Difference between pages "Arrivals Departures" and "Tutorials/Reverse engineering embedded software using Radare2"

From LCA2015 Delegate wiki
(Difference between pages)
Jump to: navigation, search
(Sunday 11 Jan)
 
 
Line 1: Line 1:
{{Licensing Box|Please participate in the LCA2015 Delegate [[Wiki Hackathon]] which is happening on Sat 3-Jan-15 from 1-4pm (NZDT). Physical presence at the [http://www.aucklandlibraries.govt.nz/EN/Events/Events/pages/makerspacecentralcity.aspx Makerspace at Central City Library], or online via Twitter/IRC. Even if you can't attend, please contribute some ideas for the [[Wiki Hackathon#Goals|goals]] for the hackathon.|imagel=[[File:wiki-hackathon-logo-500x500.png|90px|link=Wiki Hackathon]]}}
+
This page describes preparation for [http://linux.conf.au/schedule/30102/view_talk?day=thursday Reverse engineering embedded software using Radare2]
  
The intent of this page is to allow conf organisers to know who's expected at the airport when.
+
== Outline ==
  
You might also be able to use the info below to connect up with people who are on the same flight as you, arrange taxi shares, and so on, so '''leave some contact info''' in the entries that you create.
+
We will try and get through all the following:
  
===Arrivals===
+
* Introduction to Radare2 reverse engineering tool
 +
* The Radare2 utilities
 +
* Basics of using the Radare to examine a binary you probably have on your laptop
 +
* Looking at an arduino binary
 +
* Introduction to MIPS architecture and disassembly
 +
* Extracting firmware images
  
Order the entries below by scheduled '''time of arrival''' in Auckland. ''Please use 24 hour clock format (hh:mm)'' and ''Auckland time!''
+
You might like to bring your own binary to play with as well instead!
  
==== Wednesday 7 Jan ====
+
==Important - please make an rc file ==
* 22:05 QF 147 (from Sydney)
+
** Steve Walsh
+
  
==== Friday 9 Jan ====
+
Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.
* 06:30 NZ 176 (from Perth)
+
** [mailto:me@kye.id.au Kye Russell]
+
** Delan Azabani
+
** Brock York
+
** Josh Batchelor
+
** Luke Mercuri
+
** Clayton Johnson
+
** Matthew Pen
+
* 15:30 NZ 5 (LAX to AKL)
+
** [http://alasdairallan.com Alasdair Allan]
+
* 20:50 VA7445 (SYD to AKL)
+
** James 'Ender' Brown
+
* 22:45 VA7434 (BNE to AKL)
+
** Clinton Roy
+
  
==== Saturday 10 Jan ====
+
Instructions for Linux/Unix systems:
* 08:00 QF111 (PER to AKL)
+
** [mailto:kibelan@gmail.com Ben Kelly]
+
* 14:35 EK434 (BNE to AKL)
+
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
+
* 17:15 NZ124 (MEL to AKL)
+
** [[User:Christopher Neugebauer|Christopher Neugebauer]]
+
* 17:30 NZ136 (BNE to AKL)
+
** [https://twitter.com/bradleymarshall Brad Marshall]
+
* 18:55 QF181 (SYD to AKL)
+
** [mailto:lca@eyal.emu.id.au Eyal Lebedinsky]
+
* 20:50 VA7418 (PER to AKL)
+
** Byron Jones (glob)
+
  
==== Sunday 11 Jan ====
+
    echo 'e cfg.fortunes=false' > ~/.radare2rc
* 00:45 VA160 (BNE to AKL)
+
** [https://twitter.com/gm_stack Geordie Millar] (from VA1393 departing ADL)
+
** Michael Wheeler (from VA1712 departing GLT)
+
* 05:45 JQ215 (MEL to AKL)
+
** Michael Cordover (aka mjec)
+
* 08:00 QF111 (PER to AKL)
+
** [[User:Andrew Buckeridge|Andrew Buckeridge]]
+
* 13:05 NZ4994 (HKG to AKL)
+
** Jussi Pakkanen (from LH730 departing MUC)
+
* 13:45 QF8762 (also EK406) (MEL to AKL)
+
** George Patterson
+
** Kevin Collas-Arundell (@kcollasarundell|tacticus)
+
* 14:15 NZ454 (WLG to AKL)
+
** [[User:Jeremy Visser|Jeremy Visser]]
+
** [[User:Ewen McNeill|Ewen McNeill]]
+
* 14:35 QF8770/EK434 (BNE to AKL)
+
** Jared Ring
+
* 14:50 NZ102 (SYD to AKL)
+
** [mailto:himangi774@gmail.com Himangi Saraogi]
+
* 14:50 VA934 (OOL to AKL)
+
** [[User:Katie Miller|Katie Miller]]
+
* 14:55 QF143 (SYD to AKL)
+
** Mike Carden
+
* 15:25 VA148 (MEL to AKL)
+
** [https://twitter.com/fukawi2 Phillip Smith]
+
** [https://twitter.com/smarthall Daniel Hall]
+
** [[User:Tim Serong|Tim Serong]] ([https://twitter.com/tserong @tserong])
+
* 17:15 NZ124 (MEL to AKL)
+
** Mark Jessop (@darksidelemm - from VA206 departing ADL)
+
* 17:30 JQ213 (MEL to AKL)
+
** David Bell (@dtbell91)
+
** Matthew Cengia (@mattcen)
+
** Mike Abrahall (@mijofa1)
+
** Josh Mesilane (@zindello)
+
** David Rowe
+
* 17:30 VA7436 (BNE to AKL)
+
** Ryan Stuart (@rstuart85) - have a free entry pass to the Virgin Lounge for anyone else on this flight. Contact me for details.
+
* 18:20 VA7452/NZ972 (ADL to AKL)
+
** [mailto:ubermonk@gmail.com Andrew Kirkpatrick]
+
** Thomas Sprinkmeier
+
* 19:25 JQ260 (WLG to AKL)
+
** Jim (James) Whittaker
+
* 20:30 NZ476 (WLG to AKL)
+
** Douglas Bagnall
+
* 20:50 NZ118 (SYD to AKL)
+
** [[User:Paul Warren|Paul Warren]]
+
  
===Departures===
+
== Prerequisites ==
  
Order the entries below by scheduled '''time of departure''' from Auckland. ''Please use 24 hour clock format (hh:mm)'' and ''Auckland time!''
+
If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.
  
==== Friday 16 Jan ====
+
Minimum requirements:
*19:55 JQ283 (AKL to WLG)
+
* a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
** Jim (James) Whittaker
+
* xdot for viewing callgraphs
* 20:30 JQ214 (AKL to MEL)
+
* binwalk and srecord for firmware hacking
** [https://twitter.com/fukawi2 Phillip Smith] (Changing to EK407 on Saturday)
+
  
==== Saturday 17 Jan ====
+
Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples
* 07:00 NZ101 (AKL to SYD)
+
** [mailto:himangi774@gmail.com Himangi Saraogi]
+
* 07:35 JQ202 (AKL to SYD)
+
** Michael Cordover (aka mjec)
+
* 09:00 VA7403 (AKL to SYD)
+
** [[User:Tim Serong|Tim Serong]] ([https://twitter.com/tserong @tserong])
+
* 09:30 NZ135 (AKL to BNE)
+
** [https://twitter.com/bradleymarshall Brad Marshall]
+
* 10:00 NZ721 (AKL to MEL)
+
** Thomas Sprinkmeier
+
* 10:40 NZ4 (AKL to LAX)
+
** [http://alasdairallan.com Alasdair Allan]
+
* 10:50 QF112 (AKL to PER)
+
** [[User:Andrew Buckeridge|Andrew Buckeridge]]
+
* 11:00 QF182 (AKL to SYD)
+
** Mike Carden
+
* 13:00 VA7419 (AKL to SYD)
+
** [mailto:ubermonk@gmail.com Andrew Kirkpatrick]
+
** Mark Jessop (@darksidelemm - then onto ADL on VA436)
+
* 13:00 NZ119 (AKL to SYD) (Possibly same plane as previous)
+
** [[User:Paul Warren|Paul Warren]]
+
* 13:00 NZ439 (AKL to WLG)
+
** Douglas Bagnall
+
** [[User:Ewen McNeill|Ewen McNeill]]
+
* 13:10 VA165 (AKL to OOL)
+
** [[User:Katie Miller|Katie Miller]]
+
* 14:25 VA7445 (AKL to PER)
+
** Byron Jones (glob)
+
* 14:00 QF144 (AKL to SYD)
+
** [mailto:lca@eyal.emu.id.au Eyal Lebedinsky]
+
* 14:30 NZ4995 (AKL to HKG)
+
** Jussi Pakkanen
+
* 14:45 VA7439 (AKL to BNE)
+
** Ryan Stuart (@rstuart85) - have a free entry pass to the Virgin Lounge for anyone else on this flight. Contact me for details.
+
* 15:25 VA7425 (AKL to MEL)
+
** [https://twitter.com/smarthall Daniel Hall]
+
* 18:10 QF8771/EK435 (AKL to BNE)
+
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
+
** Jared Ring
+
* 18:30 EK413 (AKL to SYD)
+
** [[User:Jeremy Visser|Jeremy Visser]]
+
* 18:50 EK407 (AKL to MEL)
+
** Kathy Reid (@kathyreid) and Sue Reid
+
* 20:30 JQ214 (AKL to MEL)
+
** David Bell (@dtbell91)
+
** Matthew Cengia (@mattcen)
+
** Mike Abrahall (@mijofa1)
+
** Josh Mesilane (@zindello)
+
  
==== Sunday 18 Jan ====
+
If you are using a Debian-derived distro, for example:
* 08:15 QF142 (AKL to SYD)
+
** Steve Walsh
+
* 14:25 VA7445 (AKL to PER)
+
** James 'Ender' Brown
+
* 16:00 VA7434 (WLG to BNE)
+
** Clinton Roy
+
* 18:40 VA0729/NZ0729 (AKL to MEL)
+
** Bianca Gibson
+
  
==== Monday 19 Jan ====
+
    sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord
* 14:25 NZ175 (AKL to PER)
+
** [mailto:me@kye.id.au Kye Russell]
+
** Delan Azabani
+
** Brock York
+
** Josh Batchelor
+
** Luke Mercuri
+
** Clayton Johnson
+
** Matthew Pen
+
* 16:20 QF146 (AKL to SYD)
+
** [mailto:kibelan@gmail.com Ben Kelly]
+
  
==== Sunday 25 Jan ====
+
It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)
* 08:20 VA7453 (AKL to ADL)
+
 
** [https://twitter.com/gm_stack Geordie Millar]
+
However, the tutorial examples have only been tested using Debian Wheezy.
* 09:30 VA7435 (AKL to BNE)
+
 
** Michael Wheeler
+
=== Clone & build radare2 ===
 +
 
 +
Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream
 +
 
 +
    git clone http://github.com/pastcompute/radare2
 +
    cd radare2
 +
    git checkout tutorial_branch
 +
    ./configure
 +
    make -j
 +
    sudo make symstall
 +
 
 +
Note, you can install as a normal user if you need to:
 +
 
 +
    ./configure --prefix=$HOME/path/to/wherever
 +
    make -j
 +
    sudo make symstall
 +
    export PATH=$HOME/path/to/wherever:$PATH
 +
 
 +
Clone the examples repository, ready for use during the tutorial
 +
 
 +
    cd
 +
    git clone http://github.com/pastcompute/lca2015-radare2-tutorial
 +
 
 +
I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.
 +
 
 +
==Troubleshooting==
 +
 
 +
The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! [https://twitter.com/pastcompute @pastcompute]

Revision as of 22:35, 10 January 2015

This page describes preparation for Reverse engineering embedded software using Radare2

Outline

We will try and get through all the following:

  • Introduction to Radare2 reverse engineering tool
  • The Radare2 utilities
  • Basics of using the Radare to examine a binary you probably have on your laptop
  • Looking at an arduino binary
  • Introduction to MIPS architecture and disassembly
  • Extracting firmware images

You might like to bring your own binary to play with as well instead!

Important - please make an rc file

Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.

Instructions for Linux/Unix systems:

   echo 'e cfg.fortunes=false' > ~/.radare2rc

Prerequisites

If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.

Minimum requirements:

  • a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
  • xdot for viewing callgraphs
  • binwalk and srecord for firmware hacking

Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples

If you are using a Debian-derived distro, for example:

   sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord

It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)

However, the tutorial examples have only been tested using Debian Wheezy.

Clone & build radare2

Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream

   git clone http://github.com/pastcompute/radare2
   cd radare2
   git checkout tutorial_branch
   ./configure
   make -j
   sudo make symstall

Note, you can install as a normal user if you need to:

   ./configure --prefix=$HOME/path/to/wherever
   make -j
   sudo make symstall
   export PATH=$HOME/path/to/wherever:$PATH

Clone the examples repository, ready for use during the tutorial

   cd
   git clone http://github.com/pastcompute/lca2015-radare2-tutorial

I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.

Troubleshooting

The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! @pastcompute