Nifty Tricks and Sage Advice for Shellcode on Embedded Systems presented at HITBSecConf Amsterdam 2013

by Travis Goodspeed,

Tags: Security

Summary : This lecture presents a bunch of clever tricks that will save you time and headaches when writing exploits for small embedded systems, such as smart meters, thermostats, keyboards, and mice.
You’ll learn how to write tiny shellcode that’s quickly portable to any variant of ARM, as well as how to exploit memory corruption on an 8-bit micro that’s incapable of executing RAM. You’ll learn how to develop an embedded exploit without a debugger, and how to blindly assemble a ROP chain when you don’t have a firmware image.
Note: No machines harmed in this lecture had enough RAM to hold CALC.EXE.