414: Puff, the Magically Secure Dragon

May 26, 2022 by Elecia White

Laura Abbott of Oxide Computer spoke with us about a silicon bug in the ROM of the NXP LPC55, affecting the TrustZone.

More information about the two issues are in the Oxide blog:

More about LPC55S6x and their LPC55Sxx Secure Boot

Ghidra is a software reverse engineering framework… and it is one of the NSA’s github repositories.

Laura will also be speaking about this at Hardwear.io in early June 2022 in Santa Clara.

Twitter handles: @hardwear_io, @oxidecomputer, @openlabbott,

The vulnerability was filed with NIST: NVD - CVE-2021-31532

Transcript

399: Hey, What's Going On?

January 20, 2022 by Elecia White

Jen Costillo joined us to talk about voice acting, reverse engineering, podcasting, and dance.

Jen’s podcast is the Unnamed Reverse Engineering Podcast, found in all your usual podcast places. Jen and her co-host Alvaro were on an episode of Opposable Thumbs podcast.

Find Jen on Twitter at @RebelbotJen (also @unnamed_show and @catmachinesSF). Rebelbot.com has her blog and Cat Machines Dance is her site devoted to dance (including the mentioned video about dancers and the pandemic).

The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks by Jasper van Woudenberg and Colin O'Flynn

Jen is studying voice-overs at VoicetraxSF

Jen has been on the show many times in the past. Some of our favorites include

108: Nebarious about security and privacy
82: I Was a Chewbacca Person about movies that influenced their path to engineering
51: There Is No Crying in Strcpy about interviewing
25: Thunderdome for Antennas about RF and manufacturing consumer products
10: Hands Off, Baby about C keywords

370: This Is the Whey

April 22, 2021 by Elecia White

Alvaro Prieto (@alvaroprieto) spoke with us about cheese, making, work, the reverse engineering podcast, weather, and motivation.

Alvaro is a host of the Unnamed Reverse Engineering podcast. Some of his favorite episodes include #41 with Samy Kamkar, #14 with Joe Grand, and #23 with Major Malfunction. (Jen Costillo co-hosts the show and has been on Embedded several times.)

Alvaro works at Sofar Ocean, making oceanic sensing platforms. He has a personal website linking to his other exploits.

We talked about some Embedded episodes as well:

Also, we’ve all really enjoyed the Disney’s Mandolorian.

352: Baby's First Hydrofluoric Acid

November 19, 2020 by Elecia White

John McMaster (@johndmcmaster) told us about the process of opening up chips to see how the processors are structured and what the firmware says.

See John’s website for information on getting started (as well as digging much deeper).

John has given some interesting Hardwear.io talks including Capturing Mask ROMs and Taming Hydrofluoric Acid to Extract Firmware. His talks and many others are available on the Hardwear.io archive. Or sign up for the Hardwear.io Online Hardware Security Training, Berlin Jan 2021.

As mentioned in the show:

John wrote a blog post about his top lab accidents and explosions.
Paper: Reverse engineering Flash EEPROM memories using Scanning Electron Microscopy by Franck Courbon, Sergei Skorobogatov, and Christopher Woods
Rompar and bitract are the two programs mentioned as helpful for getting from an image to binary code.

304: ADC Channel Six

September 26, 2019 by Elecia White

What do you get when you connect the open-source reverse engineer of Valve’s Steam Controller and the main electrical engineer of said device?

Jeff Keyzer (@mightyohm) and Gregory Gluszek (@greggersaurus) join us to talk about building and taking apart devices.

Greg’s project is on github as the OpenSteamController. He used pinkySim, an ARM simulator.

Jeff has left Valve and is now a freelance engineer as well as selling kits on mightyohm.com. The incredibly useful comic on how to solder lives there: mightyohm.com/soldercomic

I-Opener was the computer discussed.