An Interview with M. Carlton from Senrio
03 Jan 2018
M. Carlton joined us to talk about being part of leading professional reverse engineering team at
Senr.io
. We discussed her Embedded Systems talk about IoT and in particular
Devil’s Ivy
(Check out the important
ROP
video to better understand the key concept ). In this particular case, they found that the M300 camera model using
GSOAP
(
SOAP
) parse for buffer overflow.
Not only did this issue allow spread quickly as a DOS among the M300 cameras but over 200 other Axis cameras (Hurray for code-reuse) due to using the third party code library.
M. uses several tools in her work:
-
IDA Pro
-
Binwalk
-
Nmap
-
Debuggers like gdb
-
Multimeters and oscilloscopes
-
VMWare
She had some excellent suggestions for improving the odds of NOT getting hacked:
-
Put a password on any consoles and let it be changeable.
-
Anticipate issues by performing security reviews.
-
Be wary of any third party libraries you use. If there are updates to these libraries, prepare to update quickly.
-
Make sure your systems are field patchable/updateable, securely.
-
Limit surface area. Limit the ability for others to analyze your system by removing/disabling consoles, UARTs, features, and JTAG interfaces.
-
Put more gates/obstacles on how easily any found exploits can be used in the system.
-
Unearth any default credentials used in your system and resolve.
In the worse case, plan in advance for a security breach to expedite deployment.
Have comments or suggestion names for us? Find us on twitter
@unnamed_show
, or email us at
show@unnamedre.com
.
Music by
TeknoAxe
(
http://www.youtube.com/user/teknoaxe
)
End of the year update
06 Dec 2017
A quick year end update and feedback show from just the hosts.
We cover the Hackaday
Superconference
where we handed out stickers (track us down to get one of the last few). Key highlights that Alvaro missed first hand were:
We talked briefly about the ask for resources for getting started on the hardware side. If you have suggestions to share, email us!
In the meanwhile
Mountain view reverse engineering
meetup is happening December 12th in the new location.
Have comments or suggested names for the show? Find us on twitter
@unnamed_show
, or email us at
show@unnamedre.com
.
Music by
TeknoAxe
(
http://www.youtube.com/user/teknoaxe
)
An Interview with Ken Shirriff
06 Nov 2017
This week we were joined by the incredible IC reverse engineer,
Ken Shirriff
. You may know him from his Hack A Day Super Conference
talk
in 2016 or his
blog
’s many posts (
Counterfeit chips
,
ARM 1 chip
, and
Sinclair Calculator
). We covered quite a number of restorations (
Visual6502 project
,
8008 microprocessor
- Ken’s restoration
details
)
He is currently working the
Xerox Alto Restoration
and we talked not only about the hardware but the microcode and software restoration. Software languages we touched on were the C predecessor,
BCPL
and object oriented language
Smalltalk
. There are number of resources out there restoring and archiving computing history:
Resources for getting started with analog circuits at transistor level:
-
“
Microelectronics Circuits
”
Sedra and Smith
(covers all your favorite circuits like current mirroring)
-
Start with die photos… analyzing is much smaller and easier
-
When finally working hands on cheap
acids
for consumer hobbyists (aka glass etchers) also work on ICs to remove layers
-
LTSpice
(circuit simulator and product that gives Jen college-aged anxiety)
HackaDay
Superconference
coming up. Everyone on the show (
here
and
here
) have spoke at this conference. Ken and Alvaro will be there!
Have comments or suggested names for the show? Find us on twitter
@unnamed_show
, or hit us up at on the
comment form
. If you still cannot find us, goto
http://unnamedre.com
An Interview with Micah Elizabeth Scott
13 Oct 2017
We spoke with Micah Scott (
@scanlime
), the original inspiration for this podcast. She gave us a rundown of her past and current projects which run the gamut of consumer toys, art installations, and telling a story through technology exploration. Her past projects include
coastemelt
,
Wacom tablet
, and
Fadecandy
.
We also talked about her challenges on
Sifteo
with limited architectures and resources. We tackled some basic computer
architecture types
.
The latest project is
Winchbot
where viewers can watch
Tuco
and the other kitties. Micah broke down reverse engineering the gimbal motors with
Sigrok
. We swapped favorite tools (
ipython
) and Jen lost a bet. You can follow Micah along on her
YouTube channel
and support her on
Patreon
.
Have comments or suggested names for the show? Find us on twitter
@unnamed_show
, or hit us up at on the
comment form
. If you still cannot find us, goto
http://unnamedre.com
You can find Jen on twitter
@rebelbotjen
and
http://rebelbot.com
as well as Alvaro (who was on
Embedded.fm
) on twitter
@alvaroprieto
and
http://alvarop.com
.
Music by
TeknoAxe
(
http://www.youtube.com/user/teknoaxe
)
Jen and Alvaro's Projects
17 Sep 2017
In this episode, Jen and Alvaro talk about some current events and some basic reverse engineering projects they’ve worked on.
Some of the topics covered were:
Radiolab
episode
Vintage computer festival
where Jen found
@foone
for all your floppy needs.
Reverse Engineering PCB’s with a synchrotron
Alvaro’s Keyboard Reverse Engineering project
but more information on HID USB is on this
page
including tools and values sent to keyboard data.
Jen’s
Hello Barbie
project <
link
> but also
Digital Dress Barbie
(Barbie’s first wearable!). Jen used the
TL866A USB Universal Minipro Programmer
Somerset Recon Barbie RE
http://binvis.io/
What is ABI? Get caught up
here
.
Getting started with Reverse Engineering? Checkout
https://challenges.re/
Have comments or suggested names for the show? Find us on twitter
@unnamed_show
, or hit us up at on the
comment form
.