Instructors: Thomas Roth
Dates:June 1-2 2022
Location: Hilton Double Tree
Capacity: 20 Seats
In this training you will learn how to reverse a variety of types of ARM firmware with Ghidra!
We will start with the basic usage of Ghidra: Loading a program, analyzing it, and finding our way through Ghidra and learn to deal with some common pitfalls. After we are comfortable with Ghidra, we will start looking at actual firmware: We will look at extracting firmware images, how to spot firmware encryption, and how to deal with the binaries you find on non-bare-metal firmware. You will learn about thumb mode, ARM registers, and how to get the decompiler to generate better code.
Day two is all about bare-metal firmware: We will look at loading Cortex-M microcontroller firmware, generating the required memory maps, and using “SVD-Loader” to generate all the memory-mapped peripherals automatically. We will look at reset-vectors, interrupts, and everything you need to know to load firmware of IoT devices into Ghidra.
We will also start patching some firmware, and try to run our patched firmware on actual microcontrollers, and write some custom basic scripts for Ghidra that make dealing with firmware easier.
Finally, we will also take a look at the new Ghidra debugger: It’s features, and also it’s shortcomings when it comes to bare metal debugging.
What you need to bring :
A laptop running Ghidra and capable of running a virtual machine (for the debugger)
Thomas Roth is a security researcher and founder of leveldown security. His main focus is on mobile and embedded systems with published research on topics like TrustZone, payment terminals, and embedded security. In recent years, his main focus has been on critical infrastructure and communication, with published research on industrial control systems, industrial IoT devices and secure communication. In 2018, Thomas Roth and his research was named as one of the 30 under 30 in Technology by the Forbes Magazine and was named TCCA Young Engineer of the Year 2018.
Click here to register.