foss-gbg 2018-11: Mender and hacking

It is time for the November foss-gbg. We will meet on the 14th and listen to Mirza Krak talk about Mender, followed by a hacking workshop by Philip Karlsson, so make sure to bring a laptop!

Robust software updates on Embedded Linux devices is complex, and doing robust software updates over-the-air adds to the complexity. The hardships come of course from the embedded environment which differ in many ways compared to desktop or server Linux installations, where you must handle poor mobile network connectivity, sudden power-loss and never leave a device in a unusable state (brick) when doing the update OTA.

There are a lot of examples that have gotten attention in media, where unstable software update solutions have caused real-life problems which could have been mitigated by a robust software solution that is able to handle the corner cases that exist in the embedded environment.

In this talk Mirza Krak will present Mender, Apache 2.0 licensed end-to-end software update solution. This is a deep-dive session that will cover:

– project ecosystem and community
– technical insights
– security insights

And will of course include a mandatory demo.

Mirza Krak is currently part of the open source project to deploy OTA software updates to embedded Linux devices. He is an embedded Linux solution specialist with seven years of experience in the field with expertise in within Board Support Package development which ranges from hardware bring-up, boot-loaders, Linux kernel and build systems (Yocto/OE-core).

Mirza was an Mender community member for a couple of years which led to an employment in 2018 to continue to work on the Mender project full-time.

Mirza has spoken at various conferences including Embedded Linux Conference and foss-north.

The hacking workshop starts with the MiGiC Guitar to MIDI Converter and focuses on how the free software x64dbg can be used to understand how the copy protection to MiGiC was circumvented.Shortly after the commercial release of MiGiC 1.0, the product was found cracked at one of the more known torrent pages. Since development hours were spent trying to protect the product he became curious in how the attackers broke the protection. In order to investigate this the open source debugger / disassembler x96 dbg was acquired to perform an analysis of both the cracked and uncracked binary.

In the session Philip will show you parts of the analysis as well as presenting three so called ”crackmes” that you will get the opportunity to find weaknesses in using the x64dbg tool. Therefore, its a good idea to bring a PC so you can use the tool yourself.

The venue host for the evening are ictech. They will provide lighter snacks and beverages, as well as the location.

Image result for ictech logo sverige

As usual you can reserve your seat at meetup.