Automated Reverse Engineering using {Lego®}

Georg Chalupar; Stefan Peherstorfer; Erik Poll; Joeri de Ruiter

Automated Reverse Engineering using Lego®

Monday, August 4, 2014 - 11:30am

Authors:

Georg Chalupar and Stefan Peherstorfer, University of Applied Sciences Upper Austria; Erik Poll and Joeri de Ruiter, Radboud University Nijmegen

Abstract:

State machine learning is a useful technique for automating reverse engineering. In essence, it involves fuzzing different sequences of inputs for a system. We show that this technique can be successfully used to reverse engineer hand-held smartcard readers for Internet banking, by using a Lego robot to operate these devices. In particular, the state machines that are automatically inferred by the robot reveal a security vulnerability in one such a device, the e.dentifier2, that was previously discovered by manual analysis, and confirm the absence of this flaw in an updated version of this device.

Georg Chalupar, University of Applied Sciences Upper Austria

Stefan Peherstorfer, University of Applied Sciences Upper Austria

Erik Poll, Radboud University Nijmegen

Joeri de Ruiter, Radboud University Nijmegen

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {185156,
author = {Georg Chalupar and Stefan Peherstorfer and Erik Poll and Joeri de Ruiter},
title = {Automated Reverse Engineering using {Lego{\textregistered}}},
booktitle = {8th USENIX Workshop on Offensive Technologies (WOOT 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/woot14/workshop-program/presentation/chalupar},
publisher = {USENIX Association},
month = aug
}