Based on a real-world forensics project performed on an encrypted USB drive you will learn what techniques and processes apply to identify weaknesses and extract secrets. In this practical session we use the Riscure Hack me (RHme) hardware platform to emulate a secure storage environment. Using this as our artifact we attack the provided implementation. Faced with a cryptosystem and unknown implementation we show a complete attack path, from receiving a black-box device, to extracting its content. Background will be provided as to why it is possible to extract secrets from secure software running on insecure hardware.
For maximum enjoyment of this workshop we expect participants to be technologically savvy, curious and familiar with basic concepts in cryptography and reverse engineering. No hands-on experience is required but definitively helpful. Participants are encouraged to bring their laptops running either Windows 7+ or Linux to participate in the practical sessions. Riscure will provide a downloadable package including the open source tool chain and prepared files needed to perform the steps in the attack path. No special hardware is required.
Program Outline
- 13:00 – 13:30 Context: Real-World Project- Breaking Secure USB for Forensic Extraction
- 13:30 – 15:00 Theory: Introduction to Reverse Engineering (RE) and Fault Injection (FI)
- 15:00 – 15:30 Coffee Break
- 15:30 – 16:30 Practical Session: Overcoming Security Mechanisms for Firmware Extraction
- 16:30 – 17:30 Practical Session: Identifying and Exploiting Weaknesses in Secure Firmware
Presenter Thomas Rinsma
Thomas Rinsma is a Security Analyst at Riscure. He obtained his M.Sc in Computing Science from the Radboud University where he attended the TRU/e security track. He mostly works on projects in the Mobile Security and Embedded Systems Security markets for which he spends time reverse engineering software, analyzing payment solutions and performing penetration tests. He was involved with running the latest edition of Riscure’s annual hardware hacking contest (RHme3).
Presenter Kevin Valk
Kevin earned his M.Sc in Computer Science (security track) from the Radboud University. He works as a security analyst at Riscure, where he performs security evaluations on software-based solutions. He works on the mobile security market and has a special love for white box-cryptography. He helps organize and run an annual hardware hacking contest called the Riscure Hack me.