Breaking Binary Protocols and Bad Crypto presented at BSidesLondon 2014

by Graham Sutherland,

Summary : "This talk is a running account of a few weeks spent attacking and reverse-engineering a widely deployed network device. I went from having little knowledge of the system, to producing some powerful and interesting exploits. The focus of this talk is more towards how the issues were found, rather than the issues themselves. To that end, a generic set of hints and tips will be proposed for analysing and attacking binary protocols, including a method for classifying and identifying unknown cryptography used on data.
Currently the issues that will be presented in this talk are being worked on with the vendor. It is hoped that by the time that BSidesLondon takes place we will be in a position to openly talk about specifics of the issues in question and the fixes that have been implemented. If this is not the case then the talk will not disclose the specific product or vendor, but instead cover the techniques and interesting finds in a manner that is in line with our co-ordinated disclosure programme.