esDynamic Learning Catalog 2020 02-1 - ESHARD.com · 2021. 3. 1. · SCA Essential 4 – Measurement Training..... 9 SCA Essential 5 – Scatter Side-Channel Analysis ... The trainee

www.eshard.com

esDynamic Learning Coaching catalog March 2020

eShard Immeuble Gienah 11 avenue de Canteranne 33600 Pessac – France Phone: +33 (0) 972 530 464 email: [email protected] website: www.eshard.com

Restricted

eShard SAS, Immeuble Gienah, 11 avenue de Canteranne - 33600 Pessac - France – RCS Bordeaux 812 191 443

email : [email protected] website: www.eshard.com

2

Table of contents

1. Introduction...................................................................................................................4

2. esDynamic Learning ......................................................................................................4

3. Coaching modules .........................................................................................................7

Side-Channel Analysis (SCA) ............................................................................................. 7

SCA Essential 1 - Side-Channel Analysis Principles ............................................................... 7 SCA Essential 2 - More on Side-Channel Analysis ................................................................. 8 SCA Essential 3 – Traces Synchronisation ............................................................................. 8 SCA Essential 4 – Measurement Training ............................................................................. 9 SCA Essential 5 – Scatter Side-Channel Analysis ................................................................... 9 SCA Essential 6 – SCA on Modular Exponentiation ............................................................. 10 SCA Essential 7 – SCA on ECC Point Scalar Multiplication ................................................... 10 SCA Advanced 1 - Side-Channel Countermeasures ............................................................. 11 SCA Advanced 2 – High-Order Side-Channel Analysis ......................................................... 12 SCA Advanced 3 – Attack on ECDSA final multiplication .................................................... 12 SCA Advanced 4 – Horizonal Attack on ECC........................................................................ 13 SCA Advanced 5 – Cross-Correlation Attack on ECC ........................................................... 14 SCA Advanced 6 – Attack on CRT-RSA Recombination ....................................................... 14 SCA Advanced 7 – Second-order scatter analysis ............................................................... 16

Deep Learning (DL) ......................................................................................................... 16

DL 1 – Introduction to Deep Learning ................................................................................ 16 DL 2 – Advanced Deep Learning ......................................................................................... 17 DL 3 – Deep Learning for SCA ............................................................................................. 18 DL 4 – Convolutional Neural Networks .............................................................................. 19 DL 5 – CNN for SCA ............................................................................................................ 19 DL 6 – Advanced Deep Learning for SCA ............................................................................ 20

Reverse Engineering of Android Applications (RE) ......................................................... 21

RE Essential 1 – Skills level assessment .............................................................................. 21 RE Essential 2 – Static Analysis of an Android Application ................................................. 21 RE Essential 3 – Dynamic Analysis of an Android Application’s Java Code – Part I ............. 22 RE Essential 4 – Dynamic Analysis of an Android Application’s Java Code – Part II ............ 23 RE Advanced 1 – Symbolic and Concolic testing ................................................................. 23

Restricted



3

RE Advanced 2 – Reverse Engineering native code with IDA .............................................. 24 RE Advanced 3 – Native code instrumentation in a Linux-based system ............................ 25 RE Advanced 4 – Dynamic binary analysis with Panda-RE .................................................. 26 RE Advanced 5 – Code instrumentation with FRIDA........................................................... 26 RE Advanced 6 – Reverse Engineering a Virtual Machine ................................................... 27 RE Advanced 7 – Implementation of a custom decompiler ................................................ 28

White-Box Cryptography (WBC) ..................................................................................... 30

Introduction ....................................................................................................................... 30 WBC 1: What is White-Box Cryptography, how it is protected, and it can be extracted. .... 31 WBC 2: White-Box Cryptographic binary instrumentation, available tools ........................ 31 WBC 3: attacking a White-Box Cryptographic binary with side-channel analysis ............... 32 WBC 4: attacking White-Box Cryptographic binary with Fault Attacks ............................... 32

Restricted



4

1. Introduction

eShard is a leading specialist in embedded security technology. We exist to empower professionals to manage their complex security challenges. Our experts and solutions enable our clients to probe, manage and enhance the security of the next wave of connected devices. As a result, our clients de-risk their businesses and are far better prepared for facing future security challenges. At eShard, we continuously invest and innovate in the research of new attacks and tools to efficiently assess the vulnerabilities of embedded and mobile solutions. Therefore, today we are proud that our flagship platform, esDynamic, is adopted by leading embedded security companies and that our automated mobile application scanning solution, esChecker, has been selected by a major payment scheme. Cyber-security is a complicated and fast moving field, especially in connected and mobile devices. In order to succeed, security professionals need to understand changing attack techniques. Acquiring knowledge and retaining talent is costly and challenging. Within esDynamic we offer a bespoke, ground breaking training that is individual, practical and focused on your needs. Whether you are a beginner looking to accelerate your knowledge levels or an expert seeking to deepen your knowledge on a specific topic there is a training module right for you. Log in, access and complete learning when convenient to you. A specialized expert will provide guidance and advices. esDynamic web application is also an in-depth knowledge hub. We are constantly improving and updating the available tests as cyber-crime never stands still.

2. esDynamic Learning

eShard have developed a new efficient way of learning online. We believe that the best way to acquire knowledge is to be hands-on following and learning from pre-defined practical use cases. We understand the time pressures security experts are under and have developed flexible learning methods that enable users to complete learning at times that suit them. Everyone is different, everyone works at their own pace. We have developed a large library of specialized training that targets all levels of expertise. Beginners have the opportunity to quickly progress with dedicated sessions. Experts will be able to expand their knowledge in a given area. The principle is simple. Sessions are targeted and relate to specific points in given technologies where eShard are experts, for example, cryptography side-channel, mobile application reverse engineering and deep learning. esDynamic delivers the best way to learn. The software is browser based, in the cloud, accessible through a simple log in/password. Use our collaboration feature allowing a trainee and an eShard expert to interact on the same space at the same time, enabling an effective transfer of knowledge and learning experience. Any relevant training content is pushed onto the esDynamic platform and is available during the time of the session. Whenever possible, there is nothing to install: everything runs on the platform.

Restricted



5

Every session commences with a digital interaction with one of our experts, giving an overview of the module at a high level. The user is then able to conduct the learning at their pace with our expert available online for support and help. Start by understanding the module you are about to undertake, try the exercises and test your knowledge. Finally, at the end of the learning module there is a review with an opportunity to check the learning and ask any questions with one of our experts.

Restricted



6

If more in depth training or wider team training is required our experts are also available to facilitate and run group workshops or one-to-one sessions as needed. This can be ideal to audit your teams skills and make sure they are up to date in technical areas. Learning modules cover the following areas:

• Side-channel Analysis knowledge • White-Box cryptography analyses • Deep learning core knowledge • Mobile application reverse engineering knowledge

Prior to starting to perform the modules of the learning program below, it is suggested to pass an Introductory Technical Challenge and an interview with our coach. This is a couple of hours exercise session which allows the coach to assess the level of skills of the trainee in completing successfully the selected modules. The coach can then adapt his mentoring activities to best match the technical capability of the trainee in order to provide a full learning experience out of the coaching program. On completion of the learning program defined with the trainee, the coach will generate a learning report for the manager and the trainee. This document provides a summary of the learning experience and the skills acquired during this program. The trainee will also receive a training certificate for all the modules (s)he successfully completed. The trainee will also go away with the presentations and technical challenges materials used during the learning program. This will allow the trainee to reproduce the exercises afterwards.

Restricted



7

3. Coaching modules

Side-Channel Analysis (SCA)

SCA Essential 1 - Side-Channel Analysis Principles

This session provides the principles of side-channel analysis and the background knowledge needed to perform your first analysis. You will also practice on basic examples then on real use cases to become familiar with these techniques. Key words: T-test, distinguisher, DPA, correlation, AES, reverse analysis, leakage models Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: none The trainee will acquire knowledge on: • Side-channel (leakage) origins • Leakage model(s) to consider on products? • How do I characterize the device leakage? • What methodology do I have to follow? • How to select and define the selection function • for the cryptographic operation I am targeting • How to combine with a statistical distinguisher? Material: • Theoretical part: slides and presentation by the expert • Practical part

o Perform DPA and correlation basic tests o Code your own DPA attack and your AES selection function o Run characterization tests o Attack real traces for different use cases

Restricted



8

SCA Essential 2 - More on Side-Channel Analysis

You will get knowledge on more complex side-channel attacks like chosen message attacks. You will practice on an AES-256 FPGA traces use-case to become familiar with these techniques. Key words: chosen message, monobit model, Hamming distance, AES-256, TDES Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • AES side-channel chosen message explanation • Why monobit leakage? • (T)DES: how to select and define the selection functions • Chosen messages on (T)DES Material: • Theoretical part: slides and presentation by the expert • Practical part

o Code chosen message attack on AES-256 FPGA traces at 1st round o Develop the right selection function and attack the second round o Find the key o Code attack on (T)DES traces and recover the key

SCA Essential 3 – Traces Synchronisation

You will get knowledge on the main signal processing techniques to observe and align side-channel traces. We provide misaligned trace sets and you practice until your success to realign and perform successful attacks on several use cases.

Key words: signal processing, resynchronisation, trace alignment Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • How to use filters: high/low pass, band-pass • How to use moving operators • How to use pattern detection • How to use peak detection • Combining these signal processing techniques Material: • Theoretical part: slides and presentation by the expert • Practical part

o Realign traces of a not protected AES real use case until your success to attack o Perform resynchronisation of the traces from an FPGA AES

Restricted



9

SCA Essential 4 – Measurement Training

You will practice side-channel measurements on several modern hardware devices in side-channel laboratory. You will investigate for the good signal and run traces collections. Finally, you will analyze these traces.

Training mode: Only On-site training – 1 day Key words: measurement bench, oscilloscope, EM probes Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • Observe side-channel traces on modern devices • Play with the device functionalities • Scan the IC area with EM probes • Find significant leakage areas • Set-up traces collection and run it • Prepare your T-test

Material: • Theoretical part: slides and presentation by the expert • Practical part

o Synchronize your traces o Run T-test and side-channel reverse analysis for characterization o Run attacks to recover the key

SCA Essential 5 – Scatter Side-Channel Analysis

You will get the knowledge of the new attack technique scatter. You will practice on examples using aligned and misaligned traces on real use-case to see the advantages. Key words: misalignment, Chi-squared, mutual-information Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • Understand alignment issues for classical distinguishers • Scatter principles: from traces to distributions • Scatter distinguishers • Reverse side-channel analysis with scatter • Defeating shuffling, misalignment with scatter Material:

Restricted



10

• Theoretical part: slides and presentation by the expert • Practical part

o Implemented yourself a scatter attack o Run scatter attacks on several use cases o Compare with CPA

SCA Essential 6 – SCA on Modular Exponentiation

You will get the knowledge on public key cryptosystems implementations like RSA and DSA and the side-channel attacks threatening them. You will practice by implementing attack on trace sets provided to you. Key words: exponentiation, correlation, RSA, DSA, modular arithmetic Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • Understand modular exponentiation techniques: Barrett, Montgomery, common algorithms • Learn side-channel simple attacks on exponentiation • Chosen message attacks • Differential side-channel attacks on exponentiation Material: • Theoretical part: slides and presentation by the expert • Practical part

o Perform simple analysis on exponentiation use cases o Run chosen message attacks o Code your own correlation attack on given traces

SCA Essential 7 – SCA on ECC Point Scalar Multiplication

You will get the knowledge on elliptic curve cryptosystems implementations like ECDSA, ECDH and ECIES and the side-channel attacks threatening them. You will practice by implementing attack on trace sets provided to you.

Restricted



11

Key words: elliptic curves, scalar multiplications, ECDSA, ECDH, simple and statistical analysis Requirements: basic coding skills, python knowledge is a plus but not mandatory for this training Side-channel expertise required: principles on side-channel analysis needed The trainee will acquire knowledge on: • Understand the typical ECC implementation techniques • Understand modular exponentiation techniques: Barrett, Montgomery, common algorithms • Learn side-channel simple attacks on scalar multiplication • Learn Differential side-channel attacks on scalar multiplication Material: • Theoretical part: slides and presentation by the expert • Practical part

o Perform simple analysis on scalar multiplication use cases o Implement core operations on ECC: doubling, addition, scalar multiplication o Code your own side-channel attack on given traces o Recover the secret scalar from given traces

SCA Advanced 1 - Side-Channel Countermeasures

You will get the knowledge on the main countermeasures’ principles (protocols, desynchronization, de-correlation) to protect your implementation from classical side-channel attacks. You will practice by implementing countermeasures and validate their efficiency. Key words: desynchronization, shuffling, masking, first order attacks Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel The trainee will acquire knowledge on: • Learn the different families of countermeasures: protocols, re-keying, desynchronization, masking • Learn common countermeasures use cases for symmetric algorithms Material: • Theoretical part: slides and presentation by the expert • Practical part

o Attack a not protected AES implementation and recover the key o Then protect this implementation by implementing an efficient countermeasure o Reproduce the attack, use characterization to validate countermeasure efficiency on AES o Test more countermeasures

Restricted



12

SCA Advanced 2 – High-Order Side-Channel Analysis

You will learn the principles of high-order side-channel analysis that threatens first order protected implementations with masking. You will code the attack on a masked AES implementation. You will practice second-order attacks on different set of traces for different second order attack paths until your recover the keys.

Key words: high order, centered product, masking, selection function Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel The trainee will acquire knowledge on: • Understand high order analysis leakage principles • Learn side-channel high order attacks selection functions for classical symmetric algorithms

countermeasures Material: • Theoretical part: slides and presentation by the expert • Practical part

o Test classical first order attacks and/or characterization on given trace set. Observe the results.

o Code your own second order selection function for AES use case o Attack the related first order protected AES implementation and recover the secret on

traces from a real use case o Given traces from a second use case you will develop the right second order attack and

recover the secret

SCA Advanced 3 – Attack on ECDSA final multiplication

You will gain the knowledge on this attack and implement the basic attack. Then you will practice and learn how to improve the attack to make it efficient on realistic multipliers architectures. Using the provided traces, you will practice until you recover the ECDSA key.

Key words: long integer multiplication, ECDSA, correlation, iterative selection function Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel The trainee will acquire knowledge on: • Understand long integer multiplication attack on ECDSA • Learn the different side-channel attacks to apply on long integer multiplication

Restricted



13


o Perform simple analysis on ECDSA to identify the area of interest o Characterize the sensitive data on provided trace sets o Implement the attack(s) on provided trace sets o Improve the attack on realistic multipliers architectures

SCA Advanced 4 – Horizonal Attack on ECC

You will understand and implement a horizontal side-channel attack on an ECC double-and-add-always scalar multiplication. You will learn the principle of horizontal attacks. You will implement the attack and experience it on a provided trace set. Key words: ECC, scalar multiplication, ECDSA, ECDH, ECIES, horizontal correlation Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel The trainee will acquire knowledge on: • Understanding the horizontal analysis principles • Learning the horizontal side-channel attack targeting the

scalar multiplication Material: • Theoretical part: slides and presentation by the expert • Practical part

o Implement the reverse analysis selection function(s) to identify the leakages o Implement the horizontal attack selection function(s) o Perform the horizontal analysis on given traces and recover the secret scalar

Restricted



14

SCA Advanced 5 – Cross-Correlation Attack on ECC

You will get the knowledge on collision correlation attack (named sometimes cross-correlation) on ECC double and add always scalar multiplication. Then, you will implement the attack and practice until you recover the secret scalar on the provided trace set.

Key words: ECC, double and add always, cross correlation, collision Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel The trainee will acquire knowledge on: • Understand the cross-correlation analysis principles • Learn the cross-correlation side-channel attack targeting the double and add always scalar

multiplication Material: • Theoretical part: slides and presentation by the expert • Practical part

o Implement the reverse analysis selection function(s) to identify the leakages o Perform the cross-correlation analysis on given traces and recover the secret scalar o You will use cluster analysis to improve the attack efficiency

SCA Advanced 6 – Attack on CRT-RSA Recombination

You will gain the knowledge on this attack and implement the basic attack. Then you will practice and learn how to improve the attack to make it efficient on realistic multipliers architectures. Using the provided traces, you will practice until you recover the RSA keys.

Key words: CRT-RSA, long integer multiplication, correlation Requirements: coding skills, python knowledge Side-channel expertise required: essential knowledge on side-channel

Restricted



15

The trainee will acquire knowledge on: • Understand the CRT-RSA operations in the CRT recombination • Learn the side-channel attack targeting the multiplication by the secret prime value in the

recombination Material: • Theoretical part: slides and presentation by the expert • Practical part

o Implement the reverse analysis selection function(s) to identify the leakages. o Implement the CRT recombination selection function. o Perform the correlation analysis on given traces and recover the secret prime first bytes. o Improve the attack techniques to recover efficiently all secret bytes of the secret prime for

modern multipliers architectures

Restricted



16

SCA Advanced 7 – Second-order scatter analysis

You will learn the principles of scatter second order side-channel analysis. This technique threatens first order protected implementations including masking, jitter and shuffling combined together. You will be guided to implement steps of the attack on a masked AES implementation. You will practice second-order scatter attacks on different set of traces for different second order attack paths until your recover the keys.

Key words: high order, masking, joint distribution, joint probability density function, projection, distinguisher, selection function. Requirements: coding skills, python knowledge Side-channel expertise required: knowledge on classical side-channel attacks, AES. The trainee will investigate: • Remember side-channel countermeasures. • Drawbacks of classical second order attacks. • 2nd order accumulation, joint distributions and probability density functions. • Scatter distinguishers. Material: • Theoretical part: slides and presentation by the expert • Practical part

o Compute the accumulators, joint distributions and probability density functions. o Apply distinguisher and identify the secret. o Attack first order protected AES implementation traces set from a real use case, given to

you. o Given traces from a secret trace set, with no indication from trainers at a first stage, recover

the secret.

Deep Learning (DL)

DL 1 – Introduction to Deep Learning

This module provides a general introduction to Deep Learning. It covers the basics of Deep Learning and gives an introduction to the most famous Deep Learning frameworks. At the end of the module the trainee will be able to understand basics of Deep Learning and to perform standard Deep Learning training tasks. Requirements: medium coding skills, python knowledge is a plus but not mandatory for this training

Restricted



17

The trainee will acquire knowledge on: • Smooth introduction to Machine Learning and Deep Learning, with history and context • Introduction to Neural Networks. Presentation of different networks architectures • Presentation of keys Deep Learning concepts: loss and accuracy, Gradient Descent, optimizers

etc… • Presentation of the main Deep Learning frameworks: TensorFlow, Keras, PyTorch


o Manipulate tensors o Build and manipulate neural networks o Prepare and format training data o Use DL frameworks APIs to perform Stochastic Gradient Descent o Perform a full Deep Learning training to classify images

DL 2 – Advanced Deep Learning

The goal of this module is to provide a comprehensive understanding of the mechanisms used in Deep Learning and to present advanced techniques used to improve Deep Learning trainings.

Restricted



18

Requirements: good general knowledge of Deep Learning, medium coding skills, python knowledge is a plus but not mandatory for this training The trainee will acquire knowledge on: • Comprehensive description of Gradient Descent (forward pass, backward pass etc) • Description of advanced Deep Learning techniques: learning rate decay, weights initialization, early

stopping etc. • Presentation of Transfer Learning techniques • Importance of network size Material: • Theoretical part: slides and presentation by

the expert • Practical part

o Advanced usage of Deep Learning frameworks

o Weights and gradients manipulation o Manually compute gradients o Implement gradient descent manually o Perform transfer learning

DL 3 – Deep Learning for SCA

This module presents how Deep Learning techniques can be applied to perform Profiled Side-Channel Attacks as well as the interests of using such techniques to improve Side-Channel analysis of devices. Requirements: basic knowledge of Side-Channel attacks and Deep Learning is required, medium coding skills, python knowledge is a plus but not mandatory for this training The trainee will acquire knowledge on: • Introduction to Profiled Side-Channel attacks • Description of Deep Learning-based Side-Channel attacks • Interests of Deep Learning for Side-Channel analysis


Restricted



19

o Prepare and format side-channel training data o Train Neural Network to classify side-channel leakages o Exploit trained Neural Networks to perform DL-based Differential attacks o Perform several DL-based Side-Channel attacks on masked AES implementation

DL 4 – Convolutional Neural Networks

Convolutional Neural Network (CNN) is one of the most efficient and most widely used neural network architecture. This module’s objective is to provide a comprehensive understanding of CNNs and to present the main interests of using such architecture. Requirements: medium coding skills, python knowledge is a plus but not mandatory for this training The trainee will acquire knowledge on: • Understand CNN architecture: convolution, padding, stride, pooling etc… • Understand channels and input/output shapes of layers • Translation invariance of CNN • Data Augmentation • Features visualization Material: • Theoretical part: slides and presentation by the expert • Practical part

o Manipulate CNN layers, understand and compute input/output shapes

o Create custom CNN networks o Apply CNN to an images classification problem o Perform Data Augmentation

DL 5 – CNN for SCA

CNNs offer great benefits to perform Side-Channel analysis as the translation invariance property of this architecture enables to overcome the effect of traces de-synchronization. The objective of this module is to present how Convolutional Neural Networks can be used to perform and improve Side-Channel attacks. Requirements: medium coding skills, python knowledge is a plus but not mandatory for this training The trainee will acquire knowledge on: • Overview of Convolutional Neural Network architecture • Benefits of CNNs for Side-Channel attacks

Restricted



20


o Build CNN architectures for Side-Channel attacks o Perform Side-Channel attacks using CNN o Defeat de-synchronization of side-channel traces using CNNs o Perform Data Augmentation of Side-Channel traces to improve attack efficiency

DL 6 – Advanced Deep Learning for SCA

This module presents advanced Deep Learning techniques for Side-Channel analysis. Requirements: medium coding skills, python knowledge is a plus but not mandatory for this training The trainee will acquire knowledge on: • Sensitivity Analysis techniques to reveal points of interests • Non-Profiled Deep Learning attacks • Correlation-Optimization Deep Learning attacks Material: • Theoretical part: slides and presentation by the expert • Practical part

o Reveal masks and leakages locations using Sensitivity Analysis techniques o Break protected AES implementation without profiling using Non-Profiled DL attack o Perform a Correlation-Optimization Deep Learning attack

Restricted



21

Reverse Engineering of Android Applications (RE)

RE Essential 1 – Skills level assessment

In order to assess the skills level of the trainee(s) and to identify the suitable module(s), the program may start with:

• an introductory challenge in the form of a crackme challenge, • a questionnaire • or an interview session

3.3.1.1.

Requirements: • Basic coding skills in Java, Python, C/C++ • Proficient knowledge of Linux environment

RE Essential 2 – Static Analysis of an Android Application

This first module focuses on practical learning of manual static analysis of the Java and Native code of an Android application. Key words: Static Analysis, Application Lifecycle, Entrypoints, Surface Analysis Requirements:

• Basic coding skills in Java, Python, C/C++ • Proficient knowledge of Linux environment

Reverse Engineering expertise required: none The trainee will acquire knowledge on:

• Android platform • Android application’s lifecycle • Finding quickly the main interesting entry points • Performing surface analysis of an Android application • How to use the basic must-have tools to properly reverse engineer an Android application

Material:

• Theoretical part: slides and presentation by the trainer • Practical part

o Resolve “CrackMe”-like challenges following a static analysis methodology

Restricted



22

RE Essential 3 – Dynamic Analysis of an Android Application’s Java Code – Part I

This module is the first part of the dynamic analysis course. Trainees will learn how to debug the Java code using different tools such as Android Studio and IDA. Additionally, runtime instrumentation technique will be covered using Frida. Key words: Dynamic Analysis, Application Lifecycle, Entrypoints, Debugging, Instrumentation, Hooking Requirements:

• Basic coding skills in Java, Python, C/C++, Javascript • Proficient knowledge of Linux environment • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static

analysis Reverse Engineering expertise required: the trainees must know how to perform static analysis of an Android application. The trainee will acquire knowledge on:

• How to overcome the difficulties one can encounter while doing static analysis on a protected application performing dynamic analyses

• How to debug or instrument the Java code of an Android application

Material:


o Resolve “CrackMe”-like challenges where the applications are protected such as it is made difficult to rely only on static analysis

Restricted



23

RE Essential 4 – Dynamic Analysis of an Android Application’s Java Code – Part II

The second part of the dynamic analysis course rather focuses on the Native code. We deep dive into how native code are loaded and executed before learning how to perform remote debugging of shared libraries and runtime instrumentation of the native code. Key words: Dynamic Analysis, Application Lifecycle, Entrypoints, Debugging, Instrumentation, Hooking, assembly code, JNI Requirements:

• Basic coding skills in Java, Python, C/C++, Javascript • Proficient knowledge of Linux environment • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static

analysis • Basic knowledge of x86 and/or ARM assembly language

Reverse Engineering expertise required: the trainees must know how to perform static analysis of an Android application. The trainee will acquire knowledge on:

• How to overcome the difficulties one can encounter while doing static analysis on a protected application performing dynamic analyses

• How to debug or instrument the native code of an application to gather information and change its behaviour

Material:


o Resolve “CrackMe”-like challenges where the applications are protected such as it is made difficult to rely only on static analysis

RE Advanced 1 – Symbolic and Concolic testing

This practical course focuses on symbolic execution and concolic testing. While static analysis is not always the most convenient alternative for situations where obfuscation techniques and runtime security controls are heavily implemented in the native code, performing concolic testing to analyse the code is an alternative to carry out the reverse engineering process in a more straightforward way. Key words: Symbolic execution, Concolic testing, Angr, Z3, SAT solver

Restricted



24

Requirements: • Basic coding skills in Java, Python, C/C++ • Proficient knowledge of Linux environment • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static



• How to use Angr to analyse and change the behaviour of a native code

Material:


o Practise binary analysis with Angr to overcome challenges of reverse engineering a protected binary

RE Advanced 2 – Reverse Engineering native code with IDA

This course mainly focuses on a static analysis tool: IDA. IDA scripts and GUI plug-ins are very helpful to enhance native code reverse engineering capability. Key words: Static analysis, IDA, scripts, plugins, reverse engineering Requirements:

• Basic coding skills in Python, C/C++ • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static



• How to develop IDA scripts and plug-ins to automate as much as possible the reverse engineering process

Material:


o Develop scripts to automate the static analysis of the code o Implement a plug-in for IDA

Restricted



25

RE Advanced 3 – Native code instrumentation in a Linux-based system

This practical session will focus on memory allocators and ELF loaders in Linux-based systems. A deeper dive into Linux/Android Loader and the Dynamic Linker will enable to better understand how an ELF binary is handled by the platform and how to instrument the native code of a process. Key words: Linux, Dynamic code loading, Hooking Requirements:

• Proficient knowledge of Linux environment • Basic knowledge of x86 and/or ARM assembly language


• Memory allocators and ELF loaders in Linux-based systems • Code injection and instrumentation onto native processes •

Material:


o Resolve “CrackMe”-like challenges leveraging your knowledge about dynamic code loading to inject your code within a process

Restricted



26

RE Advanced 4 – Dynamic binary analysis with Panda-RE

This practical course walks through Panda-RE framework to trace native executions and replay them for further analyses. This course will require developing a new Panda plug-in to enhance its capabilities. Key words: Dynamic binary analysis, Panda-RE, code execution tracing Requirements:

• Proficient knowledge of Linux environment • Basic coding skills in Python, C/C++ • Basic knowledge of x86 and/or ARM assembly language


• Code execution recording and replaying with Panda-RE

RE Advanced 5 – Code instrumentation with FRIDA

Relying only on static code review can be really difficult if code/data obfuscation has been integrated to make the analysis harder to do. A more straightforward approach would be to rely on dynamic analysis to get more information at runtime instead of guessing them. One particular effective dynamic analysis technique consists of changing the behaviour of the application at will at runtime in order to analyse the outcomes. This technique refers to runtime code instrumentation, and in this module we are going to use FRIDA. We are not going to provide a basic introduction on FRIDA, but the trainees will also learn how to learn FRIDA by themselves. The main objective here is to learn how to use FRIDA against a specifically designed application to defeat static code obfuscation at runtime, various runtime security controls and dump the protected code for further analyses. Key words: Dynamic analysis, Code injection, Hooking Requirements:

• Proficient knowledge of Linux environment • Basic coding skills in Python, C/C++, Javascript • Basic knowledge of x86 and/or ARM assembly language • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static


Restricted



27

• Code instrumentation with FRIDA to overcome code obfuscation and runtime security controls

• How to learn how to use FRIDA by oneself

Material:


o Use FRIDA to resolve a “CrackMe”-like challenge where the application is heavily obfuscated and implements some runtime security controls

RE Advanced 6 – Reverse Engineering a Virtual Machine

In this module, we are going to analyse and reverse engineer a virtualization-based code protection using a specific dynamic analysis technique: code emulation. Code emulation can be very handy, particularly while one wants to be able to fully control the execution environment to ease the reverse engineering process. Key words: Code virtualization, Protection, Code Emulation Requirements:

• Proficient knowledge of Linux environment • Basic coding skills in Python, C/C++ • Basic knowledge of x86 and/or ARM assembly language • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static


• How to emulate and analyse a native code with Unicorn to reverse engineer a code that has been protected with virtualization-based code protections

Restricted



28

Material: • Theoretical part: slides and presentation by the trainer • Practical part

o Use Unicorn to overcome a virtualization-based protection of an Android application that aims at generating a One-Time Password

RE Advanced 7 – Implementation of a custom decompiler

In some cases, an application may leverage code virtualization to protect a sensitive code. In this case, the code uses a custom assembly language. Therefore, in order to be able to review the code, one must be able to disassemble and/or decompile it to ease the reverse engineering process. Key words: Code virtualization, Protection, Code Emulation, Disassembler, Decompiler Requirements:

• Proficient knowledge of Linux environment • Basic coding skills in Python, C/C++ • Basic knowledge of x86 and/or ARM assembly language • Module 1 or Skills level assessment to determine the proficiency of the trainee(s) on static

analysis • Basic knowledge of the reverse engineering tool GHIDRA


• How to use GHIDRA’s SLEIGH processor specification language to implement a custom disassembler/decompiler for GHIDRA.

Restricted



29

Material: • Theoretical part: slides and presentation by the trainer • Practical part

o Use SLEIGH to implement a custom disassembler/decompiler to be able to carry out a code review of a code that is protected by means of virtualization.

Restricted



30

White-Box Cryptography (WBC)

Introduction

The White-Box Cryptography coaching is composed of four modules. The objective is that you will learn based on a theory presentation of Then, for each module we will apply practical exercises so that you can work on challenges to apply attack technics and therefore understand how the technical and tool work. • Launch an executable with open sources and proprietary dynamic binary instrumentation (DBI)

tools (Unicorn, Side Channel Marvels, esTracer, esFaulter) • Create a launcher ton instrument a native library • The classic strategy to attack a White-Box implementation either with Side Channel Attacks (CDA),

or Differential Fault Analysis (DFA) • The classic strategy to analyse a White-Box implementation embedded in Android Application Requirements:

• Basic native reverse engineering • Basic Android application reverse engineering • We recommend the trainee to attend the Essential RE modules prior to WBC modules

1. What is a White-Box Cryptography implementation, how it is protected and it can be extracted?

2. How a White-Box can be instrumented, and which tools are available (open source and proprietary).

3. How attack a White-Box with Side Channel Attacks?

4. How attack a White-Box with Fault Attacks?

Restricted



31

WBC 1: What is White-Box Cryptography, how it is protected, and it can be extracted.

This practical course introduces the methodology to attack a native white-box binary: visualisation of the binary execution, localisation of the area of interest, execution of a Computational Data Analysis (CDA) or Differential Fault Analysis (DFA), and recovery of the master key from the round key. All these steps will be performed with Qemu and Unicorn frameworks.

The trainee will acquire knowledge on: • Binary execution - How to execute a native White-Box library extracted from an Android application

with Unicorn • CDA - How to execute it, and then perform a CPA to retrieve its secret key and how to attack the

classical Wyseur Challenge with a CDA after traces where acquired • DFA - How to attack the classical Wyseur Challenge with a DFA after injection fault campaign was

performed and how to execute it and fault it, and then perform a DFA of Piret to retrieve its secret key

WBC 2: White-Box Cryptographic binary instrumentation, available tools

This practical course introduces the Side Channel Marvels framework. You will learn how to use its different modules to visualise a binary execution, to perform a CDA or DFA, and finally to recover the master key. This module is also composed of a White-Box challenge that shall be defeated with a double fault attack. The trainee will acquire knowledge on: • How to attack the classical Wyseur Challenge with a CDA and how to attack the CHES 2016

Challenge with a DFA, using the Side Channel Marvels. • How to defeat a White-Box binary with a double fault attack using esFaulter.

Restricted



32

WBC 3: attacking a White-Box Cryptographic binary with side-channel analysis

This practical course targets an Android Application containing a native white-box library. You will learn how to defeat classic obfuscation mechanisms to extract the white-box library, an then how to execute and attack it to recover the secret key. The trainee will acquire knowledge on: How to find the PIN and compute a correct cryptogram. You have an APK file, wbc_coaching_module_3.apk, implementing a small banking application embedding an AES white-box implementation: • It is protected by PIN • Once the correct PIN was typed, you can indicate an amount, a currency to generate a cryptogram • It could be sent to the bank to withdraw money from the account

WBC 4: attacking White-Box Cryptographic binary with Fault Attacks

This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.

The application is more protected than module 3.

Documents

esDynamic Learning Catalog 2020 02-1 - ESHARD.com · 2021. 3. 1. · SCA Essential 4 – Measurement Training..... 9 SCA Essential 5 – Scatter Side-Channel Analysis ... The trainee