Jump Oriented Programming: Ethereum Smart Contract #2 – Real World CTF 2018

Jump Oriented Programming: Ethereum Smart Contract #2 – Real World CTF 2018

In the first video I talked about how I approached this challenge and some of the thoughts andideas I had.I’d like to emphasize again that I worked on this for both days of the CTF, so I cannotinclude every small detail and struggle I had, but I hope I showed the important steps.At some point […]

Continue reading

Ethereum Smart Contract Backdoored Using Malicious Constructor

Ethereum Smart Contract Backdoored Using Malicious Constructor

In this video I want to specifically talk about the interesting backdoor technique thatwas used in the Acoraida Monica smart contract, which was a CTF challenge from the Real WorldCTF finals.I have already created two videos where I go over my attempts at solving the challengeand then eventually walk through the solution.However I did not […]

Continue reading

Using z3 to find a password and reverse obfuscated JavaScript – Fsec2017 CTF

Using z3 to find a password and reverse obfuscated JavaScript – Fsec2017 CTF

So recently I was invited to give a talk at fsec in croatia.And I met some of you and that was awesome.During the conference there was also a CTF, I think all challenges were actually createdby Miroslav Stampar, the author of sqlmap.Also let’s try something new for this video.Let’s see if we can mix challenge […]

Continue reading

Looking at the PCB & Chips – Hardware Wallet Research #2

Looking at the PCB & Chips – Hardware Wallet Research #2

So in the previous video we talked a bit more highlevel about what a hardware wallet is,but now it’s time to have a look at the actual device. So this is the Ledger NanoS. I have to say, a pretty cool looking device.On one side it has the Ledger Logo and on thebackside it says […]

Continue reading

Breaking ECDSA (Elliptic Curve Cryptography) – rhme2 Secure Filesystem v1.92r1 (crypto 150)

Breaking ECDSA (Elliptic Curve Cryptography) – rhme2 Secure Filesystem v1.92r1 (crypto 150)

The first challenge I did from this competition was the secure filesystem, which we exploitedwith a hash length extension attack. And then we also solved this other crypto challenge“key server”, which was about breaking RSA signatures. So let’s continue the pathand do the last crypto challenge, I wonder what we will have to break this […]

Continue reading

Ethereum Smart Contract Code Review #1 – Real World CTF 2018

Ethereum Smart Contract Code Review #1 – Real World CTF 2018

When the CTF started we looked at the challenges and I already suspected, just because it’sin-style right now, that there could be an ethereum smart contract challenge.And there was!Acoraida Monica.So I didn’t even look at the rest and just decided to go for it.In the end I didn’t solve the challenge during the two days […]

Continue reading

Threat Models – Hardware Wallet Research #1

Threat Models – Hardware Wallet Research #1

Okay sorry sorry, I know you wanna see more technical stuff, but I think it’s importantto hear a bit more about why you would even use a cryptocurrency hardware wallet and whatyou protect against.What’s your threat model.These devices promise that they are more secure than an alternative but threats are multifacetedand I want to explore […]

Continue reading

Hardware Wallet Hack: Ledger Nano S – f00dbabe

Hardware Wallet Hack: Ledger Nano S – f00dbabe

The Ledger Nano S is a Cryptocurrency hardware wallet based on a secure element for storingcryptocurrencies, embedding a screen to check and secure digital payments.And also they have these information sheets where they proudly write: “Did you notice?There is no anti-tampering sticker on this box.A cryptographic mechanism checks the integrity of your Ledger device’s internal […]

Continue reading

Rediscovering the f00dbabe Firmware Update Issue – Hardware Wallet Research #7

Rediscovering the f00dbabe Firmware Update Issue – Hardware Wallet Research #7

Today we will reach a milestone in this series.We will figure out how to send a malicious update, that is not signed by ledger, to thedevice.And it will persist and run.As you probably remember, early in the boot sequence of the ledger, the ledger checksthis address 0x8003000 for the magic value 0xf00dbabe.Only then it will […]

Continue reading

Recover RSA private key from public keys – rhme2 Key Server (crypto 200)

Recover RSA private key from public keys – rhme2 Key Server (crypto 200)

We are going to learn about a weakness of RSA, that allows us to recover the privatekey of an admin for a ctf challenge.This will be fun.It was also the next easy challenge after the ones I solved already.If you know what you have to do, you can quickly google and find solution scripts online, […]

Continue reading