Just a quick post to let you know that, as some people may already have noticed, we will be present at hack.lu 2012!

In this talk, we will talk about GSM Protocol Stack and techniques we usually use to find vulnerabilities on new smartphones. You will also see the framework we have made to automate our fuzzing tests.

See you there!

iOS filesystem encryption and data protection mechanisms are now well documented and supported by many forensics tools. iOS devices use NAND flash memory as their main storage area, but physical imaging usually refers to a "dd image" of the logical partitions. The iOS Flash Translation Layer for current devices is software-based (implemented in iBoot and the kernel), which means that the CPU has direct access to raw NAND memory. In this post we will describe how to acquire a NAND image and use FTL metadata to recover deleted files on A4 devices. The information presented here is based on the great reverse engineering work done by the iDroid/openiBoot team.

Due to their complexity and their large deployment on users' machines, Adobe products (especially Flash and Reader) have often received a lot of attention from attackers. Being aware of this fact, Adobe has taken one step forward in security with the latest version of their PDF reader, Adobe Reader X.

Adobe Reader X currently makes use of three different techniques to back off attackers on Windows :

• DEP (permanently enabled)
• ASLR
• Application sandboxing, with a derivative of the Chrome's sandbox implementation

We will see here how a bug in the Chrome sandbox can lead to the full bypass of ASLR and DEP in the renderer process with a good reliability (although not breaking the sandbox protection itself). The target will be an up-to-date Adobe Reader 10.1.3 on Windows 7 x64.