I had the pleasure to be invited to the MetaRheinMain ChaosDays 1001b (mrmcd1001b) in Darmstadt. This years motto was “Beyond Science Fiction” and ~250 people gathered together to discuss “Society and Technology in 20th century fiction and 21th century reality”.
The presented talks were mostly interesting, although I didn’t attend that many. I spent most of the time talking to people or giving (two) talks myself: Security in Mobile Devices and Virtualised USB Fuzzing.
The first one went as expected and I think the attendees enjoyed it very much. Again, talking about technical details that a buffer overflow on x86 involves is not that much fun but I think it went at least alrightish. Slides can be found here.
The second talk was kind of a rehearsal for my final thesis presentation. So I took the chance to prepare myself for Dublin and present brand new stuff^tm. I started off crashing a Linux PC with my N900 and went then to the talk. It was a bit confusing, I guess. But in fairness: It was very late in every sense of the word 😉 But I got positive feedback nonetheless so it’s better if you make up your own mind with the slides. Although I don’t think the slides alone are that interesting.
For some reason, people were interested in the commands that I’ve used for the demo:
- Boot Ubuntu
/opt/muelli/qemu/bin/qemu-system-x86_64 -enable-kvm -hda ubuntu.img -cdrom ~/ISOs/ubuntu-10.04.1-desktop-amd64.iso -monitor stdio -serial vc -m 1G -loadvm 1
- Setup Filter
- Attach device
- Fuzz (didn’t really work because of a Heisenbug)
- Fully Virtualise
python recordingfilter.py /tmp/filter /tmp/phonet.dump
sudo chown muelli /dev/bus/usb/002/004
cat /tmp/filter.in &
cat /tmp/phonet.dump.out > /tmp/filter.out
python emulator.py --relaxed /tmp/filter /tmp/phonet.dump.combined
python fuzzingemulator.py /tmp/filter webcam.dump
python usbmachine.py /tmp/filter.in /tmp/filter.out