Visible to the public Reverse Engineering a Code Without the Code: Reverse Engineering of a Java Card Dump

TitleReverse Engineering a Code Without the Code: Reverse Engineering of a Java Card Dump
Publication TypeConference Paper
Year of Publication2017
AuthorsMesbah, Abdelhak, Lanet, Jean-Louis, Mezghiche, Mohamed
Conference NameProceedings of the 1st Reversing and Offensive-oriented Trends Symposium
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5321-2
Keywordscomposability, Data reverse engineering, Metrics, object oriented security, pubcrawl, resilience, Resiliency, software attack, software visualization, vulnerability discovery
Abstract

Retrieving assets from inside a secure element should be difficult. While the most attractive assets are the cryptographic keys stored in the Non Volatile Memory (NVM) area, the algorithms which are executed are also of interest. This means that the confidentiality of binary code embedded in the Read Only Memory (ROM) of that device should also be protected from extraction and reverse engineering. Thanks to a previous attack, we obtained a dump of the NVM, but not of the ROM. In this paper, we demonstrate that we can reverse engineer the algorithms without having access to the code by taking advantage of the object oriented features of the platform. We have only access to the data. We use a specifically designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code.

URLhttp://doi.acm.org/10.1145/3150376.3150377
DOI10.1145/3150376.3150377
Citation Keymesbah_reverse_2017