2018/10/18 @ hack.lu 2018
This workshop is intended to bring attendees the basic skills (theoretical and practical) to analyze Ethereum smart contracts. After the workshop, they will be able to reverse, debug and find basic vulnerabilities into real-life smart contracts without having the Solidity source code.
The following points will be covered in the workshop:
- Quick introduction of Ethereum
- Basic Ethereum testing lab
- Reverse engineering of Ethereum smart contracts
- Analysis and vulnerability research
- Going deeper & Questions
link / slides
2018/09/15 @ ToorCon XX – 2018
Ethereum is the reference of smart contract platform due to the possibility to create decentralized applications (Dapps) by writing smart contracts. The Solidity source code of those smart contracts are not always available and can contains flaws (reentrancy, integer overflow/underflow, bad randomness, backdoor, ….).
Some smart contract handle thousand of ETH and can’t be modified once pushed into the blockchain. More than 90% of them doesn’t provide the associated Solidity source code and that’s also why be able to reverse and analyze Ethereum smart contract (only with the EVM bytecode) make even more sense.
link / slides
2018/09/15 @ ToorCon XX – 2018
WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the “game changer for the web“. More than one year after the “official” release, it is not only used “for the web” by web browsers but also in some (huge) other projects like Blockchain Smart Contract platforms (EOS and Ethereum).
I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (Octopus).
link / slides / video
2018/06/16 @ RECON Montreal 2018
Many platforms using blockchain technology have emerged in 2017 and take the top 10 position of the cryptocurrencies’s MarketCap. One of the main reasons behind is the possibility to create decentralized applications (dapps) by writing Smart Contracts.
During this presentation, we will analyze the implementation of smart contract mechanism (Virtual Machine, assembly language, instructions sets, …) used by those platforms. We will analyze the assembly languages and instructions sets used by the Virtual Machine of the major blockchain platforms.
We will see how to disassemble and reconstruct the CFG (Control Flow Graph) of those smart contracts and the tools actually available to perform a deeper security analysis.
This talk aims at covering the following platforms:
link / slides / video (not yet)
2017/06/09 @ SSTIC 2017
VoLTE (Voice over LTE) is a technology implemented by many operators over the world. Unlike previous 2G/3G technologies, VoLTE offers the possibility to use the end-to-end IP network to handle voice communications. This technology uses VoIP (Voice over IP) standards over IMS (IP Multimedia Subsystem) network.
In this paper, we will first introduce the basics of VoLTE technology. We will then, demonstrate how to use an Android phone, to communicate with VoLTE networks and what normal VoLTE communications look like. Finally, we will describe different issues and implementations problems. We will present vulnerabilities, both passive and active, and attacks that can be done using VoLTE Android smartphones to attack subscribers and operators infrastructure.
Some of these vulnerabilities are new and not previously disclosed: they may allow an attacker to silently retrieve private pieces of information on targeted subscribers, such as their geolocation
link / paper
2016/05/21 @ ESE #4
Dynamic Binary Instrumentation (DBI) is a technique for analyzing and modifying the behavior of a program when it is executed.
Among the most known frameworks there are Valgrind, DynamoRIO and PIN. The latter is developed by Intel and has a simple and functional API.
The purpose of this presentation is to show the possibilities of such a tool as well as an example through a Crackme.