Ph0wn CTF

Software reverse engineering for beginners with Ghidra applied to a drone's firmware (ARM architecture) - Maximilien Bouchez

  in French (possible support in English), 14:00 - 18:00, 20 seats, Room 101

Have you ever dreamed of accessing the source code of an application to gain a deeper understanding of its inner workings? To uncover hidden secrets or search for vulnerabilities? Perhaps even to modify its behavior? Software reverse-engineering is the key to realizing these dreams.
This workshop explains major principles of software reverse-engineering step by step. At each step you will practice on a real production software which is the embedded software of a popular drone. That will be the opportunity to get familiar with microcontroller programming and ARM instruction set. You will also learn to use the well-known software reverse-engineering tool: Ghidra.
At the end of this workshop, you will have identified an unsafe communication protocol and an unexpected way to control the drone.
Pre-requisites:

• Basic knowledge of C programming language is recommended
• Ghidra installed and ready to run on your laptops
• Download Archive file for the workshop before the workshop. More details to come.

3D Printing - Sébastien et Tom Andrivet - 4 hours

  in French, 14:00 - 18:00, 15 seats, Room 102

Vous etes intéressés par l'impression 3D mais vous ne savez pas par ou commencer, quoi acheter ou utiliser ? Cette formation est faite pour vous. Nous vous guiderons étape par étape. Pendant la formation, vous concevrez et imprimerez votre propre modèle 3D (simple) sur une véritable imprimante 3D.
Cette formation s'adresse à  tout le monde, en particulier aux personnes qui n'ont pas encore acquis d'expérience en impression 3D. Prenez votre ordinateur portable, votre créativité et votre désir d'apprendre de nouvelles choses.
Conditions préalables : Un ordinateur portable fonctionnant sous Windows, macOS ou Linux et doté du Wi-Fi

Hands-on hardware security key - Sylvain Pelissier and Nils Amiet - 2 hours

in English (possible support in French too), 15:30 - 17:30, 25 seats, Room 151
Looking at the specifications of that brand new Yubikey 5, with a puzzled look on your face, due to the unfathomable amount of supported features listed on that Yubico website page. Wondering if I should buy a security key and which one. Does this scenario sound familiar ? You're not alone. In this workshop, we'll make a deep dive into the world of security keys. We'll cover what they can be used for (for example Web authentication with FIDO2, PGP, OTP, etc.), talk about the various features these keys support, as well as their limitations. We'll compare the products on the market and help you decide which one is best for you. We'll cover security considerations and disaster recovery best practices as well.
Pre-requisites:

• Linux (preferred) laptop, or Windows with WSL, or a Linux VM
• A security key (preferably a Yubikey, but other brands are also fine). If you don't have one, don't worry, we will help you chose one during the workshop, and you will still be able to participate.

Hacking d'architectures rétro - Fabrice Francès

  in French, 15:00 - 18:00 - 8 seats - Room 155
Hacking old consoles or arcade boards might be seen as a useless activity, nonetheless it is not only fun but very educational indeed as a first step on the path of understanding both low-level architectures and retro-engineering techniques that are useful when tackling more modern technologies such as embedded systems. This workshop will give a practical insight in the hacking of old architectures: understanding dedicated video-games architectures will be illustrated with a real Q*bert arcade board, ROM hacking will be practiced both on arcade ROMs emulated with MAME, and real cartridges for the SNES.
Pre-requisites:

• basic knowledge of an old 8-bit or 16-bit processor (e.g. 6502, Z80, 8086, 65816)
• good knowledge of one's own laptop, in order to compile/install tools such as hex editors, disassemblers and emulators.