It's Assembler, Jim, but not as we know it: (ab)using binaries from embedded devices for fun and profit

Presented at DEF CON 26 (2018), Aug. 10, 2018, noon (45 minutes)

With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for extracting relevant content from devices and exploring them.

Presenters:

• Morgan ``indrora'' Gangwere - Hacker
  Morgan is a student at the University of New Mexico where he studies an unrelated topic entirely, but does network security because it's interesting. Previously, he's spoken on subjects such as web proxies, community engagement, and typesetting. He started working with computers when he was a young child and hasn't given them up since, even if his wrists seem to disagree.

Links:

• https://defcon.org/html/defcon-26/dc-26-speakers.html#Gangwere
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Morgan Indrora Gangwere - It's Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profit.mp4
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Morgan Indrora Gangwere - It's Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profit.srt (subtitles)
• https://www.youtube.com/watch?v=IhOzBFZ3rts