nsr

@[email protected]
260 Followers
75 Following
9 Posts
no such reference
nsrAug 14, 2024
Merlin ChlostaAug 14, 2024

Our #usenix2024 paper "SIMurai: Slicing Through the Complexity of SIM Card Security Research" just went public!

We asked ourselves: What kind of attacks could a hostile SIM launch against your phone?

nsrAug 18, 2023
Show thread domenukAug 18, 2023

See the recording of our baseband emulation and fuzzing talk here:
https://media.ccc.de/v/camp2023-57330-analyzing_cellular_basebands_with_firmwire

#cccamp23

๐Ÿ“ถ Analyzing Cellular Basebands with FirmWire ๐Ÿ”Ž

media.ccc.de
nsrAug 14, 2023
 domenukAug 14, 2023

Come see @nsr and me talk about smartphone baseband emulation and #fuzzing.

Learn how to use #FirmWire and find some bugs :)

Thursday morning, 10:30 at #cccamp23
https://pretalx.c3voc.de/camp2023/talk/TQXEN7/

๐Ÿ“ถ Analyzing Cellular Basebands with FirmWire ๐Ÿ”Ž Chaos Communication Camp 2023

This talk will discuss cellular basebands and FirmWire, our open-source platform for baseband firmware. The platform allows researchers to emulate, dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time. FirmWireโ€™s integrated ModKit creates and injects custom tasks into the emulated baseband. We leverage the ModKit for full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls. With this setup, we uncovered several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsungโ€™s Shannon and MediaTekโ€™s MTK baseband implementations, affecting billions of devices. FirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum.

nsrJan 14, 2023
VUSecJan 14, 2023

Disclosing CHOP, aka how attackers can bypass commodity return address protections such as stack cookies by hijacking the exception handling process. Paper to appear NDSS'23, fetch our preprint here: https://download.vusec.net/papers/chop_ndss23.pdf! Joint work of Victor Duta, Fabian Freyer, @pagabuc, @nsr, and @c_giuffrida.

Code and data available at: https://github.com/chop-project/chop.

nsrDec 2, 2022

Interested in smashing stacks or binary exploitation in general? In case you attend Backhat Europe next week, feel free to checkout Victors's and Fabian's talk "Unwinding the Stack for Fun and Profit" next Wednesday.

They will present our work on confusing the unwinder and bending exception handling for exploitation.

More info at: https://www.blackhat.com/eu-22/briefings/schedule/index.html#unwinding-the-stack-for-fun-and-profit-29449

Black Hat

Black Hat

nsrNov 21, 2022
jiska ๐Ÿฆ„Nov 21, 2022

Trying to use Twitter Spaces one last time while it's still running for the reverse engineering adventures. Tune in tomorrow at 8PM Berlin time. Tell us about the most expensive thing you bricked during security analysis and ask any question you want ๐Ÿ’ป ๐Ÿ’ฅ ๐Ÿ“ฑ

https://twitter.com/i/spaces/1mrGmkjlQkLxy

Scheduled: Reverse Engineering Adventures ๐Ÿง‘โ€๐Ÿ’ป๐Ÿ”Ž๐Ÿ“ฑ

@[email protected]โ€™s Space ยท Where live audio conversations happen

Twitter
nsrNov 16, 2022

Happy to announce the release of swSIM and swICC by Tomasz Lisowski, two open source repositories to enable SIM card emulation: https://github.com/tomasz-lisowski/swicc & https://github.com/tomasz-lisowski/swsim.

Among others, we attached the emulator to a physical phone via SIMTrace2 and interact with test networks!

GitHub - tomasz-lisowski/swicc: A framework for creating smart cards (ICC-based cards with contacts).

A framework for creating smart cards (ICC-based cards with contacts). - GitHub - tomasz-lisowski/swicc: A framework for creating smart cards (ICC-based cards with contacts).

GitHub
nsrNov 12, 2022
Ohai!