OWASP Ottawa: Using Radare2 Reverse Engineering Framework in Jupyter Notebooks

Special Notice:

Due to the COVID-19 (Coronavirus) pandemic our events will continue online on our YouTube channel. (https://www.youtube.com/channel/UCxSU-KvNmYusZEq6v4YK5Lw)

Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!

We will post information here and on all our other medias (email, twitter etc.) as we are closer to the date.

YouTube Live Stream Link: https://www.youtube.com/watch?v=MA7BRSnXCTk

7 PM EDT Technical Talks
Using Radare2 Reverse Engineering Framework in Jupyter Notebooks

Abstract:
A demonstration of using radare2 (r2) reverse engineering framework https://github.com/radareorg/radare2 in jupyter notebooks https://jupyter.org/ via r2pipe python API https://github.com/radareorg/radare2-r2pipe -- and keeping pretty r2 colors!
After introducing all those tools and their fusion, we will apply it to a couple solves of the first few levels of microcorruption embedded security CTF https://microcorruption.com/login using also and the angr symbolic solver https://github.com/angr/angr ; having cracked some microcorruption crackmes we will move-up to the "Rare Metal Sequencer" SNES crackme challenges by Zack Deveau from NSec CTF 2021 https://gist.github.com/BenGardiner/13fe76fd43f179a872acbb9f5729eb2c
Attendees should leave with a better understanding of msp430 and SNES assembly, r2 commands, and an appreciation of colored terminal output in a jupyter notebook!

Bio:
Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure commercial transportation at the NMFTA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior to YFS Inc. and joining the NMFTA team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including the Cybertruck Challenge, GENIVI security sessions, Hack in Paris, HackFest and DEF CON.