Reverse Engineering a Code Without the Code: Reverse Engineering of a Java Card Dump
Title | Reverse Engineering a Code Without the Code: Reverse Engineering of a Java Card Dump |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Mesbah, Abdelhak, Lanet, Jean-Louis, Mezghiche, Mohamed |
Conference Name | Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-5321-2 |
Keywords | composability, Data reverse engineering, Metrics, object oriented security, pubcrawl, resilience, Resiliency, software attack, software visualization, vulnerability discovery |
Abstract | Retrieving assets from inside a secure element should be difficult. While the most attractive assets are the cryptographic keys stored in the Non Volatile Memory (NVM) area, the algorithms which are executed are also of interest. This means that the confidentiality of binary code embedded in the Read Only Memory (ROM) of that device should also be protected from extraction and reverse engineering. Thanks to a previous attack, we obtained a dump of the NVM, but not of the ROM. In this paper, we demonstrate that we can reverse engineer the algorithms without having access to the code by taking advantage of the object oriented features of the platform. We have only access to the data. We use a specifically designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code. |
URL | http://doi.acm.org/10.1145/3150376.3150377 |
DOI | 10.1145/3150376.3150377 |
Citation Key | mesbah_reverse_2017 |