Radare Conference 2017



Beginner Training (pancake, alvarofe)
Intro to Unpacking on Windows (newlog, Giomismo, zlowram)
Beginner Training (maijin, xvilka)
Tiny uControllers firmware reversing and exploiting (dark_k3y)

r2frida (@mrmacete)
SIOL – condret
CFG-based fussy hash for malware classification using r2 (robin marsollier)
zdbg (@zutle)
GSoC talks (gdbserver, windows support and backstepping) @xvilka
r2anal (alvaro) + limits of esil (killabyte)
RAIR (@oddcoder)
r2 module for Yara (@plutec_net + @mmorenog)
Anal clemency (@raysong)
Intro to Reversing Windows Malware Using r2 @ newlog
Surprise talk by @oleavr
Diaphora and r2 (@pancake, @matalaz)
Road to the kernel (@nighterman)
Pimp my Triton (ak42)


Reversing ARM firmware using Radare: scripts/bins available

Re: https://firmwaresecurity.com/2017/03/31/reversing-arm-firmware-using-radare-presentation-available/

The samples for this presentation are also available. Previously, it was just the presentation PDF.







scan_thinkpwn: searches for ThinkPwn vulnerability

THINKPWN SCANNER: This program is used to scan UEFI drivers extracted from firmware image for ThinkPwn vulnerability in vendor/model agnostic way.
@d_olex (aka Cr4sh) — initial Vivisect based version of the program;

@trufae (aka pankake) — radare2 based version (this one);

Read the source code for more user docs, including a detailed source comment about how the code works.


More info:


Using Radare to emulate BIOS

(There’s a Twitter URL for it, but I’ve lost it, sorry.)
Emulating a simple bootloader

Generally speaking, emulating a bootloader is simpler than it is for regular binaries, because they lack external libraries and usually have direct access to memory and hardware. In this case, the bootloader is a binary for x86 architecture which runs in 16-bits real mode using BIOS calls to perform its loading duties and textual input/output. The idea here is to emulate Cropta1 crackme using radare2 ESIL emulation, providing the needed BIOS via a trivial quick & dirty python implementation of just what it’s needed to run the crackme code. There are several ways to do it, I tried two of them and here is the story. […]




Praetorian on exploiting MIPS devices, part 1

The Praetorian security blog has a very detailed and well-written blog post of a MIPS-based system, showing/discussing multiple tools (BowCaster, QIRA, BinWalk, Radare, …). And there is a Part 2 in the works!

Reversing and Exploiting Embedded Devices: The Software Stack (Part 1)
Over the course of the past few months I’ve been traveling around educating people on exploiting embedded devices. My slides alone aren’t able to provide enough information, so I wanted to write everything out for people to digest online. The following blog post is “Part 1”, which will introduce the reader to the software side of embedded devices. I decided to cover software first since most flaws reside within the software stack, ranging from binary applications to drivers. Part 2 will cover the Hardware stack with a focus on educating the reader on how JTAG actually works and how to leverage Hardware modifications to either bypass password protections or to extract secrets that may be baked into the targeted device. […]