SlideShare a Scribd company logo
Class 25:
Reversing
Reverse
    cs1120 Fall 2011
    David Evans
    21 October 2011
Reverse Engineering
               What you Want                                                   Design a Solution




                                                Forward (Normal) Engineering
  Understand how it works                                                      Some Artifact
Challenge     Response               Key stream

  RNG              +

                                         f(∙)


               +         +           48-bit LFSR                           Note: when the artifact
                ID                                                         you start with is
 Mutual authentication
           protocol
                             48-bit stream cipher                          natural, this is called
                                                    Reverse Engineering    “science”!
                                                                                                     2
Reversing Crypto Circuits




500x Magnification Microscope

                                Pictures from Karsten Nohl (UVa CpE PhD 2009)
                                                                                3
4 NAND: Y = !(A & B & C & D)




Chip Logic Layer

                                                  4
(Mostly) Automated Analysis




    Identify Logic Gates   Trace Wires Connecting Them


                                                         5
Challenge   Response           Key stream

  RNG            +

                                   f(∙)


             +          +      48-bit LFSR


              ID
Mutual authentication   48-bit stream cipher
        protocol
7
Plan
Review: list-reverse
(Forward and Reversing) mlist-reverse!
Forward and Reverse Lists (Doubly-Linked Lists)

           I still have unclaimed Exams! I will start
           charging exam storage fees Monday.
           Note: if you want to reverse engineering my storage fees
           protocol, you could try waiting later (but I don’t recommend it!)




                                                                               8
Reversing




            9
Analyzing list-reverse
(define (list-reverse p)
  (if (null? p) null
      (list-append (list-reverse (cdr p)) (list (car p)))))




                                                              10
Reversing
(define (list-reverse p)
  (if (null? p) null
      (list-append (list-reverse (cdr p)) (list (car p)))))

Running time is in (N2)
  where N is number of elements in p.
Number of new cons cells:
 for the list-appends: N-1 + N-2 + … + 1 = N2/ 2
 + for the (list (car p)): N
 memory use is in (N2)


                                                              11
mlist-reverse!
Define a mlist-reverse! that reverses the elements of a
mutable list. The output should be a mutable list with
the elements in the reverse order. The number of cons
cells it creates should not scale with the length of the
list. (The input list can be mutated arbitrarily!)




                                                           12
Revers!ing a List


m1:

        1        2   3




            revm1:
14
Close…but not quite
(define (mlist-reverse! p)
 (if (null? (mcdr p))             (define (mlist-reverse! p)
                                   (if (null? (mcdr p))
    p
                                      p
    ((lambda (rest)                   (let ((rest (mlist-reverse! (mcdr p))))
      (begin                            (set-mcdr! p null)
        (set-mcdr! p null)              (mlist-append! rest p)
        (mlist-append! rest p)          rest)))
        rest))
                                           > m1
     (mlist-reverse! (mcdr p)))))          {1 2 3 4}
                                             > (mlist-reverse! m1)
                                             {4 3 2 1}
                                             > m1
                                             {1}

                                                                                15
Charge
Next week:
 Finish mlist-reverse!
 Programming with Objects, Python


          I still have unclaimed Exams! I will start
          charging exam storage fees Monday. You
          can come to my office now to get yours.


                                                       16

More Related Content

PDF
Using R in remote computer clusters
PDF
Good news, everybody! Guile 2.2 performance notes (FOSDEM 2016)
PDF
Compilation of COSMO for GPU using LLVM
PPT
Tpr star tree
PPT
Fpga 09-behavioral-modeling-moore-machine
PDF
A Verified Decision Procedure for Pseudo-Boolean Formulas
PDF
NIR on the Mesa i965 backend (FOSDEM 2016)
PDF
Functional Reactive Programming by Gerold Meisinger
Using R in remote computer clusters
Good news, everybody! Guile 2.2 performance notes (FOSDEM 2016)
Compilation of COSMO for GPU using LLVM
Tpr star tree
Fpga 09-behavioral-modeling-moore-machine
A Verified Decision Procedure for Pseudo-Boolean Formulas
NIR on the Mesa i965 backend (FOSDEM 2016)
Functional Reactive Programming by Gerold Meisinger

What's hot (20)

PDF
05211201 A D V A N C E D D A T A S T R U C T U R E S A N D A L G O R I...
KEY
Linuxconf 2011 parallel languages talk
PDF
Garbage Collection
PPTX
MSc Thesis Defense Presentation
PDF
Q4.11: Using GCC Auto-Vectorizer
PDF
1st Semester M Tech: Computer Science and Engineering (Jun-2016) Question Pa...
PPTX
Low-level Shader Optimization for Next-Gen and DX11 by Emil Persson
PDF
Basic constructs ii
PPTX
Building Efficient and Highly Run-Time Adaptable Virtual Machines
PDF
D vs OWKN Language at LLnagoya
PDF
6th Semester Electronic and Communication Engineering (2013-December) Questio...
PDF
1st Semester M Tech Computer Science and Engg (Dec-2013) Question Papers
PDF
Integrating R with C++: Rcpp, RInside and RProtoBuf
PDF
Transparent Latent GAN
ODP
Extreme JavaScript Minification and Obfuscation
PPT
Data Structure Lecture 4
PDF
ClockSystem: Embedding Time in Smalltalk
PDF
Q4.11: NEON Intrinsics
PDF
Block Cipher vs. Stream Cipher
PPTX
A petri-net
05211201 A D V A N C E D D A T A S T R U C T U R E S A N D A L G O R I...
Linuxconf 2011 parallel languages talk
Garbage Collection
MSc Thesis Defense Presentation
Q4.11: Using GCC Auto-Vectorizer
1st Semester M Tech: Computer Science and Engineering (Jun-2016) Question Pa...
Low-level Shader Optimization for Next-Gen and DX11 by Emil Persson
Basic constructs ii
Building Efficient and Highly Run-Time Adaptable Virtual Machines
D vs OWKN Language at LLnagoya
6th Semester Electronic and Communication Engineering (2013-December) Questio...
1st Semester M Tech Computer Science and Engg (Dec-2013) Question Papers
Integrating R with C++: Rcpp, RInside and RProtoBuf
Transparent Latent GAN
Extreme JavaScript Minification and Obfuscation
Data Structure Lecture 4
ClockSystem: Embedding Time in Smalltalk
Q4.11: NEON Intrinsics
Block Cipher vs. Stream Cipher
A petri-net
Ad

Similar to Class 25: Reversing Reverse (20)

PPTX
Class 28: Entropy
PDF
Nach os assignment_2_teorica
PPT
Python 101 language features and functional programming
PDF
Lec03-CS110 Computational Engineering
PDF
Os Peytonjones
PDF
2 2. operators
PPTX
Class 16: Making Loops
PDF
C Code and the Art of Obfuscation
PDF
Functional programming basics
PDF
From programming to software engineering: ICSE keynote slides available
PPTX
Introduction to Clojure and why it's hot for Sart-Ups
PDF
Functional Concepts for OOP Developers
PPT
Lect26 Engin112
PPTX
Presentation1
PDF
Ds & ada
PDF
Machine Vision made easy with Ruby - ShRUG June 2010
PDF
ARM procedure calling conventions and recursion
PDF
Dimitry Solovyov - The imminent threat of functional programming
PDF
Ti1220 Lecture 1: Programming Linguistics
DOCX
1 CS110 - Introduction to Computers and Applications .docx
Class 28: Entropy
Nach os assignment_2_teorica
Python 101 language features and functional programming
Lec03-CS110 Computational Engineering
Os Peytonjones
2 2. operators
Class 16: Making Loops
C Code and the Art of Obfuscation
Functional programming basics
From programming to software engineering: ICSE keynote slides available
Introduction to Clojure and why it's hot for Sart-Ups
Functional Concepts for OOP Developers
Lect26 Engin112
Presentation1
Ds & ada
Machine Vision made easy with Ruby - ShRUG June 2010
ARM procedure calling conventions and recursion
Dimitry Solovyov - The imminent threat of functional programming
Ti1220 Lecture 1: Programming Linguistics
1 CS110 - Introduction to Computers and Applications .docx
Ad

More from David Evans (20)

PPTX
Cryptocurrency Jeopardy!
PPTX
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
PPTX
Hidden Services, Zero Knowledge
PPTX
Anonymity in Bitcoin
PPTX
Midterm Confirmations
PPTX
Scripting Transactions
PPTX
How to Live in Paradise
PPTX
Bitcoin Script
PPTX
Mining Economics
PPTX
Mining
PPTX
The Blockchain
PPTX
Becoming More Paranoid
PPTX
Asymmetric Key Signatures
PPTX
Introduction to Cryptography
PPTX
Class 1: What is Money?
PPTX
Multi-Party Computation for the Masses
PPTX
Proof of Reserve
PPTX
Silk Road
PPTX
Blooming Sidechains!
PPTX
Useful Proofs of Work, Permacoin
Cryptocurrency Jeopardy!
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Hidden Services, Zero Knowledge
Anonymity in Bitcoin
Midterm Confirmations
Scripting Transactions
How to Live in Paradise
Bitcoin Script
Mining Economics
Mining
The Blockchain
Becoming More Paranoid
Asymmetric Key Signatures
Introduction to Cryptography
Class 1: What is Money?
Multi-Party Computation for the Masses
Proof of Reserve
Silk Road
Blooming Sidechains!
Useful Proofs of Work, Permacoin

Recently uploaded (20)

PPTX
TLE Review Electricity (Electricity).pptx
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
PPTX
Tartificialntelligence_presentation.pptx
PDF
DP Operators-handbook-extract for the Mautical Institute
PDF
A comparative analysis of optical character recognition models for extracting...
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
PPTX
A Presentation on Touch Screen Technology
PDF
Hybrid model detection and classification of lung cancer
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
PDF
Enhancing emotion recognition model for a student engagement use case through...
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
PDF
Zenith AI: Advanced Artificial Intelligence
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
PDF
Mushroom cultivation and it's methods.pdf
PPTX
A Presentation on Artificial Intelligence
PDF
Encapsulation_ Review paper, used for researhc scholars
PDF
MIND Revenue Release Quarter 2 2025 Press Release
PDF
Web App vs Mobile App What Should You Build First.pdf
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
TLE Review Electricity (Electricity).pptx
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Tartificialntelligence_presentation.pptx
DP Operators-handbook-extract for the Mautical Institute
A comparative analysis of optical character recognition models for extracting...
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
Univ-Connecticut-ChatGPT-Presentaion.pdf
A Presentation on Touch Screen Technology
Hybrid model detection and classification of lung cancer
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
Enhancing emotion recognition model for a student engagement use case through...
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
Zenith AI: Advanced Artificial Intelligence
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Mushroom cultivation and it's methods.pdf
A Presentation on Artificial Intelligence
Encapsulation_ Review paper, used for researhc scholars
MIND Revenue Release Quarter 2 2025 Press Release
Web App vs Mobile App What Should You Build First.pdf
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf

Class 25: Reversing Reverse

  • 1. Class 25: Reversing Reverse cs1120 Fall 2011 David Evans 21 October 2011
  • 2. Reverse Engineering What you Want Design a Solution Forward (Normal) Engineering Understand how it works Some Artifact Challenge Response Key stream RNG + f(∙) + + 48-bit LFSR Note: when the artifact ID you start with is Mutual authentication protocol 48-bit stream cipher natural, this is called Reverse Engineering “science”! 2
  • 3. Reversing Crypto Circuits 500x Magnification Microscope Pictures from Karsten Nohl (UVa CpE PhD 2009) 3
  • 4. 4 NAND: Y = !(A & B & C & D) Chip Logic Layer 4
  • 5. (Mostly) Automated Analysis Identify Logic Gates Trace Wires Connecting Them 5
  • 6. Challenge Response Key stream RNG + f(∙) + + 48-bit LFSR ID Mutual authentication 48-bit stream cipher protocol
  • 7. 7
  • 8. Plan Review: list-reverse (Forward and Reversing) mlist-reverse! Forward and Reverse Lists (Doubly-Linked Lists) I still have unclaimed Exams! I will start charging exam storage fees Monday. Note: if you want to reverse engineering my storage fees protocol, you could try waiting later (but I don’t recommend it!) 8
  • 10. Analyzing list-reverse (define (list-reverse p) (if (null? p) null (list-append (list-reverse (cdr p)) (list (car p))))) 10
  • 11. Reversing (define (list-reverse p) (if (null? p) null (list-append (list-reverse (cdr p)) (list (car p))))) Running time is in (N2) where N is number of elements in p. Number of new cons cells: for the list-appends: N-1 + N-2 + … + 1 = N2/ 2 + for the (list (car p)): N memory use is in (N2) 11
  • 12. mlist-reverse! Define a mlist-reverse! that reverses the elements of a mutable list. The output should be a mutable list with the elements in the reverse order. The number of cons cells it creates should not scale with the length of the list. (The input list can be mutated arbitrarily!) 12
  • 13. Revers!ing a List m1: 1 2 3 revm1:
  • 14. 14
  • 15. Close…but not quite (define (mlist-reverse! p) (if (null? (mcdr p)) (define (mlist-reverse! p) (if (null? (mcdr p)) p p ((lambda (rest) (let ((rest (mlist-reverse! (mcdr p)))) (begin (set-mcdr! p null) (set-mcdr! p null) (mlist-append! rest p) (mlist-append! rest p) rest))) rest)) > m1 (mlist-reverse! (mcdr p))))) {1 2 3 4} > (mlist-reverse! m1) {4 3 2 1} > m1 {1} 15
  • 16. Charge Next week: Finish mlist-reverse! Programming with Objects, Python I still have unclaimed Exams! I will start charging exam storage fees Monday. You can come to my office now to get yours. 16