What’s common in Oracle and Samsung? They tried to think differently about crypto.

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 28, 2013, 10 a.m. (50 minutes)

The Android phone makers do everything to customize their devices just make sure they are different. Samsung changed something important under the hood. Samsung thinks differently about the android device encryption. In the presentation we show what Samsung changed in their flagship phones compared to vanilla android firmware. We show how you can get the clear text encryption key through adb and not just that. We cannot make a presentation without Oracle hacking, so we show how they tried to think differently and it is also crypto related.

Of course everything will be demonstrated and the tools will be released.

Presenters:

• Ferenc Spala
  Ferenc worked as a security consultant for 6 years. He gave several talks on Hungarian and international itsec conferences and workshops. He is also the member of Hacktivity program committee. The story of Hacktivity started in 2003 when a group of security experts were looking for a forum to meet and share experience and has become the largest and oldest independent Hungarian ethical hacker event. He is former blogger of a Hungarian IT security blog called “Alice and Bob”. He reported several vulnerabilities in different software such as IBM Cognos Business Intelligence. Well received presentation at Derbycon 2.0: Think differently about database hacking http://soonerorlater.hu/index.khtml?article_id=517″
• László Tóth
  László has more than 10 years experience in information security (penetration testing, security audit, incident response). As a researcher his focus is Oracle Database security. He published several research papers and tools in this subject. László is the developer of the woraauthbf tool, which was one of the fastest Oracle password crackers at the time of its release. He also released several unique research papers about vulnerabilities of the Oracle authentication protocols and post-exploitation techniques. His name was mentioned in several CPUs released by Oracle. You can check out the technical deepness of his presentations at www.soonerorlater.hu: Well received presentation at Derbycon 2.0: Think differently about database hacking http://soonerorlater.hu/index.khtml?article_id=517 Own research results on Oracle native authentication http://www.soonerorlater.hu/index.khtml?article_id=511 First description of the Oracle native authentication protocol of Oracle 11g http://www.soonerorlater.hu/index.khtml?article_id=512 Worauthbf which was the fastest oracle password bruteforcer at the time of the publishing http://www.soonerorlater.hu/index.khtml?article_id=513 Own research results on Oralce authentication downgrading and publishing the tool pytnsproxy http://www.soonerorlater.hu/index.khtml?article_id=514 Own research results on oracle post exploitation and TDE (Transparent Database Encryption) http://www.soonerorlater.hu/index.khtml?article_id=516 Own research result on post exploitation of oracle and oradebug http://www.soonerorlater.hu/download/hacktivity_lt_2011_en.pdf

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Samsung Pay: Tokenized Numbers, Flaws and Issues
• Black Hat Asia 2015 / Resurrecting the READ_LOGS Permission on Samsung Devices
• TROOPERS17 (2017) / Samsung Pay: Tokenized Numbers, Flaws and Issues