OpenXC builds its firmware — for both the open and proprietary builds — using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards cross-references? What tools do attackers use to reverse engineer raw binary firmwares? How do they use them? What are some simple, useful deterrents? How do descriptive data structures — JSON in particular — aid attackers in their reverse engineering efforts? What mitigations are possible for this risk? The exposition of machine code in the talk will be via the free radare2 RE tool.
Дата: 31.10.2018. Категории: