Visible to the public Biblio

Filters: Author is Mesbah, Abdelhak  [Clear All Filters]
2018-06-07
Mesbah, Abdelhak, Lanet, Jean-Louis, Mezghiche, Mohamed.  2017.  Reverse Engineering a Code Without the Code: Reverse Engineering of a Java Card Dump. Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium. :1:1–1:8.

Retrieving assets from inside a secure element should be difficult. While the most attractive assets are the cryptographic keys stored in the Non Volatile Memory (NVM) area, the algorithms which are executed are also of interest. This means that the confidentiality of binary code embedded in the Read Only Memory (ROM) of that device should also be protected from extraction and reverse engineering. Thanks to a previous attack, we obtained a dump of the NVM, but not of the ROM. In this paper, we demonstrate that we can reverse engineer the algorithms without having access to the code by taking advantage of the object oriented features of the platform. We have only access to the data. We use a specifically designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code.