Application code, file data, network protocol packets are often formatted as binary information. This is to protect intellectual property and make it difficult for attackers and competitors.
This does not, however, stop security professionals, researchers andhobbysts to inspect and reverse the binary blobs. Either for understanding their internals, or for finding flaws, people do reversing on binary blobs and extract a human-friendly format. Andrew Tridgell famously reversed the CIFS/SMB protocol from Microsoft to create the
Samba software.
In this talk I will highlight the mindset for doing reversing, based on my own experience with reversint the Apple iOS sandbox. The talk is not meant to be very technical rather what it takes and what it means to do reversing and why you should do it as a learning and fun experience.
9. Why? (2)
innate curiosity
desire to look inside, to know how it works
feels good when we know
feels better when we repair
achievement, accomplishment, improvement
goal, purpose
9 / 38
22. Reverse engineering can be depressing and quite solitary. The
support from all of you @vu5ec was always there :-), I appreciate
the encouragement that I got throughout the process. It was
painfully fun!
Lucian Cojocar
Reversing is like catching a cobra by the back legs.
R˘azvan Deaconescu
22 / 38
23. My Story
CTF security contests (Capture the Flag)
master classes on security (open content)
https://ocw.cs.pub.ro/courses/cns
http://elf.cs.pub.ro/sis/
security summer school (open content):
https://security.cs.pub.ro/summer-school/wiki/
23 / 38
24. My Story in iOS Reversing
https://developer.apple.com/library/archive/documentation/Security/Conceptual/
AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html
24 / 38
25. Sandboxing
limit actions for processes / applications; i.e. open a file,
connect to a remote host
in iOS, there are sandbox profiles attached to applications
a sandbox profile contains a specific set of rules
container sandbox profile used for all 3rd party apps (i.e.
those installed from Apple AppStore)
25 / 38
26. Initial Format of iOS Sandbox Profiles
(version 1)
(allow default)
(deny network*
(local ip "*:*"))
(deny network-outbound
(literal "/private/var/tmp/launchd/sock")
(regex #"^/private/tmp/launchd-[0-9]+[.][^/]+/"))
26 / 38
29. The Journey
close to an year to get it working
another half year to make it work on almost all cases
relentless back-and-forth
made it open source
relied on previous work (Dionysus Blazakis, Stefan Esser, Dino
Dai Zovi)
29 / 38
30. Yes but . . .
. . . it seems daunting
. . . it takes time
30 / 38
31. However . . .
it will be fun
you will improve: patience, perseverance, lateral thinking, problem
solving
you are part of a community
31 / 38
32. What To Do?
CTF contents
https://picoctf.com
https://junior.35c3ctf.ccc.ac/announcements/
https://ctftime.org
http://captf.com/practice-ctf/
wargames
http://io.netgarage.org
http://smashthestack.org/wargames.html
http://overthewire.org/wargames/
32 / 38
34. Yeah, but ...
I’m more of a developer
I want to build stuff, not break stuff
I want to create
34 / 38
35. Perspective
Sergiu Weisz, 1st year master student
I want to build. But I choose to do security because it gives me a
better understanding of how things work. And how things can be
attacked, abused and brought down.
poorly built software, hardware and infrastructure
you can make it better, more secure, more robust
once you understand it’s inner working
35 / 38