The objective of the workshop is to learn how to use some powerful but intimidating tools while reverse engineering IOT devices: Angr, Unicorn and Qiling.
The workshop aim to show common use cases for each of these tools and also their limits.
To that end, the workshop will propose the following exercices:
- Decipher XOR encrypted strings with Angr
- Automated buffer overflow exploitation with Angr
- Emulation of arbitrary function or code blocks with Unicorn
- Binary emulation with Qiling
- Complete device emulation after firmware extraction with Renode
Marc-André Labonté ,
Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.
Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented "Automated contact tracing experiment on ESP Vroom32" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.