Lazy-Mode RF OSINT and Reverse Engineering

Presented at TROOPERS18 (2018), March 13, 2018, 4 p.m. (Unknown duration).

Reverse-engineering wireless protocols is easier than you might think. By leveraging open-source intelligence and open-source tools, we can shortcut most of the hard work, enable lazy-mode, and spend more time thinking about what we care about - "Is this thing secure?"

Reverse-engineering wireless protocols is easier than you might think. By leveraging open-source intelligence and open-source tools, we can shortcut most of the hard work, enable lazy-mode, and spend more time thinking about what we care about - "Is this thing secure?"

This talk will demonstrate how to use existing tools to efficiently reverse-engineer wireless protocols, and will introduce a new tool for gathering device OSINT from regulatory filings.

Rather than exploring the fundamentals of how RF communications work, we will take a practical look at how we can lower the complexity of the OSINT and reverse-engineering process.

Presenters:

• Marc Newlin
  Marc is a red teamer by day, and SDR hacker by night, having disclosed wireless vulnerabilities to 21 vendors in the last two years. A glutton for challenging side projects, he competed solo in two DARPA challenges, although he never went to college. In 2013-14, Marc got into SDR by competing in the DARPA Spectrum Challenge, placing second in the preliminary tournament. In 2011, he wrote software to reassemble shredded documents, finishing the DARPA Shredder Challenge in third place out of 9000 teams.

Links:

• https://troopers.de/troopers18/agenda/eafyrq/
• https://download.ernw-insight.de/troopers/tr18/slides/TR18_NGI_BR_Lazy-Mode-RF-OSINT-and-Reverse-Engineering.pdf

Similar Presentations:

• ToorCon: Seattle 2008 / Reverse Engineering Cookbook
• ShmooCon I (2005) / Reverse Engineering for Fun and BoF It!
• DerbyCon 6.0 Recharge (2016) / Open Source Intelligence- What I learned by being an OSINT creeper