Ringzer0 - Reverse Engineering With Ghidra

RTOS Reverse Engineering

4 Day u_long 32 CPE Hour Training: January 2021

FEB 2-7 [click for important details]

Abstract

This training will teach students how to analyze real time operating systems deployments. The training will focus on concepts from open source operating systems, where the most context is available, then transition the lessons learned to closed source third-party deployments with an emphasis on VxWorks based products.

The training will focus predominately on the ARM architecture with cameos from others as circumstances allow.

Students will learn about challenges solved by forward engineering teams and use that information to make informed conclusions when reversing.

Students will learn about security technology in embedded products including Cryptographic Security Modules (CSMs) and Memory Protection Units (MPUs).

The course is primarily hands-on-keyboard exercises rather than lecturing, but will introduce diagrams and theory as needed. The entire class will regularly sync up as a group to discuss concepts, problems, and solutions.

Course Topics

Real Time Operating System Concepts

with examples from:

Forward Development Concepts

Embedded development life-cycle
Chip capabilities and selection
Memory management

QEMU

Emulating "full" computer systems
Debugging and run-time introspection
Challenges associated with "re-hosting" deployments found in the wild

Reverse Engineering Challenges

Separating operating system code from application code
Data reconstruction
Reversing unknown APIs
Automatically identifying standard library functions
Static identification of ABIs

Tooling

Writing Loader and Analyzer plugins for Ghidra to create a more familiar analysis environment and accelerate reverse engineering.

Prerequisites

Students are expected to have experience programming in C or C++, and basic knowledge of the Linux command line. Prior experience with reverse-engineering is nice to have, but not required.

System Requirements

Computer capable of running a virtual machine. Recommended minimum 16GB RAM with quad-core processor. VMWare or VirtualBox to run a Linux VM (all exercises will be in the Linux VM)

Evan Jensen

Evan Jensen (@jensensec) is the co-founder and CTO of the Boston Cybernetics Institute (BCI), where he splits his time between performing security assessments, developing capabilities, and teaching. Evan has conducted training workshops on reversing and exploitation at many universities, including BU, RPI, NYU, MIT, Tufts, and West Point. He has also presented and taught at hacker conferences including ShmooCon, REcon, Ringzer0, and Hack in the Box. Before co-founding BCI, Evan worked in the Cyber System Assessments Group at MIT Lincoln Laboratory and on Facebook's redteam. He has a BS in computer science from NYU Tandon School of Engineering.

FEB 2 Tuesday	Live Lecture (2h)
	Office Hours (2h)
FEB 3 Wednesday	Live Lecture (2h)
	Office Hours (2h)
FEB 4 Thursday	Live Lecture (2h)
	Office Hours (2h)
FEB 5 Friday	Live Lecture (2h)
	Office Hours (2h)
FEB 6 Saturday	Live Lecture (2h)
	Office Hours (2h)
FEB 7 Sunday	Live Lecture (2h)
	Office Hours (2h)

8 am - 10 am	US Pacific Time
11 am - 1 pm	US Eastern Time
4 pm - 6 pm	UK
5 pm - 7 pm	CET

11 am - 1 pm	US Pacific Time
2 pm - 4 pm	US Eastern Time
7 pm - 9 pm	UK
8 pm - 10 pm	CET