Ph0wn CTF

Software reverse engineering for beginners with Ghidra applied to a drone's firmware (ARM architecture) - Maximilien Bouchez

Have you ever dreamed of accessing the source code of an application to gain a deeper understanding of its inner workings? To uncover hidden secrets or search for vulnerabilities? Perhaps even to modify its behavior? Software reverse-engineering is the key to realizing these dreams.
This workshop explains major principles of software reverse-engineering step by step. At each step you will practice on a real production software which is the embedded software of a popular drone. That will be the opportunity to get familiar with microcontroller programming and ARM instruction set. You will also learn to use the well-known software reverse-engineering tool: Ghidra.
At the end of this workshop, you will have identified an unsafe communication protocol and an unexpected way to control the drone.
Pre-requisites:

• Basic knowledge of C programming language is recommended
• Ghidra installed and ready to run on your laptops
• Download Archive file for the workshop before the workshop. More details to come.

3D Printing - Sébastien et Tom Andrivet - 4 hours

  in French

You are interested in 3D printing but need to know how to start, what to buy or use? This training is for you. We will guide you step by step. During the training, you will design and print your own (simple) 3D model on an actual 3D printer.
This training is for everyone, especially people who have yet to gain experience in 3D printing. Take your laptop, creativity, and eagerness to learn new things.
Pre-requisites:

• A laptop running Windows, macOS or Linux and with Wi-Fi capability

Hands-on hardware security key - Sylvain Pelissier et Nils Amiet

in English (possible support in French too)

Looking at the specifications of that brand new Yubikey 5, with a puzzled look on your face, due to the unfathomable amount of supported features listed on that Yubico website page. Wondering if I should buy a security key and which one. Does this scenario sound familiar ? You're not alone. In this workshop, we'll make a deep dive into the world of security keys. We'll cover what they can be used for (for example Web authentication with FIDO2, PGP, OTP, etc.), talk about the various features these keys support, as well as their limitations. We'll compare the products on the market and help you decide which one is best for you. We'll cover security considerations and disaster recovery best practices as well.
Pre-requisites:

• Linux (preferred) laptop, or Windows with WSL, or a Linux VM
• A security key (preferably a Yubikey, but other brands are also fine). If you don't have one, don't worry, we will help you chose one during the workshop, and you will still be able to participate.

Hacking retro architectures - Fabrice Francès

  in French

Hacking old consoles or arcade boards might be seen as a useless activity, nonetheless it is not only fun but very educational indeed as a first step on the path of understanding both low-level architectures and retro-engineering techniques that are useful when tackling more modern technologies such as embedded systems. This workshop will give a practical insight in the hacking of old architectures: understanding dedicated video-games architectures will be illustrated with a real Q*bert arcade board, ROM hacking will be practiced both on arcade ROMs emulated with MAME, and real cartridges for the SNES.
Pre-requisites:

• basic knowledge of an old 8-bit or 16-bit processor (e.g. 6502, Z80, 8086, 65816)
• good knowledge of one's own laptop, in order to compile/install tools such as hex editors, disassemblers and emulators.