Central
 
Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019Arun Gupta
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19Daisuke Morishita
 
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...AMD Developer Central
 
Final lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tbFinal lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tbr Skip
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitAmazon Web Services
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side SwiftCiprian Redinciuc
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...KTN
 
IBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World ScenariosIBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World ScenariosJoe Cropper
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSAmazon Web Services
 
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019Timothy Spann
 
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...Amazon Web Services
 
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...Seval Çapraz
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywhereGlobal Knowledge Training
 

Similaire à INSIDE ARM-X - Countermeasure 2019 (20)

Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC..."Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
"Efficient Deployment of Quantized ML Models at the Edge Using Snapdragon SoC...
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
 
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric CaspoleHSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
HSA-4024, OpenJDK Sumatra Project: Bringing the GPU to Java, by Eric Caspole
 
Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019Machine Learning using Kubernetes - AI Conclave 2019
Machine Learning using Kubernetes - AI Conclave 2019
 
AWS SAM でLambda開発
AWS SAM でLambda開発AWS SAM でLambda開発
AWS SAM でLambda開発
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
 
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
Spring Boot and Spring Cloud Inside NissanConnect at SPRING FEST '19
 
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
Keynote (Dr. Lisa Su) - Developers: The Heart of AMD Innovation - by Dr. Lisa...
 
Final lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tbFinal lisa opening_keynote_draft_-_v12.1tb
Final lisa opening_keynote_draft_-_v12.1tb
 
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS SummitGetting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
Getting Started with ARM-Based EC2 A1 Instances - CMP302 - Anaheim AWS Summit
 
The state of server-side Swift
The state of server-side SwiftThe state of server-side Swift
The state of server-side Swift
 
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
Digital Security by Design: Imperas’ Interests - Simon Davidmann, Imperas Sof...
 
IBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World ScenariosIBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
IBM Cloud Private and IBM Power Systems: Overview and Real-World Scenarios
 
Modern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECSModern-Application-Design-with-Amazon-ECS
Modern-Application-Design-with-Amazon-ECS
 
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
IoT Edge Data Processing with NVidia Jetson Nano oct 3 2019
 
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
Amazon EC2 A1 instances, powered by the AWS Graviton processor - CMP303 - San...
 
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
GPU-Accelerated Route Planning of Multi-UAV Systems Using Simulated Annealing...
 
Low code & technology stacks.
Low code & technology stacks.Low code & technology stacks.
Low code & technology stacks.
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
 

Plus de Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopSaumil Shah
 

Plus de Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great Again
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation Workshop
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

INSIDE ARM-X - Countermeasure 2019

  • 1. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 INSIDE SAUMIL SHAH @therealsaumil 7 November 2019 COUNTERMEASURE|2019
  • 2. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 # WHO AM I Saumil Shah CEO, Net Square @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Introducing ARM-X • An ARM Firmware Emulation Framework. • Ultimate Goal - create an IoT VM! • A Virtual IoT device makes for easy – runtime analysis – reverse engineering – fuzzing – exploit development • Great insight into embedded hardware by trying to emulate it.
  • 4. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 5. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 6. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Inside an IoT device…
  • 7. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 CPU and Hardware Kernel Drivers File System nvram User Processes API UI libnvram …same same but different
  • 8. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 compressed FS CPU Kernel Boot Loader mounted FS nvram init scripts Services Apps libnvram The IoT Boot Up Process conf conf conf conf firmware Loads Kernel. Uncompresses FS to ramdisk, invokes init process. ramdiskuserland Reads config from nvram. Builds system config files on the fly. Starts up system services. Invokes Applications and Application services. READY POWER ON
  • 9. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers uncompressed Filesystem emulated nvram init scripts Services Apps libnvram Emulation: Goals and Challenges x x x x BUILDROOT Match the kernel with the one on the device chroot environment Implemented as an INI file, preloaded before "boot up" conf conf Fix to match QEMU environment Not all drivers load successfully
  • 10. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 ARM-X Architecture
  • 11. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 ARM-X Architecture
  • 12. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Starting an ARM-X device
  • 13. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 14. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 2 - Booting the device Kernel
  • 15. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 16. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Kernel and hostfs ready hostfs NFS /armx
  • 17. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 3 - ARM-X Userland
  • 18. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 19. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 4 - nvram and userland init
  • 20. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram nvram and userland init scripts conf conf init scripts libnvram
  • 21. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 22. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 QEMU CPU and Limited Hardware Kernel Drivers NFS /armx emulated nvram init scripts Services Apps libnvram ARM-X: Device "booted up" x x x x conf conf
  • 23. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 24. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 5 - ARM-X hostfs/debug Shell
  • 25. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019
  • 26. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 How to add a new device to ARM-X BUILDROOT Firmware image
  • 27. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Obtaining the Firmware Firmware rootfs Firmware .bin file rootfs+nvram Serial Console Direct from Flash memory
  • 28. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 1: Web/FTP site
  • 29. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 2: Hidden UART interfaces Vcc (+3.3V) GND TX/RX GND
  • 30. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Serial Console - working
  • 31. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 # cat /proc/partitions major minor #blocks name 31 0 256 mtdblock0 31 1 64 mtdblock1 31 2 64 mtdblock2 31 3 1472 mtdblock3 31 4 128 mtdblock4 31 5 64 mtdblock5 31 6 2048 mtdblock6 31 7 32768 mtdblock7 31 8 30975 mtdblock8 31 9 131072 mtdblock9 31 10 98304 mtdblock10 Firmware Extraction # cat /proc/mtd dev: size erasesize name mtd0: 00040000 00010000 "u-boot" mtd1: 00010000 00010000 "devconf" mtd2: 00010000 00010000 "devdata" mtd3: 00170000 00010000 "mydlink" mtd4: 00020000 00010000 "langpack" mtd5: 00010000 00010000 "nvram" mtd6: 00200000 00010000 "flash" mtd7: 02000000 00020000 "upgrade" mtd8: 01e3ffa0 00020000 "rootfs" mtd9: 08000000 00020000 "nflash" mtd10: 06000000 00020000 "storage" dd if=/dev/mtdblock8 …
  • 32. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 3: Take it directly from the chip!
  • 33. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 DEMO TIME!
  • 34. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 HERE BE THE GOODS Downloads: https://armx.exploitlab.net/ ! Announcements: @therealsaumil IP Camera CTF Challenge - blog.exploitlab.net
  • 35. NETSQUARE (c) SAUMIL SHAHCOUNTERMEASURE | 2019 Thank you and … QUESTIONS? @therealsaumil COUNTERMEASURE|2019