Recon 2010: Intro to Embedded Reverse Engineering for PC reversers

Posted on August 24, 2010 by Igor Skochinsky

In July I had the honor to speak at the Recon conference in Montreal, Canada. It was my first conference but I really liked the experience. I hope I’ll be able to attend it in future.
The presentations were recorded and hopefully will appear on the Recon site soon but for now you can check out the slides (ODP, PDF). I have also uploaded some of the tools I mentioned, most notably various filesystem extractors compiled for Win32 (download).

This entry was posted in Security. Bookmark the permalink.

7 Responses to Recon 2010: Intro to Embedded Reverse Engineering for PC reversers

  1. Avi Cohen Stuart says:
    August 25, 2010 at 10:40

    Igor,
    Thanks for sharing this with us. It was a very interesting presentation. I hope to read more in the future.

  2. Pingback: Tweets that mention Recon 2010: "Intro to Embedded Reverse Engineering for PC reversers" (Slides & Tools) > (via -- Topsy.com

  3. keivan says:
    January 10, 2011 at 16:15

    Hi,
    I want to translate this code to C or other language:
    S0030000FC
    S21400027C7F01F0001FCEF0002E7FF000E080B90862
    S21400028C2090F00091F000A5B00100287F08F00047
    S21400029CE180DAAA600120016402F000FE001AEF89
    S2140002ACE180DAAA600020017F0CF000E180BA0B36
    S2140002BC2191F00081C100016001F000B11000072F
    S2140002CCE180DAAA600120016402F000FE001AE365
    S2140002DCE180DAAA60002001D1C0008081E14000F4
    S2140002EC60002001E180B9FC60012001E180BA23A6

    does any know software about it?

  4. stany says:
    February 9, 2011 at 20:42

    Igor,

    I own a couple of Casio Ex-Word dictionaries, that you mention in your talk slides.

    Communication protocol between the device and the computer is pretty much reverse-engineered ( https://github.com/brijohn/libexword/tree/devel ), we are making strides towards better understanding of the firmware upgrade process, but we are very very intrigued by the ability to dump devices’ memory that you mention.

    Do you have any insights, or any information at all that you’re willing to share? Anything and everything will be interesting, especially access to the four internal filesystems, which we know exist, but can’t access, access to diagnostics mode, again which we know exists, etc.

    We’d love to replicate your results with the Casio game, however, it seems that the freely downloadable game was only a short time promotion by Casio, that since expired, and the game is no-longer available. Thus we are somewhat stumped.

    If you have any information to share, please get in touch with either me or with Brian (whose contact info is at the top of the https://github.com/brijohn ).

    • merrykid says:
      July 14, 2011 at 10:40

      Here is the method to enter the CASIO dictionary TEST MENU that can be seen as a diagnostics mode.
      Power off dictionary
      Hold the go-back key (for newer modules it is near the four navigation keys older modules it is on the left), the page up key and
      the power key for maybe 5 seconds until it beeps and the screen light
      on and popup a window shows the Model and the BIOS Ver
      Release the three keys and press the right navigation key two times
      then press enter key then it will beep two times and enter the hidden
      TEST MENU
      The information above is a dealer told me. He want to know how to hack the password of the service menu of the manual check. It is said that this menu can be used to back up the system.

  5. laurent clevy says:
    July 20, 2011 at 15:31

    Hi Igor,
    I was waiting for your Recon 2011 talk called “Pratical C++ decompilation”. Please are the slides available to the public ?
    Kind regards
    Laurent

  6. Igor Skochinsky says:
    August 2, 2011 at 10:02

    The 2011 talk is up.