SlideShare a Scribd company logo

Efficient Reverse Engineering of Automotive Firmware

Riscure
Riscure

The fi rmware executed by components found in a car provide a starting point for adversaries to obtain con fidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the fi rmware of an instrument cluster.

Technology
1 of 32
Download to read offline
1 Efficient Reverse Engineering of Automotive Firmware Alyssa Milburn Security Analyst, Riscure milburn@riscure.com / @noopwafel (with Niek Timmers)
2 Reverse Engineering Getting Firmware IP Tuning / manipulation Efficient Reverse Engineering of Automotive Firmware Hacking ??? Reverse Engineering Understanding
3 Automotive Firmware?
4 Instrument Cluster • Speedometer/gauges • Display (screen) • Speaker! • Blinky lights! • 32-bit CPU • CAN bus • I2C bus • EEPROM
5 How can we get the firmware? Efficient Reverse Engineering of Automotive Firmware External flash Debug interfaces Leaks Software vulnerabilities Hardware attacks
6 What makes this challenging? • “Non-standard” platforms • New concepts • Complexity Efficient Reverse Engineering of Automotive Firmware
7
8 What makes this challenging? No tools?! Let’s make some! • Static analysis (disassembly): too complicated • Dynamic analysis (emulation / debugging): no tools? Efficient Reverse Engineering of Automotive Firmware
9 What do we need? • Processor (instruction set) emulator • Timers, interrupts • CAN controller • I2C controller • EEPROM • Display controller Efficient Reverse Engineering of Automotive Firmware
10Efficient Reverse Engineering of Automotive Firmware Emulating the CPU architecture
11 “Implementing” peripherals Efficient Reverse Engineering of Automotive Firmware
12 How difficult was it? ~ 1 man-week of work ~ 3000 lines of (terrible) code (excluding support tooling) Efficient Reverse Engineering of Automotive Firmware
13 Dynamic analysis
14 Debugging Efficient Reverse Engineering of Automotive Firmware Step! Break! Watch! gdb “stub” gdb
15 Debugging (gdb) hbreak *0x11032 Hardware assisted breakpoint 1 at 0x11032 (gdb) c Continuing. 0x00011032 in ?? () (gdb) Efficient Reverse Engineering of Automotive Firmware
16 Execution tracing Efficient Reverse Engineering of Automotive Firmware
17 Execution tracing Efficient Reverse Engineering of Automotive Firmware 0x02920 0x02922 (jump) 0x02926 0x02928 0x0292c 0x02930
18 Execution tracing Efficient Reverse Engineering of Automotive Firmware 0x02920 0x02922 (jump) 0x02926 0x02928 0x0292c 0x02930
19 Execution tracing Efficient Reverse Engineering of Automotive Firmware
20 Execution tracing Efficient Reverse Engineering of Automotive Firmware
21 Hacks! Efficient Reverse Engineering of Automotive Firmware
22 Hacks! Efficient Reverse Engineering of Automotive Firmware
23 Initial state Running (booted) Send CAN message Observe CAN response State rewinding 100ms boot time Efficient Reverse Engineering of Automotive Firmware
24 Taint tracking Efficient Reverse Engineering of Automotive Firmware 1 ?? 2 ?? 3 ?? 4 ?? 5 ?? 6 ?? 7 ?? 8 ?? CAN messageData[2] = CAN.read() Data[7] = Data[2] CAN message CAN message Data[7] == Y?
25 Fuzzing Efficient Reverse Engineering of Automotive Firmware CAN message Memory Memory[5] == 0xc7? Path 1 Path 2
26 ./cc.py dcm discovery CARING CARIBOU v0.1 ------------------- Starting diagnostics service discovery Found diagnostics at arbitration ID 0x????, reply at 0x???? UDS Efficient Reverse Engineering of Automotive Firmware
27 UDS: security access Efficient Reverse Engineering of Automotive Firmware Random key Random key == calculateKey(seed)? We found calculateKey! Seed (challenge)
28 UDS: security access sending requestSeed (0x3) CAN0: RCV [id ####] 02 27 03 aa aa aa aa aa CAN0: TRQ [id ####] 06 67 03 47 2e 8e 70 aa sending sendKey CAN0: RCV [id ####] 06 27 04 41 9b 35 42 aa comparison at 0002f390 (419b3542 vs 419b3542) is tainted with 000000c0 CAN0: TRQ [id ####] 02 67 04 aa aa aa aa aa Efficient Reverse Engineering of Automotive Firmware
29 EEPROM contents Efficient Reverse Engineering of Automotive Firmware Reverse engineering is hard work! updateEEPROM(id, value) Identification (VIN) Features/ configuration (UDS) security state Odometer 
30 Takeaways Efficient Reverse Engineering of Automotive Firmware • Reverse engineering is not so hard! • Lots of other “tricks” to try: • Symbolic execution • Deobfuscation (if necessary) • Smarter fuzzing • You can’t hide secrets in firmware: • Use asymmetric cryptography (i.e. public keys) • Use the secure hardware inside modern processors
31 Thanks to… Efficient Reverse Engineering of Automotive Firmware Santiago CordobaEloi Sanfelix Ramiro Pareja
32 Challenge your security Alyssa Milburn Security Analyst, Riscure milburn@riscure.com / @noopwafel Efficient Reverse Engineering of Automotive Firmware icons8.com • Training • Tools • Services

Recommended

Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware WalletsRiscure
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
Bypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionBypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionRiscure
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsRiscure
 
Java Card Security
Java Card SecurityJava Card Security
Java Card SecurityRiscure
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 

Recommended

Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware WalletsRiscure
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
Bypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionBypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionRiscure
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsRiscure
 
Java Card Security
Java Card SecurityJava Card Security
Java Card SecurityRiscure
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCERiscure
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat Security Conference
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersAleksandr Timorin
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
Hardware Security Training By TONEX
Hardware Security Training By TONEXHardware Security Training By TONEX
Hardware Security Training By TONEXBryan Len
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Le company presentation
Le company presentationLe company presentation
Le company presentationleadembeddedsoftware
 
Functional verification techniques EW16 session
Functional verification techniques EW16 sessionFunctional verification techniques EW16 session
Functional verification techniques EW16 sessionSameh El-Ashry
 

More Related Content

What's hot

PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCERiscure
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat Security Conference
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Ollie Whitehouse
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentestersAleksandr Timorin
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityChris Sistrunk
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems qqlan
 
Hardware Security Training By TONEX
Hardware Security Training By TONEXHardware Security Training By TONEX
Hardware Security Training By TONEXBryan Len
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 

What's hot (20)

PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCE
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_fin
 
Industrial protocols for pentesters
Industrial protocols for pentestersIndustrial protocols for pentesters
Industrial protocols for pentesters
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
RSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS SecurityRSAC 2016: How to Get into ICS Security
RSAC 2016: How to Get into ICS Security
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 Networks
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devices
 
Techniques of attacking ICS systems
Techniques of attacking ICS systems Techniques of attacking ICS systems
Techniques of attacking ICS systems
 
Hardware Security Training By TONEX
Hardware Security Training By TONEXHardware Security Training By TONEX
Hardware Security Training By TONEX
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
 

Similar to Efficient Reverse Engineering of Automotive Firmware

Functional verification techniques EW16 session
Functional verification techniques EW16 sessionFunctional verification techniques EW16 session
Functional verification techniques EW16 sessionSameh El-Ashry
 
Chapter_01_See_Program_Running.pptx
Chapter_01_See_Program_Running.pptxChapter_01_See_Program_Running.pptx
Chapter_01_See_Program_Running.pptxWaleedAbdullah2k19EE
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexityasimkadav
 
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...Christopher Diamantopoulos
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesICS
 
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMDEdge AI and Vision Alliance
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsChantalWauters
 
Introduction to architecture exploration
Introduction to architecture explorationIntroduction to architecture exploration
Introduction to architecture explorationDeepak Shankar
 
Analyzing the Security of Cars Efficiently
Analyzing the Security of Cars EfficientlyAnalyzing the Security of Cars Efficiently
Analyzing the Security of Cars EfficientlyNiek Timmers
 
Ecd302 unit 01(investigate ecad systems)
Ecd302 unit 01(investigate ecad systems)Ecd302 unit 01(investigate ecad systems)
Ecd302 unit 01(investigate ecad systems)Xi Qiu
 
Understanding Modern Device Drivers
Understanding Modern Device DriversUnderstanding Modern Device Drivers
Understanding Modern Device Driversasimkadav
 
201306170 a vuk - faar industry overview
201306170 a vuk - faar industry overview201306170 a vuk - faar industry overview
201306170 a vuk - faar industry overviewkamar zinoun
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersMicroEJ
 
FPGA_prototyping proccesing with conclusion
FPGA_prototyping proccesing with conclusionFPGA_prototyping proccesing with conclusion
FPGA_prototyping proccesing with conclusionPersiPersi1
 

Similar to Efficient Reverse Engineering of Automotive Firmware (20)

Le company presentation
Le company presentationLe company presentation
Le company presentation
 
Functional verification techniques EW16 session
Functional verification techniques EW16 sessionFunctional verification techniques EW16 session
Functional verification techniques EW16 session
 
AdnanAlbujuq_2
AdnanAlbujuq_2AdnanAlbujuq_2
AdnanAlbujuq_2
 
Chapter_01_See_Program_Running.pptx
Chapter_01_See_Program_Running.pptxChapter_01_See_Program_Running.pptx
Chapter_01_See_Program_Running.pptx
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
 
OBD II Stack Solutions and Services
OBD II Stack Solutions and ServicesOBD II Stack Solutions and Services
OBD II Stack Solutions and Services
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge Devices
 
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
 
Navigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding StandardsNavigating the jungle of Secure Coding Standards
Navigating the jungle of Secure Coding Standards
 
Introduction to architecture exploration
Introduction to architecture explorationIntroduction to architecture exploration
Introduction to architecture exploration
 
Analyzing the Security of Cars Efficiently
Analyzing the Security of Cars EfficientlyAnalyzing the Security of Cars Efficiently
Analyzing the Security of Cars Efficiently
 
UNIT-III ES.ppt
UNIT-III ES.pptUNIT-III ES.ppt
UNIT-III ES.ppt
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
Ecd302 unit 01(investigate ecad systems)
Ecd302 unit 01(investigate ecad systems)Ecd302 unit 01(investigate ecad systems)
Ecd302 unit 01(investigate ecad systems)
 
Understanding Modern Device Drivers
Understanding Modern Device DriversUnderstanding Modern Device Drivers
Understanding Modern Device Drivers
 
201306170 a vuk - faar industry overview
201306170 a vuk - faar industry overview201306170 a vuk - faar industry overview
201306170 a vuk - faar industry overview
 
SoC: System On Chip
SoC: System On ChipSoC: System On Chip
SoC: System On Chip
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for Microcontrollers
 
FPGA_prototyping proccesing with conclusion
FPGA_prototyping proccesing with conclusionFPGA_prototyping proccesing with conclusion
FPGA_prototyping proccesing with conclusion
 

More from Riscure

PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyRiscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisRiscure
 
Riscure Introduction
Riscure IntroductionRiscure Introduction
Riscure IntroductionRiscure
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AESRiscure
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsRiscure
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Riscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresRiscure
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Riscure
 

More from Riscure (9)

PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysis
 
Riscure Introduction
Riscure IntroductionRiscure Introduction
Riscure Introduction
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AES
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cards
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding Countermeasures
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Efficient Reverse Engineering of Automotive Firmware