It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Conference:  Defcon 26



The presentation discusses the importance of reconnaissance and automation in reverse engineering and hardware hacking.
  • Reconnaissance is crucial in hardware hacking and reverse engineering
  • Automation tools like binwalk and photorec can be useful in the process
  • Qemu is a useful tool for emulating hardware and running OS on different architectures
  • Creativity is important in finding ways to attack systems
  • Hardware engineers have built interesting devices that can be exploited
  • A paperclip can be used to induce failure and bypass security measures
The speaker shares a story about intercepting communications between two sides of a PlayStation 4 attack by running PCIe over a UART at 9600 baud to watch each frame visually as it went through their entire system.


With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.



Post a comment

Related work