Hacking
-
Table of Contents Introduction This past semester I’ve been working on a directed study at my university with Prof. Wil Robertson reverse engineering embedded devices. After a couple of months looking at a passport scanner, one of my friends jokingly suggested I hack a Furby, the notoriously annoying toy of late 1990s fame. Everyone laughed,…
-
Table of Contents Introduction Understanding the Code Tracing the Vulnerable Code Path Leveraging the Vulnerability Circumventing Additional Obstacles Achieving Local Privilege Escalation Exploit Proof of Concept Bonus Points Introduction CSAW CTF 2013 was last weekend, and this year I was lucky enough to be named a judge for the competition. I decided to bring back…
-
This past weekend I presented Weighing in on Issues with “Cloud Scale” at Summercon 2013 (the title is totally a joke, btw). In the presentation, I talked about my experience reverse engineering and hacking the Withings WS-30 WiFi-enabled bathroom scale, a fun little embedded device running Thumb-2 code. As mentioned during the talk, I’ve uploaded…
-
Table of Contents Introduction Function Hooking in Suterusu Function Hooking on x86 Write Protection Function Hooking on ARM Instruction Caching Pros and Cons of Inline Hooking Hiding Processes, Files, and Directories Introduction A number of months ago, I added a new project to the redmine tracker github showcasing some code I worked on over the summer…
-
This past weekend, I led team ” ” in the 2012 MIT Lincoln Lab CTF where we captured the flag for being the most offensive team, specifically, performing the most unique compromises of team + service. No, literally, we won the flag: One of the services we were tasked to install was a client-facing WordPress widget…
-
Last post, we identified a stack-based overflow in 3S CoDeSys CmpWebServer and traced the steps necessary to obtain control over EIP. In order to do so, we needed to first circumvent stack cookies, which was achieved by abusing a call to memcpy() and overwriting the function call’s own return pointer. This post, we’ll pick up…
-
By the way, I will be presenting “Owning the Network: Adventures in Router Rootkits” this Sunday, 12 noon at DEF CON 20. If you enjoy ownage, networks, adventures, routers, and rootkits, this talk is for you. I’ll be releasing my firmware generation/manipulation framework at the talk, which will be made available on the site shortly…
-
Introduction On November 29, 2011, Luigi Auriemma published a security advisory containing multiple vulnerabilities in the 3S CoDeSys Automation Suite. Like much of the other software Auriemma has researched in past months, CoDeSys is SCADA software. For those who aren’t familiar with the term, SCADA stands for “Supervisory Control and Data Acquisition,” which is just…
-
I received a Samsung Infuse 4G this year for Christmas, and one of the first questions I had was how to let this bad boy run free. Doing a little searching around, it looked like the device was already rootable by the RageAgainstTheCage exploit by the Android Exploid Crew, but of course using an already-written,…
Michael Coppola 