diamond_fulldiamonddiamond_halfdiamond_eurosearch-iconmenuchat-iconclose-iconenvelope-iconsmartphone-call-icon

Topics

reverse engineering

preview-image for Logo of the CacheWarp attack

CacheWarp: Dropping one write to take over AMD-SEV

November 23, 2023 #attacks #news #reverse engineering

On 2023-11-14 the CISPA Helmholtz Center for Information Security published a new Attack on AMD-SEV called CacheWarp (CVE-2023-20592), in which I am one of the original authors. This attack allows a malicious hypervisor to drop memory writes on an encrypted VM using the invd instruction. Due to the difficulty of the setup, a feasible attack should only drop memory once to achieve its goal. In this article, we examine how one memory drop is enough to break openssh and sudo to completely hijack the victim system.

preview-image for Logo

Power analysis based software reverse engineering assisted by fuzzing II

September 3, 2020 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

In the previous post a setup and a technique to extract a representative section of a powertrace of a specific instruction of a STM32F3 processor were described. This section is called a “template”. These templates should later be used to identify instructions via a power sidechannel and reconstruct the flow of an unknown program on a controller that can not be dumped via JTAG. In this part of our poweranalysis series the extracted templates from the previous post will be analyzed to determine whether they are representative enough to reverse engineer entire programs from a powertrace.

preview-image

Power analysis based software reverse engineering assisted by fuzzing I

August 26, 2019 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

This is the first part of a three part series about power analysis based software reverse engineering. It is part of our work in the SecForCARs project and the bachelor thesis ‘Poweranalyse basiertes Software Reverse Engineering mit Hilfe von Fuzzing’. The results will be summarized in this blogpost series. In this first part the goals of the research and the power analysis template extraction process are presented.

preview-image for Logo

Visiting the hardwear.io 2018 conference in Den Haag

September 15, 2018 #embedded security #event #reverse engineering #ctf

For the second year SCHUTZWERK was a sponsor of the hardwear.io conference in Den Haag. This year, we attended the conference with 3 employees focused on hardware and embedded security. The Training Session One of our hardware specialists, Heiko Ehret, learned how to reverse engineer a microchip in the training IC reverse engineering 101 from Tuesday to Wednesday. In this training the principles of gaining access to the DIE of a chip were presented and in the practical part for example photos, which were taken with a scanning electron microscope (SEM), were analyzed to extract the computational structure as well as reading out the contents of the memories.

Free Consultation