Difference between pages "Arrivals Departures" and "Tutorials/Reverse engineering embedded software using Radare2"

From LCA2015 Delegate wiki
(Difference between pages)
Jump to: navigation, search
(Saturday 17 Jan)
 
 
Line 1: Line 1:
The intent of this page is to allow conf organisers to know who's expected at the airport when.
+
This page describes preparation for [http://linux.conf.au/schedule/30102/view_talk?day=thursday Reverse engineering embedded software using Radare2]
  
You might also be able to use the info below to connect up with people who are on the same flight as you, arrange taxi shares, and so on, so '''leave some contact info''' in the entries that you create. Remember, there is '''no free transport from the airport''' provided by the conference this year. See [[Getting_to_Auckland#Airport_to_venue_transfers|Airport to venue transfers]] for more information.
+
== Outline ==
  
===Arrivals===
+
We will try and get through all the following:
  
Order the entries below by scheduled '''time of arrival''' in Auckland. ''Please use 24 hour clock format (hh:mm)'' and ''Auckland time!''
+
* Introduction to Radare2 reverse engineering tool
 +
* The Radare2 utilities
 +
* Basics of using the Radare to examine a binary you probably have on your laptop
 +
* Looking at an arduino binary
 +
* Introduction to MIPS architecture and disassembly
 +
* Extracting firmware images
  
==== Tuesday 6 Jan ====
+
You might like to bring your own binary to play with as well instead!
* 07:50 JQ244 (From CHC)
+
** [[User:Andrew Sands|Andrew Sands]]
+
** Lisa Sands
+
* 14:35 QF8770/EK434 (BNE to AKL)
+
** James Iseppi
+
** Lee Symes
+
** Matt Franklin
+
* 23:35 JQ205 (SYD to AKL)
+
** [[User:Arkady Gundroff|Arkady Gundroff]]
+
  
==== Wednesday 7 Jan ====
+
==Important - please make an rc file ==
* Afternoon/Evening Driving from Wellington
+
** [[User:Andrew Ruthven|Andrew Ruthven]], Susanne Ruthven and kids
+
* 22:05 QF147 (from Sydney)
+
** Steve Walsh
+
  
==== Thursday 8 Jan ====
+
Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.
* Afternoon driving
+
** [[User:Nick Bannon|Nick Bannon]]
+
** [[User:John McCabe-Dansted|John McCabe-Dansted]]
+
** [[User:Sarah Allard|Sarah Allard]]
+
* 22:05 QF147 (SYD to AKL)
+
** Hugh Blemings
+
** Rachael Blemings
+
  
==== Friday 9 Jan ====
+
Instructions for Linux/Unix systems:
* 06:30 NZ176 (from Perth)
+
** [mailto:me@kye.id.au Kye Russell]
+
** Delan Azabani
+
** Brock York
+
** Josh Batchelor
+
** Luke Mercuri
+
** Clayton Johnson
+
** Matthew Pen
+
* 14:35 EK5041 (MEL to AKL)
+
** Russell Coker
+
* 16:50 NZ104/VA7404 (SYD to AKL)
+
** [mailto:bod@debian.org Brendan O'Dea]
+
** [mailto:tharding@lgnt.com.au Tobin Harding]
+
* 20:50 VA7445 (SYD to AKL)
+
** James 'Ender' Brown
+
* 22:45 VA7434 / NZ 134 (BNE to AKL)
+
** Clinton Roy
+
** Anthony Towns
+
* 23:00 VA 716  / NZ ??? (SYD to AKL)
+
** [[User:Craige McWhirter|Craige McWhirter]]
+
  
==== Saturday 10 Jan ====
+
    echo 'e cfg.fortunes=false' > ~/.radare2rc
* 00:05 MH-133 (KUL to AKL)
+
** [[User:Raghavendra Prabhu|Raghavendra Prabhu]]
+
* 00:05 QF-149 (SYD to AKL)
+
** [mailto:charlesaymard@gmx.de Daniel Rossbach]
+
* 05:45 NZ3 (LAX to AKL)
+
** [mailto:bdale@gag.com Bdale Garbee]
+
** [mailto:keithp@keithp.com Keith Packard]
+
* 08:00 QF111 (PER to AKL)
+
** [mailto:kibelan@gmail.com Ben Kelly]
+
* 12:55 QF151 (MEL to AKL)
+
** [mailto:jefferyfernandez@gmail.com Jeffery Fernandez]
+
* 14:35 EK434 (BNE to AKL)
+
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
+
* 17:10 JQ213 (MEL to AKL)
+
** [[User:Brett James|Brett James]]
+
* 17:15 NZ124 (MEL to AKL)
+
** [[User:Christopher Neugebauer|Christopher Neugebauer]]
+
* 17:15 VA7424 (MEL to AKL)
+
** [[User:Stuart Young|Stuart Young]]
+
** [[User:Katrina Szetey|Katrina Szetey]]
+
* 17:30 NZ136 (BNE to AKL)
+
** [https://twitter.com/bradleymarshall Brad Marshall]
+
* 18:20 NZ792 (ADL to AKL)
+
** [[User:Daniel Sobey|Daniel Sobey]]
+
* 18:55
+
** [mailto:lca@eyal.emu.id.au Eyal Lebedinsky] (QF181 SYD to AKL)
+
** [[User:Jonathan Woithe|Jonathan Woithe]] (from QF738 departing ADL)
+
* 20:50 VA7418 (PER to AKL)
+
** Byron Jones (glob)
+
* 22:05  QF147 (SYD to AKL)
+
** Jason Lewis (@jasonblewis)
+
* 20:30  HA445 (HNL to AKL from AA883 departing PDX)
+
** [mailto:paulmckrcu@gmail.com Paul E. McKenney]
+
  
==== Sunday 11 Jan ====
+
== Prerequisites ==
* 00:45 VA160 (BNE to AKL)
+
** [https://twitter.com/gm_stack Geordie Millar] (from VA1393 departing ADL)
+
** Michael Wheeler (from VA1712 departing GLT)
+
* 05:45 JQ215 (MEL to AKL)
+
** Michael Cordover (aka mjec)
+
* 06:10 NZ176 (PER to AKL)
+
** [[User:Andrew Cooks|Andrew Cooks]]
+
** [[User:James Henstridge|James Henstridge]]
+
* 07:00 NZ406 (WLG to AKL)
+
** [[User:James Forman|James Forman]]
+
* 07:10 NZ15 (SFO to AKL)
+
** John Dickinson
+
* 08:00 QF111 (PER to AKL)
+
** [[User:Andrew Buckeridge|Andrew Buckeridge]]
+
** [mailto:russells@adelie.cx Russell Steicke]
+
* 08:00 NZ 5 (LAX to AKL)
+
** [http://alasdairallan.com Alasdair Allan] ([http://twitter.com/aallan @aallan])
+
* 09:40 JQ274 (WLG to AKL)
+
** [[User: Kurt Lenfesty|Kurt Lenfesty]]
+
* 09:50 NZ 80 (HKG to AKL)
+
** [[User:Roan Kattouw|Roan Kattouw]]
+
* 10:10 NZ508 (CHC to AKL)
+
** [[User:Leroy Hopson|Leroy Hopson]]
+
* 13:05 NZ4994 (HKG to AKL)
+
** Jussi Pakkanen (from LH730 departing MUC)
+
* 13:05 MH105 (KUL to AKL)
+
** Divya M N
+
* 13:45 QF8762 (also EK406) (MEL to AKL)
+
** George Patterson
+
** Kevin Collas-Arundell (@kcollasarundell|tacticus)
+
* 13:50 NZ0526 (CHCH to AKL)
+
** Peter Glassenbury
+
** Steven Sykes
+
* 14:00 EK0412/QF8764 (SYD to AKL)
+
** [mailto:diego@biurrun.de Diego Biurrun]
+
** [mailto:danbryan@gmail.com Daniel Bryan]
+
** [mailto:lca2015@quasarnet.org Aeriana]
+
* 14:15 NZ454 (WLG to AKL)
+
** [[User:Jeremy Visser|Jeremy Visser]]
+
** [[User:Ewen McNeill|Ewen McNeill]]
+
* 14:25 VA7422/NZ722 (MEL to AKL)
+
** [mailto:jon@oxer.com.au Jonathan Oxer]
+
** [mailto:lca-david@tulloh.id.au David Tulloh]
+
* 14:35 QF8770/EK434 (BNE to AKL)
+
** Jared Ring
+
* 14:50 NZ102 (SYD to AKL)
+
** [mailto:himangi774@gmail.com Himangi Saraogi]
+
* 14:50 VA934 (OOL to AKL)
+
** [[User:Katie Miller|Katie Miller]]
+
* 14:55 QF143 (SYD to AKL)
+
** [mailto:mike.carden@gmail.com Mike Carden]
+
** [mailto:remi@remlab.net Rémi Denis-Courmont] (from QF2 departing LHR via DXB)
+
** [mailto:seven@me.com Sam Desmond]
+
* 15:10 QF123 (BNE to AKL)
+
** [[User:Mark Ellem|Mark Ellem]]
+
** [[User:Stefan Goetz|Stefan Götz]]
+
* 15:25 VA148 (MEL to AKL)
+
** [https://twitter.com/fukawi2 Phillip Smith]
+
** [https://twitter.com/smarthall Daniel Hall]
+
** [[User:Tim Serong|Tim Serong]] ([https://twitter.com/tserong @tserong])
+
** [[User:Stewart_Smith|Stewart Smith]] ([https://twitter.com/stewartsmith @stewartsmith])
+
** [[User:Mark_Atwood|Mark Atwodo]] ([https://twitter.com/fallenpegasus @fallenpegasus])
+
** [[User:Jack_Scott|Jack Scott]] ([https://twitter.com/JackScottAU @JackScottAU])
+
* 15:30 VA144 (SYD to AKL)
+
** Glen Chatfield
+
* 16:05 QF145 (SYD - AKL)
+
** Aaron Theodore - [https://twitter.com/batau @batau]
+
* 16:50 NZ104 (SYD to AKL)
+
** Cooper Lees - [https://twitter.com/cooperlees @cooperlees]
+
** Patrick Shuff
+
* 17:15 NZ124/VA7424 (MEL to AKL)
+
** Mark Jessop (@darksidelemm - from VA206 departing ADL)
+
** maia sauren (@sauramaia)
+
* 17:30 JQ213 (MEL to AKL)
+
** David Bell (@dtbell91)
+
** Matthew Cengia (@mattcen)
+
** Mike Abrahall (@mijofa1)
+
** [mailto:scott.nato@gmail.com Nathan Scott]
+
** Josh Mesilane (@zindello)
+
** David Rowe
+
* 17:30 VA7436 (BNE to AKL)
+
** Ryan Stuart (@rstuart85) - have a free entry pass to the Virgin Lounge for anyone else on this flight. Contact me for details.
+
** Sven Dowideit (@SvenDowideit) - I'm in an AirBnB apartment near the venue, and was planning on taking the hour long AirBus
+
** Luke Hovington (@lhovo)
+
* 17:50 VA7430 (SYD to AKL)
+
** Mark Walkom (@warkolm)
+
* 18:20 VA7452/NZ972 (ADL to AKL)
+
** [mailto:ubermonk@gmail.com Andrew Kirkpatrick]
+
** Thomas Sprinkmeier
+
* 19:25 JQ260 (WLG to AKL)
+
** Jim (James) Whittaker
+
* 20:30 NZ476 (WLG to AKL)
+
** Douglas Bagnall
+
* 20:50 NZ118 (SYD to AKL)
+
** [[User:Paul Warren|Paul Warren]]
+
* 22:05 QF147 (SYD to AKL)
+
** John Dalton ([https://twitter.com/johndalton @johndalton])
+
* 22:45 VA7434 (BNE to AKL)
+
** [mailto:tony.artemenko@gmail.com Anton Artemenko]
+
* 23:35 JQ205 (SYD to AKL)
+
** Alastair D'Silva ([https://twitter.com/evildeece @evildeece] [mailto:alastair@d-silva.org Alastair D'Silva])
+
  
==== Monday 12 Jan ====
+
If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.
  
* 14:35 EK434 (BNE to AKL)
+
Minimum requirements:
** [[User:Fraser Tweedale|Fraser Tweedale]]
+
* a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
 +
* xdot for viewing callgraphs
 +
* binwalk and srecord for firmware hacking
  
==== Tuesday 13 Jan ====
+
Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples
  
* 05:55 NZ007 (SFO to AKL)
+
If you are using a Debian-derived distro, for example:
** [[User:Tom Clark|Tom Clark]]
+
  
===Departures===
+
    sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord
  
Order the entries below by scheduled '''time of departure''' from Auckland. ''Please use 24 hour clock format (hh:mm)'' and ''Auckland time!''
+
It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)
  
==== Friday 16 Jan ====
+
However, the tutorial examples have only been tested using Debian Wheezy.
*19:55 JQ283 (AKL to WLG)
+
** Jim (James) Whittaker
+
*20:00 NZ84 (AKL to YVR)
+
** [mailto:olivier@bottomlesspit.org Olivier Bilodeau]
+
* 20:45 CI54 (AKL to BNE)
+
** [[User:Fraser Tweedale|Fraser Tweedale]]
+
  
==== Saturday 17 Jan ====
+
=== Clone & build radare2 ===
* Morning sometime - Driving to Wellington
+
** [[User:Andrew Ruthven|Andrew Ruthven]], Susanne Ruthven and kids
+
* 06:45 QF124 (AKL to BNE)
+
** [mailto:tony.artemenko@gmail.com Anton Artemenko]
+
* 06:55 QF152 (AKL to MEL)
+
** John Dalton ([https://twitter.com/johndalton @johndalton])
+
* 07:00 NZ101 (AKL to SYD)
+
** [mailto:himangi774@gmail.com Himangi Saraogi]
+
* 07:00 VA7401 (SYD to AKL)
+
** Mark Walkom (@warkolm)
+
* 07:15 JQ212 (AKL to MEL)
+
** [mailto:scott.nato@gmail.com Nathan Scott]
+
* 07:35 JQ202 (AKL to SYD)
+
** Michael Cordover (aka mjec)
+
* 08:00 VA143 (AKL to SYD)
+
** Glen Chatfield
+
* 8:15 QF142 (AKL - SYD)
+
** Aaron Theodore - [https://twitter.com/batau @batau]
+
* 09:00 VA7403 (AKL to SYD)
+
** [[User:Tim Serong|Tim Serong]] ([https://twitter.com/tserong @tserong])
+
* 09:30 NZ135 (AKL to BNE)
+
** [https://twitter.com/bradleymarshall Brad Marshall]
+
* 10:00 NZ721 (AKL to MEL)
+
** Thomas Sprinkmeier
+
* 10:10 NZ515 (AKL to CHC)
+
** [mailto:paulmckrcu@gmail.com Paul E. McKenney]
+
* 10:50 QF112 (AKL to PER)
+
** [[User:Andrew Buckeridge|Andrew Buckeridge]]
+
* 11:00 QF182 (AKL to SYD)
+
** Mike Carden
+
* 11:00 NZ119 (AKL to SYD)
+
** [mailto:bod@debian.org Brendan O'Dea]
+
* 12:00 NZ429 (AKL to WLG)
+
** [[User:James Forman|James Forman]]
+
* 13:00 VA7419 and NZ119 (AKL to SYD)
+
** [mailto:ubermonk@gmail.com Andrew Kirkpatrick]
+
** Mark Jessop (@darksidelemm - then onto ADL on VA436)
+
** [[User:Paul Warren|Paul Warren]]
+
** [[User:Tobin Harding|Tobin Harding]]
+
* 13:00 NZ439 (AKL to WLG)
+
** Douglas Bagnall
+
** [[User:Ewen McNeill|Ewen McNeill]]
+
** [[User:Roan Kattouw|Roan Kattouw]]
+
* 13:10 VA165 (AKL to OOL)
+
** [[User:Katie Miller|Katie Miller]]
+
* 14:00
+
** [mailto:lca@eyal.emu.id.au Eyal Lebedinsky] QF144 (AKL to SYD)
+
** [[User:Jonathan Woithe|Jonathan Woithe]] (then on QF743 to ADL)
+
** [mailto:diego@biurrun.de Diego Biurrun]
+
* 14:25 NZ175 and VA7445 (AKL to PER)
+
** Byron Jones (glob)
+
** [[User:James Henstridge|James Henstridge]]
+
* 14:30 NZ4995 (AKL to HKG)
+
** Jussi Pakkanen
+
* 14:45 VA7439 (AKL to BNE)
+
** Ryan Stuart (@rstuart85) - have a free entry pass to the Virgin Lounge for anyone else on this flight. Contact me for details.
+
** Sven Dowideit (@SvenDowideit) - /me waves at Ryan and yells `twins!`
+
* 15:25 VA7425 (AKL to MEL)
+
** [https://twitter.com/smarthall Daniel Hall]
+
* 17:00 QF154 (AKL to MEL)
+
** [mailto:jon@oxer.com.au Jonathan Oxer]
+
* 18:10 QF8771/EK435 (AKL to BNE)
+
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
+
** [[User:Mark Ellem|Mark Ellem]]
+
** Jared Ring
+
** Lee Symes
+
** Matt Franklin
+
* 18:30 EK413/QF8763 (AKL to SYD)
+
** [[User:Jeremy Visser|Jeremy Visser]]
+
** Alastair D'Silva ([https://twitter.com/evildeece @evildeece] [mailto:alastair@d-silva.org Alastair D'Silva])
+
** [mailto:lca2015@quasarnet.org Aeriana]
+
* 18:50 EK407 (AKL to MEL)
+
** Kathy Reid (@kathyreid) and Sue Reid
+
** [https://twitter.com/fukawi2 Phillip Smith]
+
* 20:30 JQ214 (AKL to MEL)
+
** David Bell (@dtbell91)
+
** Matthew Cengia (@mattcen)
+
** Mike Abrahall (@mijofa1)
+
** Josh Mesilane (@zindello)
+
* 20:30 NZ4 (AKL to LAX)
+
** [http://alasdairallan.com Alasdair Allan] ([http://twitter.com/aallan @aallan])
+
* 22:45 NZ2 (AKL to LAX)
+
** [mailto:bdale@gag.com Bdale Garbee]
+
** [mailto:keithp@keithp.com Keith Packard]
+
  
==== Sunday 18 Jan ====
+
Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream
* 07:00 VA153 (AKL to BNE)
+
** Anthony Towns
+
* 08:15 QF142 (AKL to SYD)
+
** Steve Walsh
+
* 08:20 NZ123 (AKL to MEL)
+
** [[User:Stewart_Smith|Stewart Smith]]
+
* 10:50 QF112 (AKL to PER)
+
** [[User:Nick Bannon|Nick Bannon]]
+
** [[User:John McCabe-Dansted|John McCabe-Dansted]]
+
** [[User:Sarah Allard|Sarah Allard]]
+
* 14:25 VA7445 / NZ175 (AKL to PER)
+
** James 'Ender' Brown
+
** [[User:Andrew Cooks|Andrew Cooks]]
+
* 14:30 MH-130 (AKL to KUL)
+
** [[User:Raghavendra Prabhu|Raghavendra Prabhu]]
+
* 16:00 VA7434 (WLG to BNE)
+
** Clinton Roy
+
* 18:10 QF8771/EK435 (AKL to BNE)
+
** James Iseppi
+
* 18:30 QF8763 (AKL to SYD)
+
** [mailto:danbryan@gmail.com Daniel Bryan]
+
* 18:40 VA0729/NZ0729 (AKL to MEL)
+
** Bianca Gibson
+
  
==== Monday 19 Jan ====
+
    git clone http://github.com/pastcompute/radare2
* 14:25 NZ175 (AKL to PER)
+
    cd radare2
** [mailto:me@kye.id.au Kye Russell]
+
    git checkout tutorial_branch
** Delan Azabani
+
    ./configure
** Brock York
+
    make -j
** Josh Batchelor
+
    sudo make symstall
** Luke Mercuri
+
** Clayton Johnson
+
** Matthew Pen
+
* 16:20 QF146 (AKL to SYD)
+
** [mailto:kibelan@gmail.com Ben Kelly]
+
* 18:40 NZ729 (ALK to MEL)
+
** [mailto:lca-david@tulloh.id.au David Tulloh]
+
  
==== Tuesday 20 Jan ====
+
Note, you can install as a normal user if you need to:
* 08:15 QF142 (AKL to SYD)
+
** Hugh Blemings
+
** Rachael Blemings
+
  
==== Wednesday 21 Jan ====
+
    ./configure --prefix=$HOME/path/to/wherever
 +
    make -j
 +
    sudo make symstall
 +
    export PATH=$HOME/path/to/wherever:$PATH
  
* 14:00 QF144 (AKL to SYD)
+
Clone the examples repository, ready for use during the tutorial
** Jason Lewis
+
* 16:05 VA7405 (AKL to SYD)
+
** Luke Hovington (@lhovo)
+
  
==== Sunday 25 Jan ====
+
    cd
* 08:20 VA7453 (AKL to ADL)
+
    git clone http://github.com/pastcompute/lca2015-radare2-tutorial
** [https://twitter.com/gm_stack Geordie Millar]
+
 
* 09:30 VA7435 (AKL to BNE)
+
I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.
** Michael Wheeler
+
 
* 14:00 QF144 (AKL to SYD)
+
==Troubleshooting==
** [mailto:remi@remlab.net Rémi Denis-Courmont]
+
 
 +
The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! [https://twitter.com/pastcompute @pastcompute]

Revision as of 22:35, 10 January 2015

This page describes preparation for Reverse engineering embedded software using Radare2

Outline

We will try and get through all the following:

  • Introduction to Radare2 reverse engineering tool
  • The Radare2 utilities
  • Basics of using the Radare to examine a binary you probably have on your laptop
  • Looking at an arduino binary
  • Introduction to MIPS architecture and disassembly
  • Extracting firmware images

You might like to bring your own binary to play with as well instead!

Important - please make an rc file

Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.

Instructions for Linux/Unix systems:

   echo 'e cfg.fortunes=false' > ~/.radare2rc

Prerequisites

If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.

Minimum requirements:

  • a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
  • xdot for viewing callgraphs
  • binwalk and srecord for firmware hacking

Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples

If you are using a Debian-derived distro, for example:

   sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord

It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)

However, the tutorial examples have only been tested using Debian Wheezy.

Clone & build radare2

Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream

   git clone http://github.com/pastcompute/radare2
   cd radare2
   git checkout tutorial_branch
   ./configure
   make -j
   sudo make symstall

Note, you can install as a normal user if you need to:

   ./configure --prefix=$HOME/path/to/wherever
   make -j
   sudo make symstall
   export PATH=$HOME/path/to/wherever:$PATH

Clone the examples repository, ready for use during the tutorial

   cd
   git clone http://github.com/pastcompute/lca2015-radare2-tutorial

I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.

Troubleshooting

The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! @pastcompute