Jump Oriented Programming: Ethereum Smart Contract #2 – Real World CTF 2018

Jump Oriented Programming: Ethereum Smart Contract #2 – Real World CTF 2018

In the first video I talked about how I approached this challenge and some of the thoughts andideas I had.I’d like to emphasize again that I worked on this for both days of the CTF, so I cannotinclude every small detail and struggle I had, but I hope I showed the important steps.At some point […]

Continue reading

Looking at the PCB & Chips – Hardware Wallet Research #2

Looking at the PCB & Chips – Hardware Wallet Research #2

So in the previous video we talked a bit more highlevel about what a hardware wallet is,but now it’s time to have a look at the actual device. So this is the Ledger NanoS. I have to say, a pretty cool looking device.On one side it has the Ledger Logo and on thebackside it says […]

Continue reading

Threat Models – Hardware Wallet Research #1

Threat Models – Hardware Wallet Research #1

Okay sorry sorry, I know you wanna see more technical stuff, but I think it’s importantto hear a bit more about why you would even use a cryptocurrency hardware wallet and whatyou protect against.What’s your threat model.These devices promise that they are more secure than an alternative but threats are multifacetedand I want to explore […]

Continue reading

Rediscovering the f00dbabe Firmware Update Issue – Hardware Wallet Research #7

Rediscovering the f00dbabe Firmware Update Issue – Hardware Wallet Research #7

Today we will reach a milestone in this series.We will figure out how to send a malicious update, that is not signed by ledger, to thedevice.And it will persist and run.As you probably remember, early in the boot sequence of the ledger, the ledger checksthis address 0x8003000 for the magic value 0xf00dbabe.Only then it will […]

Continue reading

Basic Windows Reversing and Attacking Weak Crypto – FLARE-On 2018

Basic Windows Reversing and Attacking Weak Crypto – FLARE-On 2018

Flareon is a series of reverse engineering challenges by fireI because they want to find and hire smart individuals interested in reverse engineeringSo if you need a job just contact me and I sell you the solutions. Just kiddingI don’t know yet how far I will get as reverse engineering can be quite time-consumingAnd I […]

Continue reading