DeepSec 2021 Talk: Firmware Surgery: Cutting, Patching and Instrumenting Firmware for Debugging the Undebuggable – Henrik Ferdinand Nölscher

Sanna/ October 20, 2021/ Conference

Embedded systems can be challenging to analyze. Especially on automotive systems, many things that we take for granted on other software such as debugging and tracing do not always work. This is further complicated by watchdogs and peripheral processors, that go haywire when strict timing and communication requirements are violated. On some systems, debugging is even impossible because debugging resources such as pins are either used for something else or they don’t exist at all! Assuming that code can be dumped, the solution for this can be emulation, however emulating a rich automotive system can be painful and many times, only few aspects of the system can be sufficiently modeled. What if there was an in-between? How can we debug, fuzz and tamper embedded firmware without access to real-time debugging or emulation? In this

Read More

Talk: Intelligent Bluetooth fuzzing – Why bother?

René Pfeiffer/ September 21, 2011/ Conference, Security

Bluetooth devices and software implementations have been a fruitful playground for security researchers for years. You probably remember the PoC code from the trinifite.group and other bugs dragged out into the open. Riding public transport often led to Bluetooth scanning with tools such as Blooover. But that’s all past and gone. Software has evolved. Developers have learned. Modern quality assurance won’t let this happen again. Sadly this is fiction. Tommi Mäkilä has some stories to share about the state of Bluetooth: „Bluetooth robustness is wretched, no surprise there. Bluetooth test results from plugfests show 80% failure rate, eight out of ten tests end with a crash. It is not pretty, it is sad and frustrating. For a moment, few years back, there seemed to be light at the end of the tunnel: the failures

Read More