RandoriSec was proud to sponsor this year’s edition of Unlock Your Brain, Harden Your System. A security conference that took place on November 4th and 5th 2022 at Brest, France. We have attended the 5-hour workshop on Mobile Reverse Engineering with r2frida, and the conference on the following day.
During this workshop, Alex Soler Alvarez and Eduardo Novella presented a radare2 plugin that allows interacting with Frida, the popular dynamic instrumentation toolkit that is often used for mobile security research.
The two trainers were presenting some slides that explained how to use the plugin to work around commonly encountered issues when reversing mobile applications. While conducting hands-on labs, we started modifying a function argument (to printf) from a native binary that runs on an Android device, to do that, we used r2frida to attach to the remote process, some search commands to locate the argument to modify and the WX instruction to patch the code in-place.
The second part of the workshop was about iOS, we used Corellium to emulate an iOS device, we used the r2frida command
to list Objective-C classes and methods and to locate the controller we are interested in.
We noticed that the function that checks for input starts by checking if the device is jailbroken, then calls a method that performs a xor operation on a string
with 0x42 and checks it against the provided input.
We patched the jailbreak check, put a trace on an instruction where the decoded string is pointed at by a register and when we pressed “check” on the application we were able to get the string after it’s decoded.
We also experimented calling methods dynamically, bypassing method calls and playing with various aspects of binary instrumentation.
For the third part of the workshop, we had a look at the RootBeer Android library, which aims to detect root-level access on Android devices. We installed the demo application and used r2frida to bypass the available checks one by one.
The law of digital violence: self-defense and offensive action
The first speaker of the day was Marc-Antoine Ledieu, attorney and head of information systems security. His talk was about the local laws in France regarding some situations that cybersecurity professionals and amateurs often face. He explained what is punished by law, how bug-bounty programs protect security researchers, what self-defense means in the context of cybersecurity and when it’s legal, whether it’s allowed to develop or possess cyberweapons, and so on.
Ratatouille : a remote-administration tool for offensive operations
This presentation focused on a tool developed by Ayrwan Guillermo in the context of his internship at Diateam labs. It is a remote-administration tool (RAT), written in C# that works on Windows. The tool has a hidden mode that creates a second hidden desktop that allows the remote administrator to open applications and interact with the machine without being seen by the current logged-in user. The streaming was done through RTMP and a version of the tool used Twitch as a C2 server for sending the video stream.
Dumping firmware from a SATA SSD for fun & learning purpose
During this talk, Samy Lahfa went through the process of dumping the firmware of a SATA SSD. It starts by identifying the SPI chips to dump the firmware using low-cost hardware.
Cyber crisis communication: when attackers get involved and we get tangled up!
In this talk, Stéphanie Ledoux showcased the different strategies that companies follow to communicate when they get hit by cyberattacks, while giving recommendations on what not to do and the pros and cons of each approach, she also highlighted her points with examples from recent cyberattacks.