Since I only started to put content to my website just now, I was thinking about starting the blog with something positive. Hence, the summer school I attended last week came to mind, so I wanted to write about that.
When I was visiting SAP Research in Karlsruhe a couple of weeks ago, my colleague Sebastian told me that the University in Bochum was organizing a summer school on Reverse Engineering. Although I had my share of fun with REing both in working and when teaching, I still had a pretty good feeling about the workshop since I know the people in Bochum and their skillsets. So, I wrote the organizing professor and asked whether there were still slots available. Luckily, although I was too late for the deadline, he told me that they had same slots left and thus I registered for the workshop. In order to get in, every participant had to solve a simple test, where he had to derive a solution for a given input into a binary provided by the summer school. In my first try, I completely missed what that input should have been and only generated a correct solution for the input “222222”. A short mail from the organizers however got me to take a look again and I subsequently generated the proper solution.
Day 0 and Day 1
Together with Sebastian and my colleague from Erlangen, Johannes, I drove to Bochum on sunday. After arriving we had a bite to eat and were eager to see what was awaiting. So, the next morning we went to the University. After registration, the first talk was on the basics of Reverse Engineering and was not that interesting at fist glance. The second talk of the day was on the inner workings of Windows and the PE file type – also something I was aware of before the workshop.However, in the afternoon my mood changed quite a bit. The exercise assignments were really great and needed us to work with IDApython. Although I had worked with IDA frequently before hand and am a lover of python, I had never taken a look at IDApython. After a while, Johannes and I developed lots of working code – at this stage capable of unpacking a simple XORed binary. We played around quite a bit more until the late afternoon when all participants of the workshop went to a BBQ. There, I met a lot of people I hadn’t seen in quite some time and had a nice evening all around. Nevertheless, at 9pm Johannes and I were starting to discuss the things we had done that day .. and subsequently started up reversing again.
The second day started with a talk on unpacking, followed by a howto on analysing C++ binaries in IDA and regarding the removal of junk code in binaries. The exercises gave us ample opportunity to sharpen our IDApython skills. The whole thing led to roughly 600 loc python being implemented – and they actually did what they were supposed to do! We stayed late at the lab that night and went to dinner in the inner city with Sebastian and the organizer.
The third day of the summer school was the designated “Research Day”. Since the group organizing the summer school is closely linked with the SysSec Network of Excellence, the summer school co-hosted the Second SysSec Workshop, where the best publications from members of the SysSec Network and EU projects were presented. Alongside these also was our paper on DNS Rebinding. Although I will be flying to Washington to present it at USENIX Security, Sebastian gave the talk. However, this way he had to do the slides and I can just change a few things for my presentation in two weeks 😉
There were also two talks by professors on how to submit papers and have them accepted. They also outlined the process of being rejected and working with the comments given by the reviewers in a sound way – both when re-writing the paper for the next conference or when answering the comments in a rebuttal phase. I took quite a lot from these two talks. Another suggestion provided in the talks was the idea of Security Reading Groups. Together with Johannes, I will now try to introduce that at our group and hope for good results.
After an interesting day of talks, Johannes and I still had some work to do. Thus, we spend the evening in a guest office at the university instead of drinking with the other participants.
The topic of day 4 was taint analysis in binaries. I was very happy to see that in the talk the concept of taint tracking was mostly understood and implemented the way I had done it in my thesis. The inner workings of minemu and its predecessors were explained and afterwards, the next lecturer talked about PIN tool and binary instrumentation — in a really fast manner. I personally consider myself to be a very fast speaker, but he beat me by a land slide. However, this way we got to lunch early 😉
After lunch, we went back to the lab to play with the new tools. Johannes and I were quickly able to master the first three (of six) tasks given to us. However, the fourth task then led to exhaustion because of the poor documentation of PIN tool. Although it might be very powerful, the document is practically non-existent and thus getting things to work the way you want them to is hard in just a couple of hours. At 1730 we went to our hotel to drop off our laptops and then went to the inner city for a guided tour. However, we were a bit late, then our train was stopped due to a medical emergency. This way, we were 30mins late to the tour… which had already left. After making some calls, we found our group and joined them for the last 30 minutes of their tour. After that, we had a bite to eat and met up with the rest of the participants at Bermuda3Eck. There, we had quite some interesting conversations and finally went home at 1.30am.
Tired from the night before, we packed our stuff and went to the university for the final day. The last day was focussed on mobile security and reversing. Sadly, this day was not able to keep up the high standards from the previous days. The focus was only on Android and only on Apps not making use of native code. Thus, we were able to solve the given challenges very quickly. We then took the train home (5hrs, woohuu) and arrived back home in Erlangen friday night.
Concluding the week, I had a really great time in Bochum. The Windows binary challenges were reasonably hard and provided us with quite a challenge. Although day 4 and day 5 were not as great as the first three days, I can absolutely recommend this summer school. Alongside the hard technical skills I took away from the week, I also had some ideas on how to improve our Hackerpraktikum and will now try to adopt the idea of reading groups at our group. A big thanks goes out to the organizers which really made this a great week – especially at the really low rate of 200€ for the complete week including lunch each day and snacks in all the breaks.