SCALE: Side-Channel Attack Lab. Exercises (and: QSCAT, Qt Side Channel Analysis Tool)

June 18, 2018 ~ hucktech ~ Leave a comment

I've just released a suite of open-source teaching material for cryptographic implementation attacks, including some CTF-like challenges and a hardware platform for DPA https://t.co/HQe1rCjWQP

— Dan Page (@danpag3) June 14, 2018

Alongside the implementation of cryptography in hardware and software, attacks on those implementations (plus associated countermeasures) form a central challenge in cryptographic engineering. This topic is sometimes termed physical security, but, either way, it contrasts sharply with traditional cryptanalysis by targeting the concrete implementation (vs. the abstract design, i.e., the underlying theory) via techniques such as side-channel attack. Beyond the obvious motivation, there are many position statements, e.g., see [1,2,3], that outline why this challenge is important. Thus, from an educational perspective, the question is how to equip students with an appropriate, associated skill set? On one hand, it seems obvious a hands-on approach is preferable: this is an applied topic so actually doing it (assuming a background in the underlying or related theory), e.g., via Problem-Based Learning (PBL), would be most effective. Indeed, other initiatives have already used a similar approach, e.g., see [4]. However, on the other hand, our experience is that some practical and/or logistical challenges remain.[…]

https://github.com/danpage/scale

I realised too late that IMPALE (IMPlementation Attack Lab. Exercises) would have been a better choice. Oh well.

— Dan Page (@danpag3) June 14, 2018

PS: From twitter thread, see-also:

https://t.co/qcymj6XRNy

— Benjamin Vernoux (@bvernoux) June 17, 2018

https://github.com/FdLSifu/qscat

Qt Side Channel Analysis Tool to handle signal traces and more

Qt for Microcontrollers

May 8, 2018 ~ hucktech ~ Leave a comment

This is what we should have called Qt Lite: (Qt on MCUs) https://t.co/FaoyZUAPtT Also cool he gave a shout-out to the Qt Quick Software Renderer!

— Andy Nichols (@nezticle) May 3, 2018

http://doc.qt.io/QtForDeviceCreation/qtee-supported-platforms.html#minimum-hardware-requirements

http://blog.qt.io/blog/2018/05/03/qt-microncontrollers-mcu/

PS: I wonder when the Qt project will pick up the UEFI ports done by EFIDroid:

Qtbase: EFIDroid port of Qt to UEFI!

https://youtu.be/Px4_Ut1kwNQ

EFIDroid’s Qt port working on Intel now

February 27, 2018February 27, 2018 ~ hucktech ~ Leave a comment

The author of EFIDroid posted a comment, in reply to another EFIDroid query comment. Previously, UEFI Qt of EFIDroid was ARM-centric, now:

“I’ve even recently started adding X64 support so it can be used on regular computers – I only have to add X64 support to UEFIThreads to complete that(which is required by QML).”

Looking forward to seeing UEFITool GUI app working as a UEFI app. 🙂

Qtbase: EFIDroid port of Qt to UEFI!

https://github.com/efidroid/qtbase

Qtbase: EFIDroid port of Qt to UEFI!

November 25, 2017 ~ hucktech ~ 4 Comments

Wow, it looks like EFIDroid project is porting Qt to UEFI!!

Qt Base (Core, Gui, Widgets, Network, …) with UEFI support

https://github.com/efidroid/qtbase

iUEFI

October 8, 2016 ~ hucktech ~ Leave a comment

“iUEFI is a tool to manager uefi boot option. It is based on qml/Qt.”

https://github.com/Iceyer/iUEFI

screenshot:

https://camo.githubusercontent.com/e550c6d084fb6c90268d37c62de30f55b7ff80e2/687474703a2f2f69312e7069696d672e636f6d2f3536373537312f366365376265623137373033323666342e706e67

UEFIDump created, UEFITool and UEFIExtract rewritten

July 9, 2016 ~ hucktech ~ 1 Comment

Nikolaj has been rewriting his suite of UEFI tools, so they are no longer dependent on the Qt framework, and uses his new engine “NE” tag. UEFITool (UT NE) no longer requires Qt. UEFIExtract (UE) no longer requires Qt. UEFIFind (UF) still requires Qt, and will be ported later. UEFIDump (UD) is a new tool! Described below. Extract of release notes:

UT NE A30 | UE 0.12.0 | UD 0.1.0
Almost no new features, but massive changes under the hood:
* engine (classes from /common) can now be build without Qt.
* added support for very rare Apple-specific images.
* fixed some quirks with report generation.
* UT and UE binaries rebuilt to include updated engine code.
* UEFIDump utility released, it’s a PoC analog of UEFIExtract, that generates the same report and dumps all leaf items into one .dump folder without hierarchy, “_%03d” suffix is added for duplicated items. The tool is an example of Qt-less engine usage.
* UEFIFind will be ported to non-Qt engine a bit later.

https://twitter.com/NikolajSchlej/status/751718569226952704
https://twitter.com/NikolajSchlej/status/751717273778458624

UT NE A30, UE 0.12.2 and new Qt-less UEFIDump 0.1.0 released.
Massive engine changes to support Qt-less build of it.https://t.co/5MdDBgcL1N

— Nikolaj Schlej (@NikolajSchlej) July 9, 2016

https://github.com/LongSoft/UEFITool/releases/tag/NE.A30
https://github.com/LongSoft/UEFITool/commits/new_engine
https://github.com/LongSoft/UEFITool/tree/new_engine
https://github.com/LongSoft/UEFITool

tool: Edb

September 3, 2015 ~ hucktech ~ Leave a comment

Edb is a system debugger, written by Evan Teran (@eteran). It’s been around for a while, but recently updated to use the Capstone engine, where I noticed it:

w0w, another debugger ditched its disassembler in favor of Capstone engine: Edb!https://t.co/Y25BwxiXZu

— Capstone Engine (@capstone_engine) September 3, 2015

Edb is a cross platform x86/x86-64 debugger, inspired by OllyDbg, but aims to function on x86 and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality. It is written in C++ using Qt. It contains these plugins: Analyzer, Assembler, BinaryInfo, BinarySearcher, Bookmarks, BreakpointManager, CheckVersion, DebuggerCore, DumpState, FunctionFinder, HardwareBreakpoints, HeapAnalyzer, OpcodeSearcher, ProcessProperties, ROPTool,References, and SymbolViewer.

Some security researchers may not know of OllyDbg, but only of Immunity Debugger (ImmyDbg), which is a fork of the GPL OllyDBg (but Immunity doesn’t seem to provide source…). Edb is also GPL-licensed, but source is easily available, and with Capstone backing it, looks to be very interesting!

https://github.com/eteran/edb-debugger
https://github.com/eteran/edb-debugger/wiki

UEFITool 0.20.6 released

July 6, 2015 ~ hucktech ~ Leave a comment

Yesterday Nikola Schlej released version 0.20.6 of UEFITool. It appears the main visible change is some improved Apple-specific ROMs targets.

UEFITool is a tool that parses UEFI BIOS rom images, useful for security researchers. It a GUI app, written in Qt, so it works nearly everywhere.

More Information:

https://github.com/LongSoft/UEFITool/releases/tag/0.20.6