2025-09-19 –, Pupin
We will be taking a look at a photo printer firmware for no particular purpose other than having fun and learning something. We will start by downloading a firmware update from the manufacturer's website, continue with figuring out firmware update format and start digging into the code. We will be using free and open tools, we will be introducing common reverse engineering principles and learning firmware and microcontroller concepts. We'll go as slow as necessary and will get as far as we can in the time allotted.
The goal of this workshop is to introduce common reverse engineering principles to wide audience. Beyond basic programming familiarity, no other experience is required to follow along. The target firmware is an RTOS running on an ARM application processor, but that doesn't matter. We will be relying on Ghidra and its decompiler as our main reverse engineering tool.
The firmware is already extensively reverse engineered and we will have set checkpoints and materials to guide as along. Few defined milestones are:
- basic binary exploration with binwalk and Ghidra
- basic hardware overview
- recognizing common functions and structures
- dissecting the firmware update to properly carve out components
- properly memory mapping the firmware
- figuring out the firmware update process
- successful firmware modification
- gaining custom code execution
These are subject to change due to general interest and allotted time. Beginners to reverse engineering will hopefully walk away from this workshop having gained confidence in pursuing their own reverse engineering challenges, more advanced attendies will hopefully have fun and the instructor himself will definitely learn a new trick or a few.
Post workshop, all the relevant reverse engineering artifacts will be published along with a writeup and any relevant code developed.
Aleksandar is a security researcher with a primary focus on finding memory corruption vulnerabilities. Both for fun and work, Aleksandar has performed reverse engineering, fuzzing, and code auditing on dozens of projects written in C and C++.
In his spare time he likes to tinker with devices around him and has previously published writeups of his reverse engineering efforts of useless cameras, obsolete car systems and x-ray imaging.