Level: Advance Subject Matter
Abstract:
Not just a talk, but a punk journey in a home-made reverse engineering of an Android application to investigate how an NFC tag (NXP NTAG 21X) stores credits and manages transactions at live events, for profit and fun free drinks (and fun, it’s always about fun). Like in Cluedo, we put together all the clues: the public product features, the hardware datasheets, and open-source tools (P1sec/hermes-dec, mitmproxy/android-unpinner, iBotPeaches/Apktool, and Kirlif/HBC-Tool) to reverse an Hermes-encoded Android bundle.
The failures, the technical constraints, the code review and analysis, the hypotheses, and, in the end, the patience: the patience to wait more than four months to test my theoretical idea.
Come and listen to this story, a little punk, a little hacker.
Bio:
Luigi Gubello – Security Engineer. Sometimes I try to hack stuff. Investigated by the authorities due to an SQL injection, financed by the powers that be, someone said.