Presented at
Summercon 2023,
July 14, 2023, 2 p.m.
(60 minutes)
We present the design and construction of a robot that reliably extracts contents of RAM of modern embedded devices at runtime. We discuss the practical engineering challenges and solutions of adapting the traditional cold-boot attack to non-removable DDR chips commonly found on modern embedded devices. Lastly, we present a practical guide to building your own cryo-mem rig from COTS parts for less than a thousand bucks.
Have you noticed that embedded hardware is getting harder to reverse? BGA chips, massively integrated packages, vertical stackups, encrypted firmware at rest, and a pinch of “no jtag or uart” has become standard fare. While these artifacts do not correlate to material improvements in device security, you can’t prove it because you can’t dump the firmware or debug the hardware. Skip the noise and change up the game. Sometimes it’s easier just to grabbing unencrypted firmware from live RAM. All you have to do is keep the chips at -50C on a running system, pull all the chips off on the same CPU instruction, slap it on an FPGA that sort of respects the DDR state machine without punching a whole in your device, or cause shorts due to condensation, and without freezing your eyebrows off. We’ll show you how to build a robot to do this in an afternoon for about a thousand dollars.
Presenters:
-
Ang Cui
Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security, a leading cybersecurity provider and research firm that specializes in the protection of embedded devices across all industries. Ang received his PhD in Computer Science from Columbia University in 2015 and was part of the Intrusion Detection Systems Lab. His doctoral dissertation, titled “Embedded System Security: A Software-based Approach”, focused exclusively on scientific inquiries concerning the exploitation and defense of embedded systems.
Ang is the creator of Firmware Reverse Analysis Konsole (FRAK) and the inventor of Software Symbiote technology, both of which enable pioneering firmware analysis and defense for embedded devices. Since founding Red Balloon Security, backed by Bain Capital Ventures, Ang continues to research and develop new technologies to defend embedded systems against exploitation. He has led development of a portfolio of embedded security solutions to harden device firmware and provide continuous runtime protection and monitoring of device firmware.
Over the course of his research, he has uncovered numerous, critical vulnerabilities within ubiquitous embedded devices such as Cisco routers, HP printers, and Cisco IP phones as well as led research efforts uncovering vulnerabilities on aerospace infrastructure, building automation systems, electrical grid devices, telecommunications equipment, and ATMs. Ang has received various awards on his work on reverse engineering commercial devices and is also the recipient of the Symantec Graduate Fellowship and selected as a DARPA Riser in 2015.
Ang is passionate about creating a team of outstanding researchers, engineers, and executives whose best ideas are enabled by innovation, creativity, and autonomy to solve the most pressing challenges.
According to Wikipedia, Dr. Cui is the Duke of Space!
As of 2023, he also has the longest Summercon bio.
Similar Presentations: