Reverse Engineering a Code without the Code

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration).

Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the confientiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. Thanks to a previous attack we succeeded in having access to a dump of the NVM. We try here to take advantage of the object oriented features of the platform to provide a means to speed up the reverse engineering of the dump. The idea here is to reverse engineer an algorithm without having access to the code. We have only access to the data. We use a specifially designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code. Co-authors of the publication are Abdelhak Mesbah and Mohamed Mezghiche (University of Boumerdes).


Presenters:

  • Mesbah Abdelhak - Université de Boumerdes
    Mesbah Abdelhak write about himself: I'm a PhD student with the LIMOSE research laboratory at the University of M'HAMED BOUGARA, Algeria. I received my master's degree in Software Engineering and Information Processing at the same university. My research interests focus on Attacks, the security of embedded software, Reverse Engineering as well as Security of smart card's Applications and Systems... Mr Lanet joined INRIA- Rennes Bretagne Atlantique in September 2014 to lead the High Security Labs (LHS) for a four years period. He is also Professor at the University of Limoges (2007-2014) at the Computer Science department, where he leads the team SSD (Smart Secure Device). He was also associate professor of the University of Sherbrooke and he was in charge of the Security and Cryptology course of the USTH Master (Hanoi). His research interests included the security of small systems like smart cards, but also software engineering. Prior to that, he was senior researcher at Gemplus Research Labs (1996-2007) the smart card manufacturer. During this period he spent two years at INRIA (2003-2004) as an engineer at DirDRI (Direction des Relations Industrielles) and senior research associate in the Everest team at INRIA Sophia-Antipolis. He got its Habilitation à Diriger des Recherches (HdR) during the first INRIA period. He was researcher at the Advanced Studies Labs of Elecma, Electronic division of the Snecma, now part of the Safran group. He's worked on hard real time techniques for jet engine control (1984-1995).
  • Jean-Louis Lanet - LHS INRIA
    Mesbah Abdelhak write about himself: I'm a PhD student with the LIMOSE research laboratory at the University of M'HAMED BOUGARA, Algeria. I received my master's degree in Software Engineering and Information Processing at the same university. My research interests focus on Attacks, the security of embedded software, Reverse Engineering as well as Security of smart card's Applications and Systems... Mr Lanet joined INRIA- Rennes Bretagne Atlantique in September 2014 to lead the High Security Labs (LHS) for a four years period. He is also Professor at the University of Limoges (2007-2014) at the Computer Science department, where he leads the team SSD (Smart Secure Device). He was also associate professor of the University of Sherbrooke and he was in charge of the Security and Cryptology course of the USTH Master (Hanoi). His research interests included the security of small systems like smart cards, but also software engineering. Prior to that, he was senior researcher at Gemplus Research Labs (1996-2007) the smart card manufacturer. During this period he spent two years at INRIA (2003-2004) as an engineer at DirDRI (Direction des Relations Industrielles) and senior research associate in the Everest team at INRIA Sophia-Antipolis. He got its Habilitation à Diriger des Recherches (HdR) during the first INRIA period. He was researcher at the Advanced Studies Labs of Elecma, Electronic division of the Snecma, now part of the Safran group. He's worked on hard real time techniques for jet engine control (1984-1995).

Links:

Similar Presentations: