Hands down Day 1 of Recon the Magic Bus by Travis Goodspeed and Sergey Bratus took the show. Great informational and entertaining presentation! I encourage anyone to check out the hardware Travis has developed and his papers if you are into understanding key security issues with the Bus.
Next I found the presentation by Rolf Rolles some of the best work I’ve seen in this field. The presentation was focused on Syntax and Semantic based methods for reverse engineering.
Under the Syntax based methods Rolf talked about looking for patterns that can help identify signatures such as packers, FLlRT, etc. It seems like this could be a good idea for an offshoot tool. However, it important to note that he said an attacker could possibly avert these patterns when a reverser is using Syntactic methods by recompiling or doing complex obfuscation. Guess this is another reason we should all be doing obfuscation in the commercial world.
For this discussion Rolf described scenarios for an automated key generator, automated bug discovery, etc. Most of the talk was explaining the mathematics behind the analysis which overall appear to very basic in nature. However the way Rolf has applied the math in the analysis is quiet interesting and very intelligent.
Without going into too much detail he simply replaced concrete semantics (i.e. x,y) with abstract semantics (i.e. +(positive), – (negative)). Then using truth tables on Bits (standard bit analysis either 0 or 1) (unknown bit analysis using 0,1, ½; ½ represents unknown) he is able to map out patterns.
In general the rest of the day was filled with other speakers who were interesting but just didn’t seem to catch my full attention. With that said Tarjei Mandt did a good job explaining atoms and string based attacks.
All and all a pretty good first day especially since Montreal had a music festival running with Dissonant Nation, which made a great evening of entertainment.