Difference between pages "Phone and mobile data" and "Tutorials/Reverse engineering embedded software using Radare2"

From LCA2015 Delegate wiki
(Difference between pages)
Jump to: navigation, search
(Frequencies and coverage expansioon)
 
 
Line 1: Line 1:
{{Trail|About|Auckland}}
+
This page describes preparation for [http://linux.conf.au/schedule/30102/view_talk?day=thursday Reverse engineering embedded software using Radare2]
There are 3 major mobile network operators in New Zealand:<br/>
+
*Spark (was Telecom/XT) http://www.spark.co.nz/<br/>
+
*Vodafone http://www.vodafone.co.nz/<br/>
+
*2 degrees http://www.2degreesmobile.co.nz/<br/>
+
*Virtual network operator Skinny https://www.skinny.co.nz/<br/>
+
  
All offer pre-paid SIM cards which can be easily obtained and require no paperwork or registration (you can pick one up in the airport just after you get through customs).
+
== Outline ==
  
All operators now offer 4G in limited areas, which should cover most of Auckland CBD.  The 4G frequencies are the ones used in most Asia-Pacific countries, and '''different''' to the AWS bands used in North America.
+
We will try and get through all the following:
  
----
+
* Introduction to Radare2 reverse engineering tool
 +
* The Radare2 utilities
 +
* Basics of using the Radare to examine a binary you probably have on your laptop
 +
* Looking at an arduino binary
 +
* Introduction to MIPS architecture and disassembly
 +
* Extracting firmware images
  
== 2Degrees ==
+
You might like to bring your own binary to play with as well instead!
  
* No store in Airport -- free SIM cards are available on the Airbus
+
==Important - please make an rc file ==
* SIM sizes: SIM+MicroSIM, and NanoSIM.
+
* GSM (2G) 900 / 1800
+
* UMTS (3G) 900 / 2100
+
* LTE (4G) Band 3 (1800MHz) and 28 (700MHz) in cities only.
+
* Has a small network of their own in cities that roams to Vodafone (at no cost)
+
  
Prepaid:
+
Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.
  
* [http://www.2degreesmobile.co.nz/prepay/pricing/plus/value-packs/carryover-combo 19 NZD: Carryover]
+
Instructions for Linux/Unix systems:
** 100 minutes of calls to phones in NZ and AU
+
** Unlimited SMS to phones in NZ and AU
+
** 500MB data
+
** 30 day expiry
+
  
* [http://www.2degreesmobile.co.nz/mobile-data/zone-data-packs NZ$99 for 12GB ]
+
    echo 'e cfg.fortunes=false' > ~/.radare2rc
  
Activating the SIM:
+
== Prerequisites ==
  
* Insert the SIM in the phone
+
If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.
* Make sure the correct network is selected
+
* Call 200
+
* You will be prompted to add a PIN to manage your account.
+
* First do a top-up (1).  Minimum amount is 20 NZD, can be done by credit card over phone or purchase a topup with cash at a store.
+
* You probably don't want to have them save your credit card details, otherwise the combo pack will automatically renew when you leave.
+
* You get a text message confirming it.
+
* Add a combo pack or data pack
+
* You get a text message confirming it.
+
  
Note: Their IVR doesn't update with your current balance while you're still on the line -- the balance is from when you started the call.  So you top up your account, and then you get told that you have "0 Dollars"...
+
Minimum requirements:
 +
* a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
 +
* xdot for viewing callgraphs
 +
* binwalk and srecord for firmware hacking
  
Other note: They also have a captive portal that allows you to sign up.  However, this website is not mobile-friendly. Additionally, on Android, if you rotate the phone you have to start again, and the zoom function is disabled/stuck.  Do it over the phone instead.
+
Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples
  
== Skinny ==
+
If you are using a Debian-derived distro, for example:
  
* Virtual Mobile Network Operator that runs from the Spark network.
+
    sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord
* GSM NOT AVAILABLE
+
* UMTS (3G) 850 / 2100
+
  
'''Note''' Skinny also does a competitive package, with $4 for a sim that comes loaded with calling time (within ANZ), texts and mobile data.
+
It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)
  
== Spark (Telecom / XT) ==
+
However, the tutorial examples have only been tested using Debian Wheezy.
  
* Store in the international terminal, in the arrivals area.  Marked as "Telecom" in Airport maps.
+
=== Clone & build radare2 ===
* GSM NOT AVAILABLE
+
* UMTS (3G) 850 / 2100
+
* LTE (4G) Band 3 (1800MHz) in cities and major rural areas, Band 7 (2600MHz) in Central Auckland and Band 28 (700MHz) in major rural areas (not cities)
+
  
Prepaid:
+
Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream
  
'''Note''' Spark Travellers SIM for $49 is similar to the Vodafone offering.
+
    git clone http://github.com/pastcompute/radare2
 +
    cd radare2
 +
    git checkout tutorial_branch
 +
    ./configure
 +
    make -j
 +
    sudo make symstall
  
'''Note''' Spark (Telecom NZ/XT) does have 1GB data on WiFi per day across NZ starting at $29
+
Note, you can install as a normal user if you need to:
  
'''Note''' Spark / Skinny share the same broadcast frequencies and have '''NO''' 2G Network
+
    ./configure --prefix=$HOME/path/to/wherever
 +
    make -j
 +
    sudo make symstall
 +
    export PATH=$HOME/path/to/wherever:$PATH
  
 +
Clone the examples repository, ready for use during the tutorial
  
== Vodafone ==
+
    cd
 +
    git clone http://github.com/pastcompute/lca2015-radare2-tutorial
  
* Store in the international terminal, in the arrivals area.
+
I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.
* GSM (2G) 900 / 1800
+
* UMTS (3G) 900 / 2100
+
* LTE (4G) Band 3 (1800MHz) and 28 (700MHz) in cities only.
+
  
Prepaid:
+
==Troubleshooting==
  
'''Note''' Vodafone Travellers SIM for $49 with 2GB Data, and for a lot of our attendees from outside of ANZ it will probably include minutes to call home. Check your countries Vodafone website
+
The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! [https://twitter.com/pastcompute @pastcompute]
 
+
 
+
== Roaming with an Australian Telco ==
+
 
+
* Optus post-paid mobiles allegedly have a $10/day travel pack option which can be activated online, giving unlimited talk and SMS plus 50MB data/day.  This is markedly (exponentially?) cheaper than the standard roaming rate.  See http://www.optus.com.au/shop/mobilephones/international-roaming/postpaid#add-roaming for details, or http://www.optus.com.au/shop/mobilephones/international-roaming/data-roaming#add-roaming if you only want data and don't care about talk/SMS.
+
* Telstra has something similar - see https://www.telstra.com.au/mobile-phones/international-roaming#intravelpass.
+
* So does Vodafone: http://www.vodafone.com.au/personal/international-roaming
+
* Don't accidentally use roaming data without getting some sort of travel pack active first.  You will almost certainly regret it.
+
* Picking up a New Zealand SIM will probably still work out cheaper than roaming travel packs, especially if you only really care about data.
+

Revision as of 22:35, 10 January 2015

This page describes preparation for Reverse engineering embedded software using Radare2

Outline

We will try and get through all the following:

  • Introduction to Radare2 reverse engineering tool
  • The Radare2 utilities
  • Basics of using the Radare to examine a binary you probably have on your laptop
  • Looking at an arduino binary
  • Introduction to MIPS architecture and disassembly
  • Extracting firmware images

You might like to bring your own binary to play with as well instead!

Important - please make an rc file

Radare2 was created by other, many people. Radare2 will by default print fortune cookies. Please, turn this feature off, by making the following file, in case there is a possibility of NSFW output.

Instructions for Linux/Unix systems:

   echo 'e cfg.fortunes=false' > ~/.radare2rc

Prerequisites

If during the tutorial you are planning to follow the examples and/or try your own ideas, you really want to get this sorted before the event.

Minimum requirements:

  • a C compiler and libraries needed to build radare2 - the "apt-gettable" version is out of date
  • xdot for viewing callgraphs
  • binwalk and srecord for firmware hacking

Various other tools may be helpful, and indeed needed (e.g. an editor) to complete some of the examples

If you are using a Debian-derived distro, for example:

   sudo apt-get install build-essential git xdot eog ghex binwalk vim gedit srecord

It should be possible to build radare2 on Linux, FreeBSD/NetBSD etc, Max OS/X and Windows and possibly on Android if you try hard enough (using a Debian root, for example)

However, the tutorial examples have only been tested using Debian Wheezy.

Clone & build radare2

Note, changing to the lca2015_tutorial branch is important, because the software is under active development there could be breakage in master upstream

   git clone http://github.com/pastcompute/radare2
   cd radare2
   git checkout tutorial_branch
   ./configure
   make -j
   sudo make symstall

Note, you can install as a normal user if you need to:

   ./configure --prefix=$HOME/path/to/wherever
   make -j
   sudo make symstall
   export PATH=$HOME/path/to/wherever:$PATH

Clone the examples repository, ready for use during the tutorial

   cd
   git clone http://github.com/pastcompute/lca2015-radare2-tutorial

I have already added prebuilt examples to git but there are instructions for building them in git, you will need the arduino IDE or an openwrt buildroot.

Troubleshooting

The tutorial is not until Thursday afternoon. If you need help with the above ping me on Twitter, preferably before the day! @pastcompute