Reverse Engineering Hack Chat

Matthew Alt will host the Hack Chat on Wednesday, September 28 at noon Pacific.

Time zones got you down? Try our handy time zone converter.

Our world is full of mysteries, from the nature of time to how exactly magnets work. There are some things that we just have to accept that no matter how hard we look, we'll never get a complete answer, especially in the natural world. The constructed world is another thing, though. It doesn't seem fair that only a relatively few people have the inside scoop on the workings of everyday things, like network routers, game consoles, and even the vehicles we drive. Of course, the companies that make these things have a right to profit from their intellectual property, but we as consumers also have a right to be curious about how these things work and to understand what the software running on these devices is doing on our behalf.

Luckily, what can be engineered can be reverse engineered, if you have the right tools and the skills to use them. It can be a challenge, but it's one Matthew Alt has taken on plenty of times. We've seen him deep-dive into JTAG, look at serial wire debugging, and recently even try some glitching attacks. In fact, he even taught a HackadayU course on reverse engineering with Ghidra. And now he'll drop by the Hack Chat to talk all about reverse engineering. Join us with your questions, your exploits, and your ideas on how to go where no hacker has gone before.

Event Logs

Collapse

Hack Chat Transcript, Part 1
Dan Maloney • 09/28/2022 at 20:04 • 0 comments

Dan Maloney12:00 PM
Hello, everyone, welcome to the Hack Chat! I'm Dan, I'll be moderating today along with Dusan for Matthew Alt as we talk about reverse engineering in all its many forms!

@wrongbaud - Did I see you online already? I think I did...

Dusan Petrovic12:00 PM
Hi everyone!

FedX12:00 PM
\o

Dan Maloney12:00 PM
Hi Dule!

wrongbaud12:00 PM
Yup!

Dusan Petrovic12:00 PM
Hello Dan!

Ari12:00 PM
Hey Dan

Dan Maloney12:00 PM
Hey there, wlecome aboard!

Dan Maloney12:01 PM
Drat these fat fingers...

Dan Maloney12:01 PM
Anyway, welcome - I think most of us know a little about you, but maybe you can fill us in on your background a bit?

Nicolas Tremblay12:02 PM
@Dan Maloney Normally i plame autocorrect

Dan Maloney12:02 PM
"It's a poor craftsman what blames his tools," as AvE would say ;-)

wrongbaud12:03 PM
Sure! my name is Matt Alt (@wrongbaud) - I am a reverse engineer who focuses on embedded systems. My RE journey began at an ECU tuning shop in college where my job was to reverse engineer various automotive controllers. You can find some examples of my work on my personal blog: https://wrongbaud.github.io and my consulting blog: https://voidstarsec.com/blog

If you are interested in learning more about reverse engineering, check out our hackaday course that we put together here: https://hackaday.io/course/172292-introduction-to-reverse-engineering-with-ghidra

A few things before we kick off - I won't answer any questions regarding "hacking" facebook, instagram or other social media sites. I am happy to talk firmware extraction and analysis, low level interfaces, glitching, assembly languages and everything in between!

Dan Maloney12:04 PM
Excellent point -- we often get those requests here, sometimes mid-chat.

Dan Maloney12:06 PM
Funny you mention ECU hacking -- a friend recently had an emergency situation while driving where the car shut down because he needed to back up fast. He'd love a hack to prevent the anti-collision sensors from shutting the damn car off.

Dan Maloney12:07 PM
Not asking for specific help, mind you -- just thought it would be an interesting case to talk about.

wrongbaud12:07 PM
Definitely, I worked in the space from 2012-2016 and we mostly focused on engine controllers, our end goal was usually to reflash the engine controller with modified software for performance benefits.

wrongbaud12:08 PM
I imagine that we are going to see a lot of cool security research in the coming years with these "assistance" features, they seem like a good target

Przemek Klosowski12:08 PM
what do you think about the future of reverse engineering given the increasing role of security tech (secure boot, measured software, encrypted firmware etc). Is it same old same old or qualitative change?

wrongbaud12:10 PM
I think that there is always going to be low hanging fruit for people to learn with, but for more hardened targets I imagine we are going to see a lot more in the realm of fault injection techniques

.io12:10 PM
I assume when you hacked the ECU's you downloaded the code and found the fuel maps, tweaked them, and flashed it back? I doubt you were reinventing the wheel . . . no pun intended.

anfractuosity12:10 PM
wrt ECUs do you have to glitch the MCU, to be able to extract the firmware?

Mark J Hughes12:11 PM
How significant were the performance benefits vs the time spent engineering it?

wrongbaud12:11 PM
Correct, remapping, occasionally removing features that were considered detrimental for race times or instrumenting them further

wrongbaud12:12 PM
RE: Glitching ECUs, it depends on the specific MCU in use, sometimes yes, sometimes no

Mark J Hughes12:12 PM
How can I turn off the feature that shuts the damn car off everytime I'm at a red light?

Dan Maloney12:13 PM
@Mark J Hughes - I flippin' hate that! You're just a sitting duck if something happens!

wrongbaud12:13 PM
RE: Performance benefits, it would depend a lot on the car, for a turbocharged car sometimes we could squeeze anywhere between 25-50HP,...
Read more »