Difference between pages "Transport" and "Tutorials/Reverse engineering embedded software using Radare2"

From LCA2015 Delegate wiki
(Difference between pages)
Jump to: navigation, search
(add 2 cycleways + link to bikeman rickshaws)
 
 
Line 1: Line 1:
{{Trail|About|Auckland}}
+
This page describes preparation for [http://linux.conf.au/schedule/30102/view_talk?day=thursday Reverse engineering embedded software using Radare2]
Auckland's public transport system is mostly organised by [https://at.govt.nz Auckland Transport], which has a unified ticketing system called the [https://at.govt.nz/bus-train-ferry/at-hop-card AT HOP card].
+
  
== AT HOP Card ==
+
== Outline ==
* A reusable prepay smart card for travel on trains, ferries and buses around Auckland.
+
* Save money on fares - at least 20% discount off adult single trip cash fares (excludes NiteRider and Airbus Express bus services and Waiheke ferry services).
+
* Free City LINK buses - AT HOP cards travel free on red City LINK buses as long as you have a positive or zero balance, otherwise you need to pay the cash fare.
+
* Load a concession for discounted fares
+
* Eligible registered AT HOP users can enjoy [https://at.govt.nz/bus-train-ferry/at-hop-card/at-hop-wifi free WiFi] at train stations and selected bus stations and ferry terminals across Auckland (1 GB per day).
+
  
=== Costs ===
+
We will try and get through all the following:
* New card: 10 NZD (5 NZD for the card, 5 NZD minimum top-up.
+
* Minimum top-up: 5 NZD
+
  
=== Using AT HOP ===
+
* Introduction to Radare2 reverse engineering tool
* AT HOP requires you "tag on" when you board, then "tag off" when you leave.
+
* The Radare2 utilities
* Failing to "tag off" incurs a penalty.
+
* Basics of using the Radare to examine a binary you probably have on your laptop
* If you have a negative balance, you cannot "tag on"
+
* Looking at an arduino binary
 +
* Introduction to MIPS architecture and disassembly
 +
* Extracting firmware images
  
=== Adding credit ===
+
You might like to bring your own binary to play with as well instead!
* [https://at.govt.nz/myat/ Online]
+
* At train stations and the northern busway
+
* At ferry ticket offices
+
* [https://at.govt.nz/bus-train-ferry/at-hop/at-hop-help/ AT Customer Service Centres]
+
* [https://at.govt.nz/bus-train-ferry/at-hop/get-a-card/find-a-retailer-or-buy-a-card-online/ AT HOP retailers]
+
  
== By bus ==
+
==Important - please make an rc file ==
=== Central city buses ===
+
The [https://at.govt.nz/bus-train-ferry/bus-services/link-bus-service/ LINK buses] loop around the city anti-clockwise.  There are three routes all at a reasonable price:
+
* City LINK - Red, $0.50, every 7-10 minutes.  This goes up and down Queen St.
+
* Inner LINK - Green, $2, every 10-15 minutes.  This goes around the CBD (Central Business Area) and out to New Market.
+
* Outer LINK - Orange, $2 to $4, every 15 minutes.  This goes up and down Queen St.
+
=== Buses going further ===
+
There are many other buses that go out to the suburbs, see the [https://at.govt.nz/bus-train-ferry/ Auckland Transport (AT) website] for more details. They have an online [https://at.govt.nz/bus-train-ferry/journey-planner journey planner] to calculate which bus services you need to catch, from where, to get to your destination.
+
  
'''Tip:''' Google maps directions work well with the Auckland Transport system.
+
Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.
Additional Tip: Never trust google maps for transit!
+
  
== By train ==
+
Instructions for Linux/Unix systems:
Cash payments are no longer processed on board the train, so you will have to purchase your ticket before you get on a train. See the [https://at.govt.nz/bus-train-ferry/train-services Auckland Transport (AT) website] for more details. The nearest train station to the LCA venue is Britmart, which is 1.348kms away, or 20 mins walk from the OGGB, located at the bottom of Queen Street.
+
== By ferry ==
+
There are several ferry operators available in Auckland, and you will need to locate the appropriate ticketing office for the service you wish to use. See the [https://at.govt.nz/bus-train-ferry/ferry-services Auckland Transport (AT) website] for more details. The nearest ferry terminal to the LCA venue is 1.6km away, or 23 mins walk from the OGGB, located at the bottom of Queen Street, beyond Britomart, and out onto Quay Street.
+
== By taxi ==
+
There are many taxi companies available in Auckland, and you can hail a cab right off the street, walk to your nearest taxi rank, or call and book a cab by telephone. Some taxi companies allow you to book online, some have smartphone apps, and there are independent apps as well, that aren't tied to any particular taxi company. Then there's [[wikipedia:Uber_(company)|Uber]], which also has a presence in Auckland.
+
  
CCTV cameras have become compulsory in taxi cabs throughout NZ since 1 August 2011, so expect to be under surveillance at all times in your cab.
+
    echo 'e cfg.fortunes=false' > ~/.radare2rc
{| class="wikitable sortable"
+
!Name!!Phone!!Yelp<ref group="n">Crowdsourced user reviews and recommendations at [https://yelp.co.nz Yelp.co.nz]</ref>!!Flagfall!!Day||Night<ref group="t">Please note that night tariffs are generally more expensive than day rates, due to the additional risk to drivers.</ref>!!EFT<ref group="n">Shows whether ''All'', ''Some'', or ''None'' of the company's taxis have EFT-POS available within the cabs.</ref>||OGGB → MOTAT<ref group="n">A rough estimate was requested by [[User:Augur_.|<font color="#703931">'''ᏜᏠᎶᏠᏑ'''</font>]] via telephone on 31-Dec, for the Penguin Dinner on Wednesday 14<sup>th</sup> Jan at 6pm, one-way, for 2 passengers.</ref>
+
|-
+
|[http://www.cooptaxi.co.nz Auckland Co-op Taxis]||300 3000||<span style="display:none;">2.5</span><span class="plainlinks">{{fs}}{{fs}}{{hs}}{{es}}{{es}} [http://www.yelp.co.nz/biz/auckland-cooperative-taxi-society-auckland (3 Reviews)]</span>||$3.00||$2.60<ref group="t">'''Auckland Co-op Taxis Tariff 1:''' 5am - 7pm Mon-Fri</ref><ref group="t">'''Auckland Co-op Taxis Tariff 2:''' Special rate for cardholder / members only</ref>||$2.75<ref group="t">'''Auckland Co-op Taxis Tariff 3:''' 7pm - 5am Mon-Sun</ref>||All||$22.00
+
|-
+
|[http://www.corporatecabs.co.nz Corporate Cabs]||377 0773||<span style="display:none;">0</span><span class="plainlinks">{{es}}{{es}}{{es}}{{es}}{{es}} [http://www.yelp.co.nz/biz/corporate-cabs-auckland (0 Reviews)]</span>||$6.00||$2.83<ref group="t">'''Corporate Cabs Tariff 1:''' 5am - 7pm Mon-Fri</ref>||$3.01<ref group="t">'''Corporate Cabs Tariff 2:''' All other times</ref>||All||$35.00-$40.00
+
|-
+
|[http://www.vipcabs.co.nz VIP Cabs Limited]||377 5050||<span style="display:none;"></span><span class="plainlinks">{{es}}{{es}}{{es}}{{es}}{{es}} [http://www.yelp.co.nz (0 Reviews)]</span>||$3.00||$3.10<ref group="t">'''VIP Cabs Limited Single Tariff:''' No extra charge for after-hours travel</ref>|| ||Some||$19.00
+
|-
+
|[http://www.dialacab.co.nz Dial A Cab Limited]||355 3000||<span style="display:none;">0</span><span class="plainlinks">{{es}}{{es}}{{es}}{{es}}{{es}} [http://www.yelp.co.nz/biz/dial-a-cab-auckland (0 Reviews)]</span>||$3.00||$2.99<ref group="t">'''Dial A Cab Limited Single Tariff:''' No extra charge for after-hours travel</ref>|| || ||$20.00
+
|-
+
|[http://www.greencabs.co.nz Green Cabs Limited]||0508 447 336||<span style="display:none;">4.5</span><span class="plainlinks">{{fs}}{{fs}}{{fs}}{{fs}}{{hs}} [http://www.yelp.co.nz/biz/green-cabs-auckland (2 Reviews)]</span>||$3.00||$2.65<ref group="t">'''Green Cabs Limited Tariff 1:''' 5am - 7pm Mon-Fri</ref>||$2.80<ref group="t">'''Green Cabs Limited Tariff 2:''' 7pm - 5am Mon-Sun</ref>||All||$25.00
+
|-
+
|[http://www.aucklandtaxiservice.co.nz ATS Auckland Taxi Service]||845 4666||<span style="display:none;"></span><span class="plainlinks">{{es}}{{es}}{{es}}{{es}}{{es}} [http://www.yelp.co.nz (0 Reviews)]</span>||$2.99||$3.10<ref group="t">'''ATS Auckland Taxi Service Single Tariff:''' No extra charge for after-hours travel</ref>|| ||All||$35.00-$40.00
+
|}
+
{| class="mw-collapsible mw-collapsed wikitable"
+
!Table information
+
|-
+
|
+
=== Notes ===
+
<references group="n" />
+
  
=== Tariffs and Times ===
+
== Prerequisites ==
<references group="t" />
+
|}
+
  
== By bicycle ==
+
If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.
lanes, tracks, repairs, racks
+
  
There are a number of bike tracks around and near the city, and the Grafton Gully Cycleway runs next door to the venue and the Beach Road cycleway is nearby too. Please take care cycling around the city, and obey the road rules *including* traffic lights. We have had a number of fatalities when cyclists have run red lights and ended up under trucks.
+
Minimum requirements:
 +
* a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
 +
* xdot for viewing callgraphs
 +
* binwalk and srecord for firmware hacking
  
You can take your bike, subject to space available, on the ferries across to the North Shore or one of the islands, for no extra cost, but you cannot take a bike (unless it collapses very small) on a regular bus.
+
Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples
  
* [https://at.govt.nz/cycling-walking/auckland-cycle-run-walkway-maps/grafton-gully-cycleway/ Grafton Gully Cycleway]
+
If you are using a Debian-derived distro, for example:
* [https://at.govt.nz/cycling-walking/auckland-cycle-run-walkway-maps/beach-road-cycleway/ Beach Road Cycleway]
+
  
 +
    sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord
  
== By alternate means ==
+
It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)
booking, timetables, fares
+
* BikeMan Rickshaws: [http://www.bikeman.co.nz/ Web] + [https://www.facebook.com/bikeman.man Facebook]
+
  
== By car ==
+
However, the tutorial examples have only been tested using Debian Wheezy.
car rental, petrol stations, parking, road rules, safety
+
=== Parking at venue ===
+
The building we are using at the University of Auckland (OGGB) has a 5 level 1000 park carpark in the basement. General [https://www.auckland.ac.nz/en/about/the-university/how-university-works/campuses-locations-transport/campus-parking-options.html parking rates] apply.
+
  
 +
=== Clone & build radare2 ===
  
However there is basically no "all week" parking for those driving in from out of town for the whole conference and wanting to leave their car somewhere for the whole week of the conference.  The limited "student parking" that the residences have is all taken by summer students already (confirmed by University of Auckland accommodation team 2014-11-17).  All the surrounding streets are time limited parking at least during the day.  There is no known "rent for just one week, at a week rate" parking buildings/locations nearby.
+
Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream
  
If you are planning on driving from out of town your best option is probably to park in one of the outer suburbs (outside all the parking restrictions) at the start of the week, then take public transport back into the centre (for the university). Possibly near where a friend, or extended family member lives, so they can check on your car periodically; if you don't know anyone in Auckland maybe you can make a friend on the LCA2015 chat list? :-)
+
    git clone http://github.com/pastcompute/radare2
 +
    cd radare2
 +
    git checkout tutorial_branch
 +
    ./configure
 +
    make -j
 +
    sudo make symstall
 +
 
 +
Note, you can install as a normal user if you need to:
 +
 
 +
    ./configure --prefix=$HOME/path/to/wherever
 +
    make -j
 +
    sudo make symstall
 +
    export PATH=$HOME/path/to/wherever:$PATH
 +
 
 +
Clone the examples repository, ready for use during the tutorial
 +
 
 +
    cd
 +
    git clone http://github.com/pastcompute/lca2015-radare2-tutorial
 +
 
 +
I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.
 +
 
 +
==Troubleshooting==
 +
 
 +
The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! [https://twitter.com/pastcompute @pastcompute]

Revision as of 22:35, 10 January 2015

This page describes preparation for Reverse engineering embedded software using Radare2

Outline

We will try and get through all the following:

  • Introduction to Radare2 reverse engineering tool
  • The Radare2 utilities
  • Basics of using the Radare to examine a binary you probably have on your laptop
  • Looking at an arduino binary
  • Introduction to MIPS architecture and disassembly
  • Extracting firmware images

You might like to bring your own binary to play with as well instead!

Important - please make an rc file

Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.

Instructions for Linux/Unix systems:

   echo 'e cfg.fortunes=false' > ~/.radare2rc

Prerequisites

If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.

Minimum requirements:

  • a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
  • xdot for viewing callgraphs
  • binwalk and srecord for firmware hacking

Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples

If you are using a Debian-derived distro, for example:

   sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord

It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)

However, the tutorial examples have only been tested using Debian Wheezy.

Clone & build radare2

Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream

   git clone http://github.com/pastcompute/radare2
   cd radare2
   git checkout tutorial_branch
   ./configure
   make -j
   sudo make symstall

Note, you can install as a normal user if you need to:

   ./configure --prefix=$HOME/path/to/wherever
   make -j
   sudo make symstall
   export PATH=$HOME/path/to/wherever:$PATH

Clone the examples repository, ready for use during the tutorial

   cd
   git clone http://github.com/pastcompute/lca2015-radare2-tutorial

I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.

Troubleshooting

The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! @pastcompute