Reverse Engineering and Exploit Development For Embedded Systems

Ali Abbasi

News

Bug Credits for Zero-days

Written on 26.09.23 (last change on 20.09.24) by Simon Wörner

Hi,

I've added a note field for your GitHub account / name so we can credit you for the found bugs when we do the cumulated reporting.
If you found bugs and want to be credited please enter a GitHub account / your name / a nickname until the end of the week.

 

Simon

Grades are out - The End

Written on 25.09.23 by Ali Abbasi

Hi,

The final grades are out in the CMS. You can see it in the Tests And Exams section.

Thank you, everybody, for attending this course and for the fantastic work you have done throughout the course. I was impressed by all of you.

I hope you continue the great work you are doing in the… Read more

Hi,

The final grades are out in the CMS. You can see it in the Tests And Exams section.

Thank you, everybody, for attending this course and for the fantastic work you have done throughout the course. I was impressed by all of you.

I hope you continue the great work you are doing in the future. If you need a recommendation or are looking for a Job/Ph.D. position, please let me know, and I will personally vouch for each of you.

 

Cheers,

Ali

PS: As mentioned before, there will be prizes for the top 3 students. Due to delivery issues, I will hand in awards during the System Security lecture in October. I will contact you individually once I have delivery information for the prizes.

 

 

Winter is Coming....Exam Date

Written on 20.09.23 by Ali Abbasi

Hi Everybody,

Here is just a reminder that your exam date is approaching. Regarding the time, here is the time each of you take the exam:

 

13:00 to 13:30: Lorenz

13:30 to 14:00: Tristan

14:00 to 14:30: Ulysse

14:30 to 15:00: Raoul

15:00 to 15:30 Addison

 

Fabian and… Read more

Hi Everybody,

Here is just a reminder that your exam date is approaching. Regarding the time, here is the time each of you take the exam:

 

13:00 to 13:30: Lorenz

13:30 to 14:00: Tristan

14:00 to 14:30: Ulysse

14:30 to 15:00: Raoul

15:00 to 15:30 Addison

 

Fabian and Florian:

14:00 to 15:00 21st September.

 

Location:

CISPA C0 building room 2-16

 

 

Remember to submit your reports beforehand and bring your laptop.

Note: Those who will have the exam tomorrow (Fabian and Florian) should be able to share their screen on their computer.

 

We will try to have a hand-in prize date. It depends on CISPA procurement. If they are fast and prizes are delivered on time, the top 3 students will get their awards from the ZF. Otherwise, we have to delay the award date.

 

Cheers,

Ali

 

Reminder on Exam Registration

Written on 17.09.23 by Ali Abbasi

Hi,

This is a reminder that you should register for the exam by the end of today.

 

Cheers,

Ali

 

Exam Registration

Written on 13.09.23 by Ali Abbasi

Hi,

Please make sure to register for the exam before 18th September.

 

Cheers,

Ali

 

Updated Diffs for embed OS Build

Written on 11.09.23 (last change on 11.09.23) by Tobias Scharnowski

Hi everyone,

we updated the patches for the embed OS target to remove hard-to-triage interactions between the emulator and the target.

  1. Please re-download the floating point patch mbed_disable_hard_floats.diff
  2. Please also apply the second patch mbed_fix_invalid_CONTROL_write.diff

Regards,

Tobi

Final Project Target 1

Written on 08.09.23 (last change on 10.09.23) by Simon Wörner

Hi,

 

just to make sure there is no confusion: The first target is BLE_GAP of mbed-os-example-ble (Day 7 Task 2), to enable fuzzing be sure to apply the software floating point patch (mbed_disable_hard_floats.diff).

 

Regards,
Simon

Day 9 Submission Extension

Written on 07.09.23 by Simon Wörner

Hi,

we extended the submission deadline of day 9 to Sunday 23:59.

 

Simon

Order of Presentation

Written on 04.09.23 by Ali Abbasi

Hi,

The order of presentation for tomorrow is the following:

1. Avatar 2: A multi-target orchestration platform.", 2018
2. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, NDSS 2018
3. Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented… Read more

Hi,

The order of presentation for tomorrow is the following:

1. Avatar 2: A multi-target orchestration platform.", 2018
2. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, NDSS 2018
3. Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, Usenix Sec 2019
4. HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation, Usenix 2020
5. PartEmu: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation, Usenix 2020
6. DICE: Automatic emulation of dma input channels for dynamic firmware analysis, IEEE S&P, 2021
7. What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation, CCS 2022
8. Hoedur: Embedded Firmware Fuzzing using Multi-Stream Inputs, Usenix Sec 2023
9. Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation, Usenix Sec 2023

Day 6 Submission Form

Written on 04.09.23 by Ali Abbasi

Hi,

Day 6 Submission Form is now available.

 

Ali

SDCard Reader

Written on 31.08.23 by Ali Abbasi

Hi,

For tomorrow's practical session, please have an SDCard reader with you.

 

Cheers,

Ali

 

Selecting the paper

Written on 28.08.23 by Ali Abbasi

Hi,

To select the paper for 10 mins presentation, here is the forum link:

 

https://cms.cispa.saarland/emsecexpdevs2023/forum/viewtopic.php?t=1

 

Cheers,

Ali

 

Software/Hardware Requirement

Written on 23.08.23 by Ali Abbasi

Hi Everybody,

We are getting close to the start day of our course. I wanted to give you some heads-up about the location and some requirements.

 

Requirements:

1. Please Bring a Laptop with you. It should be a Linux machine, preferably Ubuntu. Please also install Linux build environment… Read more

Hi Everybody,

We are getting close to the start day of our course. I wanted to give you some heads-up about the location and some requirements.

 

Requirements:

1. Please Bring a Laptop with you. It should be a Linux machine, preferably Ubuntu. Please also install Linux build environment for it. You should have an SSH client installed on it.

2. Please have a USB hub for 4th and 5th course day (next week, Thursday and Friday).

 

Important Note: If you use a pacemaker or any other medical device sensitive to electrical interference, please inform us ASAP.

 

Location:

The course location will be in CISPA main building, room 0.01. We will start every day at 10:00 AM and have lectures until 12:00. We will have lunch time between 12:00 and 13:00. We will start the practical session from 13:00 until 17:00 (or whatever it takes).

 

Recommended Text Book for the course:

1. Fuzzing Against the Machine, Automate Vulnerability Research with Emulated IoT Devices on QEMU

2. The Hardware Hacking Handbook

3. Real-Time Embedded Systems, Design Principles and Engineering Practices

 

 

Verbal Exam Date:

There is going to be a verbal exam. The verbal exam is designed so that by doing all the practical parts and delivering your final project, you do not need to study for it. We will talk about your final project in the verbal exam. The verbal exam date is Monday, 25th September, from 09:00 AM until 17:00. Your exact time slot will be announced at the end of the last lecture. If you can not attend the exam date, please inform us ASAP. The exam location will be my office at CISPA main building, room 2-16.

 

 

Cheers,

Ali

 

 

 

 

Course Registration

Written on 12.07.23 by Ali Abbasi

Hi Everybody,

I see that some students already registered in the course without writing me an email first.

You will get removed from the course on 15 July unless you wrote your background and justification for this course and got approval from me.

 

Ali

 
Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.