Reversing Cryptography in Black Box Binaries

Dahmun Goudarzi, Robin David
In-Person Training | August 3 - 6 | 4 days

BOOK NOW

Reversing Cryptography in Black Box Binaries

Dahmun Goudarzi, Robin David

Book Now

This training aims to teach how to analyze cryptographic components in binary files, from locating them to assessing their security. The training is divided into four modules:

  1. Localisation: Basics of cryptography to locate it in binary files.
  2. Identification: Methods to identify and characterize cryptographic primitives.
  3. Testing: Practical use of tools to assess the conformity of cryptographic primitives.
  4. Advanced Testing: Techniques for robustness assessment, including differential fuzzing and automatic attacks on white-box cryptography.

ABSTRACT

Cryptography is a key component of the development of any product involving sensitive data. Analysing it at binary-level is usually a tedious task. To do so, one should first locate the cryptographic blocks, identify whether they are coming from standard algorithms or custom ones and finally assess their security. Even after complete cartography and understanding of the binary, it remains a challenging task to properly assess if and how the cryptographic blocks are flawed or not.

Cryptography is often seen as a field restricted to highly qualified people with strong math background. The goal of this training is to demystify this field by giving attendees a proper knowledge and toolkit to ease the cryptanalysis of primitives in binary files (namely the identification and assessment of the robustness), and how to perform such cryptanalysis with some tools that we created.

The various sections and topics will always be provided with hands-on exercises taken from real-world binaries encountered in our assessments.
While many topics will be covered to share as much insights as possible, the main goal is to provide the proper material and skill knowledge for any attendees to understand how to tackle cryptography found at binary-level in order to derive an enlighten advice on its soundness and robustness.

The training will be divided into 4 modules following the usual analysis workflow:

  • Localisation: first we will provide the basics required on cryptography with an introduction courses to have enough knowledge to locate it at binary-level;
  • Identification: secondly we will focus on the different ways to identify and characterise the located primitives by how they are constructed (constants or pattern);
  • Testing: then we will use in practice various tools we developed to asses the conformity of a standard cryptographic primitive either via I/O testing or code emulation;
  • Advanced Testing: finally, we will have dig into at more advanced testing technique such as robustness assessment with differential fuzzing or different scripts for automatically attacking white-box cryptography.

INTENDED AUDIENCE

💡
Practitioners assessing or encountering cryptographic implementation and protocols during development or reverse. The training focuses on a black-box approach which target audience wanting to assess the conformity and resilience of cryptographic solutions.

KEY LEARNING OBJECTIVES

  • Introduction to Cryptography: principles, primitives and algorithms.
  • Understanding how real-world crypto works without needing to know why (no mathematical background required!).
  • Learning how to identify cryptographic primitives and/or protocols in complex binaries and whether their implementation is sound and robust.
  • Learning how to use several tools we developed to automate the product security analysis and testing for conformity check, vulnerability search or attack automation.

COURSE DETAILS

AGENDA

MODULE 1: Demystifying Cryptographic Primitives

  • Basic Concepts
    • encryption/decryption
    • authentication
    • signatures
    • cryptographic materials and derivation
    • etc
  • Modelling Adversary
    • Black/Grey/White box
  • Building Blocks
    • Symmetric cryptography: AES and modes, SHA, etc.
    • Public-key cryptography: RSA, ECC, etc.
  • Protocols
    • Diffie-Hellman key exchange, TLS, SSH, etc.
  • Implementation Requirements: conformity, constant time.
  • Practicals:
    • hands-on on basic cryptographic attacks
    • identifying weaknesses with input/output observations

MODULE 2: Identifying Crypto in Binaries

  • Identification 101 (e.g., API symbols, constants, findcrypt)
  • Constructing ad-hoc documentation for identification
    • What are the key points?
    • How are cryptographic materials handled?
    • Are there any constants involved?
  • Introduction to Side-channels analysis: understanding what we can observe during a crypto execution
  • Advanced identification
    • How to use custom YARA rules
    • Pattern matching via tracers
  • Memory exploration to find Crypto Materials
    • Reminder on randomness, entropy, etc.
    • Testing a random number generator soundness with TestU01
    • Where to look in memory?
  • Practicals:
    • Identify algorithms used in a simple binary
    • Decrypt TLS exchanges with tweaked randomness generation
    • Identify lesser used primitives/custom ones with YARA rules
    • Identify the Crypto primitives in a Satellite user terminal
    • Find an AES size via tracing

MODULE 3: Testing Crypto in Black-box

  • Introduction to crypto-condor, a tool automating conformity checks of cryptographic implementations
  • Introduction to code emulation
  • Practicals: assessing a binary conformity using crypto-condor and emulation:
    • Get started with crypto-condor on a malformed messaging app
    • Standard implementation compliance checks (OpenSSL, mbedTLS..)
    • Harnessing and compliance checks of cryptography for embedded devices through emulation

MODULE 4: Advanced Testing

Automation of Vulnerability Search

  • Introduction to Differential Fuzzing
  • List of the different tools, what they can do and catch
  • Bestiary of Vulnerabilities
  • How to cryptanalyse them?
  • Practicals: getting started with tools to assess:
    • Conformity of an encountered crypto primitive (even custom made ones)
    • Robustness against side-channel attacks, memory leaks
    • Writing your first harness that can export function to crypto-condo

White-box Cryptography Analysis with Side-Channel Marvels

  • Introduction to White-box Crypto
  • Side-Channel Marvels: list of tools, how to use them to automate attacks
  • Practical: use-case on CHES CTFs

KNOWLEDGE PREREQUISITES

  • NO Mathematical background required
  • Basic reverse-engineering skills, x86-64 and ARM binaries will be studied
  • Basic skills in Python and C/C++

SYSTEM REQUIREMENTS

Hardware Requirements

  • 10Gb+ disk space
  • the more CPU and RAM the better (16GB Recommended)

Note: Apple Sillicon M1/M2/M3 Macs are NOT SUPPORTED

Software Requirements

  • Laptop with (Virtualbox, vmware) as all materials will be provided on a VM

ABOUT THE INSTRUCTOR

Dahmun Goudarzi is a French Cryptographic R&D researcher focused on the automation of the analysis of cryptographic solutions in deployed products. He originally hold a PHD from Ecole Normale Supérieur de Paris and CryptoExperts where he worked on secure implementation of block ciphers against physical attacks. His works have lead to dozen of publications at top-end cryptographic conferences. He is now a full time security researcher at Quarkslab where is leading different research topics and tools developement to automate the analysis of cryptographic component in source and native code.

Robin David is a French Software Security Researcher focused on reverse engineering and software testing (fuzzing and symbolic execution). He originally holds a Phd from the Atomic Energy Comission (CEA) where he attacked obfuscation using formal methods and symbolic execution. He is now full-time security researcher at Quarkslab where he is leading the automated analysis team and various research topics. From time to time we present its work in various security conferences.