Registrations have opened on 4 November 2024.
Important: Please ensure you bring your laptop to the workshop with all required software installed. Without this setup, you will not be able to participate.
All workshops begin at 2pm (Nov 29).

Ghidra For ARM

Speaker Maximilien Bouchez
Workshop Title Introduction to embedded software reverse engineering with Ghidra (drone's firmware, ARM architecture)
Duration 4 hours
Language French but can answer questions in English (Slide deck is in English)
Number of participants 30
Requirements
  • Basic knowledge of C programming language is recommended
  • Ghidra installed and ready to run on your laptops
  • Download an archive file containing training material at the beginning of the workshop
Abstract

Have you ever dreamed of accessing the source code of an application to gain a deeper understanding of its inner workings? To uncover hidden secrets or search for vulnerabilities? Perhaps even to modify its behavior? Software reverse-engineering is the key to realizing these dreams. This workshop explains major principles of software reverse-engineering step by step. At each step you will practice on a real production software which is the embedded software of a popular drone. That will be the opportunity to get familiar with microcontroller programming and ARM instruction set. You will also learn to use the well-known software reverse-engineering tool: Ghidra. At the end of this workshop, you will have identified an unsafe communication protocol and an unexpected way to control the drone.

Capture The Drone

Speaker Jules Sarran
Workshop Title Capture The Drone
Duration 4 hours
Language French but can answer questions in English
Number of participants 20
Requirements
  • Virtualbox installed and 10GB of available memory
  • Basic knowledge of C programming language is recommended
Abstract

Venez l'espace de quelques heures vous mettre dans la peau d'un hacker et laissez-vous guider vers l'exploitation des vulnérabilités d'un drone grand public. Attaques hardware, attaques radio, reverse engineering, buffer overflow, vous pourrez expérimenter les multiples facettes de la cybersécurité des systèmes embarqués et appliquer ces concepts sur une cible concrète. A l'issue de ce workshop, vous aurez détourné un drone avec un équipement radio, extrait et reverse le firmware du drone et exploité une vulnérabilité typique des systèmes embarqués.

Side Channel Attacks

Speaker Nabil Hamzi (@FdLSifu)
Workshop Title Side channel attacks and countermeasures
Duration 4 hours
Language French / English
Number of participants 20
Requirements
  • A laptop
  • Docker and docker-compose installed
Abstract

This workshop provides an introduction to Side Channel Attacks through Power Analysis. It's designed for those interested in learning practical techniques to exploit vulnerabilities in cryptographic implementations. The workshop covers topics like leakage models, Hamming weight, Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). The focus is on practical skills rather than in-depth theoretical knowledge of cryptography, signal processing, hardware, or advanced statistical tools. By the end of the workshop, participants will have a solid understanding of how to perform side-channel attacks and gain insights into how to protect against them.

Android Application Reverse Engineering

Speaker Cedric Lucas
Workshop Title Android Application Reverse Engineering
Duration 2 hours
Language French but can answer questions in English
Number of participants 16
Requirements
  • Android Studio installed
  • Basic knowledge of Java
Abstract

The workshop will present Android applications, particularly how they are created. We will explore different tools to run Android applications on our computers and analyze them. Finally, we will use JEB to reverse engineer a basic application, including decompilation and debugging.

Hydrabus 101

Speaker Nicolas Oberli (@Baldanos) / Karim Sudki (@Az0x)
Workshop Title Hydrabus 101
Duration 3 hours
Language French but can answer questions in English
Number of participants 20
Requirements
  • A laptop with at least two USB ports
Abstract

Ever wondered how to start with hardware hacking ? This workshop will present you some simple techniques you'll need to get you started. Of course, the best way to learn is by doing so we prepared a target device for you to fiddle with during the workshop. At the end of this 3-hour workshop, you should be able to:

  • Identify main components found on a device
  • Read and understand a datasheet
  • Get to know some of the usual protocols (UART / I2C)
  • Dump the contents of a memory chip
  • Debug and extract a microcontroller firmware

WHAD

Speaker Romain Cayre and Damien Cauquil
Workshop Title One for all and all for WHAD: wireless shenanigans made easy!
Duration 4 hours
Language French but can answer questions in English
Number of participants 25
Abstract

A lot of security research have recently focused on various wireless communication protocols, targeting smartphones, wireless mice and keyboards and even cars. In order to demonstrate these attacks, researchers developed dedicated tools that for most of them include some specialized firmware of their own but also rely on various unique custom host/device communication protocols. These tools work great but are strongly tied to some specific hardware that at some point will not be available anymore, or require hackers to buy more hardware to carry on to have fun with.

Why not making these tools compatible with more hardware ? And why researchers always have to create their own host/device protocol when it comes to using a dedicated hardware ? Why not having one flexible protocol and related tools to rule them all ?

We will present in this workshop WHAD, a framework that provide an extensible host/device communication protocol, dedicated protocol stacks and way more for hackers who love having fun with wireless protocols. WHAD makes interoperability possible between tools by allowing different hardware devices to be used if they provide the required capabilities, giving the opportunity to create advanced tools without having to care about the hardware and its firmware in most of the cases!

Laptop requirements: please log on ph0wn's Discord server, channel "whad" to get requirements and how to setup your computer.

Updated: