007 - Candy Coated

An Interview with M. Carlton from Senrio


M. Carlton joined us to talk about being part of leading professional reverse engineering team at Senr.io . We discussed her Embedded Systems talk about IoT and in particular Devil’s Ivy (Check out the important ROP video to better understand the key concept ). In this particular case, they found that the M300 camera model using GSOAP ( SOAP ) parse for buffer overflow.

Not only did this issue allow spread quickly as a DOS among the M300 cameras but over 200 other Axis cameras (Hurray for code-reuse) due to using the third party code library.

M. uses several tools in her work:

  • IDA Pro
  • Binwalk
  • Nmap
  • Debuggers like gdb
  • Multimeters and oscilloscopes
  • VMWare

She had some excellent suggestions for improving the odds of NOT getting hacked:

  1. Put a password on any consoles and let it be changeable.
  2. Anticipate issues by performing security reviews.
  3. Be wary of any third party libraries you use. If there are updates to these libraries, prepare to update quickly.
  4. Make sure your systems are field patchable/updateable, securely.
  5. Limit surface area. Limit the ability for others to analyze your system by removing/disabling consoles, UARTs, features, and JTAG interfaces.
  6. Put more gates/obstacles on how easily any found exploits can be used in the system.
  7. Unearth any default credentials used in your system and resolve.

In the worse case, plan in advance for a security breach to expedite deployment.

Have comments or suggestion names for us? Find us on twitter @unnamed_show ,  or email us at show@unnamedre.com .

Music by TeknoAxe ( http://www.youtube.com/user/teknoaxe )

006 - Marketing Via Stickers

End of the year update


A quick year end update and feedback show from just the hosts.

We cover  the Hackaday Superconference where we handed out stickers (track us down to get one of the last few). Key highlights that Alvaro missed first hand were:

We talked briefly about the ask for resources for getting started on the hardware side. If you have suggestions to share, email us!

In the meanwhile Mountain view reverse engineering meetup is happening December 12th in the new location.

Have comments or suggested names for the show? Find us on twitter @unnamed_show ,  or email us at show@unnamedre.com .

Music by TeknoAxe ( http://www.youtube.com/user/teknoaxe )

005 - Circuits That Go Nowhere

An Interview with Ken Shirriff


This week we were joined by the incredible IC reverse engineer, Ken Shirriff . You may know him from his Hack A Day Super Conference talk in 2016 or his blog ’s many posts ( Counterfeit chips , ARM 1 chip , and Sinclair Calculator ). We covered quite a number of restorations ( Visual6502 project , 8008 microprocessor - Ken’s restoration details )

He is currently working the Xerox Alto Restoration and we talked not only about the hardware but the microcode and software restoration. Software languages we touched on were the C predecessor, BCPL and object oriented language Smalltalk . There are number of resources out there restoring and archiving computing history:

Resources for getting started with analog circuits at transistor level:

  • Microelectronics Circuits Sedra and Smith (covers all your favorite circuits like current mirroring)
  • Start with die photos… analyzing is much smaller and easier
  • When finally working hands on cheap acids for consumer hobbyists (aka glass etchers)  also work on ICs to remove layers
  • LTSpice (circuit simulator and product that gives Jen college-aged anxiety)

HackaDay Superconference coming up. Everyone on the show ( here and here )  have spoke at this conference. Ken and Alvaro will be there!

Have comments or suggested names for the show? Find us on twitter @unnamed_show ,  or hit us up at on the comment form . If you still cannot find us, goto http://unnamedre.com

004 - 0x0FF the Rails

An Interview with Micah Elizabeth Scott


We spoke with Micah Scott ( @scanlime ), the original inspiration for this podcast. She gave us a rundown of her past and current projects which run the gamut of consumer toys, art installations, and telling a story through technology exploration. Her past projects include coastemelt , Wacom tablet , and Fadecandy .

We also talked about her challenges on Sifteo with limited architectures and resources. We tackled some basic computer architecture types .

The latest project is Winchbot where viewers can watch Tuco and the other kitties. Micah broke down reverse engineering the gimbal motors with Sigrok . We swapped favorite tools ( ipython ) and Jen lost a bet. You can follow Micah along on her YouTube channel and support her on Patreon .

Have comments or suggested names for the show? Find us on twitter @unnamed_show ,  or hit us up at on the comment form . If you still cannot find us, goto http://unnamedre.com

You can find Jen on twitter @rebelbotjen and http://rebelbot.com as well as Alvaro (who was on Embedded.fm ) on twitter @alvaroprieto and http://alvarop.com .


Music by TeknoAxe ( http://www.youtube.com/user/teknoaxe )

003 - Barbies and Keyboards

Jen and Alvaro's Projects


In this episode, Jen and Alvaro talk about some current events and some basic reverse engineering projects they’ve worked on.

Some of the topics covered were:

Radiolab episode

Vintage computer festival where Jen found @foone for all your floppy needs.

Reverse Engineering PCB’s with a synchrotron

Alvaro’s Keyboard Reverse Engineering project but more information on HID USB is on this page including tools and values sent to keyboard data.

Jen’s Hello Barbie project < link > but also Digital Dress Barbie (Barbie’s first wearable!). Jen used the TL866A USB Universal Minipro Programmer

Somerset Recon Barbie RE

http://binvis.io/

What is ABI? Get caught up here .

Getting started with Reverse Engineering? Checkout https://challenges.re/

Have comments or suggested names for the show? Find us on twitter @unnamed_show ,  or hit us up at on the comment form .