R2Phoenix

r2con2024

when: 2024-11-(8,9) November (Fri + Sat)
what: Workshops and talks
wher: Barcelona UPC - Edifici Vèrtex (geohack)
chat: Join our Discord or Telegram channels
news: Follow #r2con2024 and @radareorg for the latest updates!
else: Vegan food, beers and chiptune

Tickets are only required to physically attend the event.

[09/25-10/25] Click the link to buy your ticket!
[06/10-10/10] Send an email (online sunday slots only)

Schedule

Friday November 8th - trainings

09:00-10:45 - Introducing malware analysis with radare2 (sha0)
09:00-10:30 - Welcome contributors, developers playground (community)

11:00-13:00 - Scripting to automate and extend r2 (pancake)
11:00-13:00 - Advanced IO capabilities (condret)

15:00-17:00 - Keylogger for all stacks (dreg)
15:00-17:00 - GameBoy ROM Recovery Workshop (Travis Goodspeed)

Saturday November 9th - talks

09:00-09:30 - Keynote (pancake)
09:30-10:00 - Combining frida-trace with radare2 (Ole Andre)
10:15-11:00 - Uncovering more crypto secrets (Sylvain+Karim Sudki)

11:40-13:00 - Frida hooking tricks on non-jailbroken iOS (mrmacete)

14:00-14:45 - Hack-proof your mobile apps (grepharder)
15:00-15:30 - Reversing faster, together (lars)
15:40-16:20 - A Hitchhikers Guide for Unity: Reversing iOS games (murphy)
16:30-17:00 - Final words (pancake)

Sunday November 10th - online

09:30-10:00 - Beating chess with r2frida (hexploitable)
10:00-11:00 - afen - a tool for renaming expressions (satk0)
11:00-12:00 - Cracking binaries with r2ai visual mode (dnakov)
12:00-13:00 - Reversing Flutter apps (apkunpacker)
13:00-14:00 - Running over an STM8 firmware (brainstorm)
14:00-15:00 - Cracking Pickles with r2 (Dennis Goodlett)

TLDR

Introducing malware analysis with radare2 (sha0)

Introduction to malware analysis with radare. We will cover many radare commands from the practical prespective with basic malware, mainly static analisis, automation and some of emulation. There are use cases where is clearly more convinient and comfortable using radare than other multiple tools. We will work based on this cases.

Welcome contributors, developer playground (seifreed)

Learn how to contribute to the project from code to documentation. Understand the easy issues, project plans, priorities and how to submit patches and feel comfortable coding in C.

Scripting to automate and extend r2 (pancake)

Attendees will learn how to use Python and JavaScript with radare2 to automate tasks and support new architecture, file formats, commands and io backends via plugins. We will also cover the high level and idiomatic r2papi library for easier scripting, as well as tips to make our scripts run faster.

Advanced RIO capabilities (condret)

We will look at some aspects of simulating memory spaces for emulating GameBoy with esil and radare2 apis. The focus lies on the following features of the r_io api: Adding io plugins for individual usecase, managing and switching between virtual mappings through io banks, map overlays, treebuf:// as a dynamic malloc:// replacement, io desc vs io fd.

Keylogger for all stacks (dreg)

We will dive deep into the world of PS2 keylogging, exploring various methods to implement keyloggers across different layers & components: user space, kernel, and hardware. The presentation will also highlight the indispensable role of sophisticated debuggers like Radare2 in developing and debugging keyloggers.

GameBoy ROM Recovery Workshop (Travis Goodspeed)

Mask ROM Tool is a CAD tool for extracting the bits of a mask-programmed ROM from a photograph of the chip die. In this workshop, we will begin with die photographs of the Nintendo Game Boy's CPU, working our way forward until we have a disassembled firmware image of the boot ROM.

Bio: Travis Goodspeed is a reverse engineer of embedded systems from East Tennessee, where he drives a Studebaker and knows every good dog in town by name. His new release, Microcontroller Exploits, is available wherever fine technical books are sold.

Prerequisites: Please arrive with Radare2 and the latest release of MaskRomTool installed from Github on your Windows, Mac or Linux laptop. An external mouse is very handy, but not required.

Uncovering more crypto secrets (Sylvain & azox)

Since r2con2020, Radare2 has made substantial progress in enhancing its ability to search for cryptographic materials. This presentation will focus on how these improvements enable the recovery and analysis of cryptographic materials in real-world situations. To bridge the gap between expectations and reality, demonstrations will be showcased on anonymized binaries.

Frida hooking tricks on non-jailbroken iOS (mrmacete)

After removing the jailbreak superpowers, what options remain for placing Frida hooks in the context of an app process on iOS? A survey of "jailed" Frida hooking techniques and their trade-offs in terms of depth and requirements, with step-by-step practical examples where Radare2 and its dyldcache-exploring capabilities will be leveraged heavily.

Hack-proof your mobile apps (grep harder)

Learn how to design hack-proof apps and identify security or privacy issues in production apps for iOS and Android by using static and dynamic analysis techniques to improve your mobile app security skills.

Presented by the OWASP Mobile App Security project leader, attendees will be introduced to the new Mobile Application Security Weakness Enumeration (MASWE) and dive into several practical demos.

Reversing faster, together (lars)

We're experimenting with new ways of reverse engineering, and we want you to take part in our experiments! We'll present the underlying technology, combining event-based dynamic analysis, code tracing, hypervisor-level debugging, and static code analysis techniques to find, disassemble, decompile, and understand interesting code fast. Then, we'll introduce the concept of iterative reverse engineering, and spark a discussion on what types of actionable intelligence is most relevant in contexts such as incident response and threat research. We'd love to hear what information is most useful to _you_!

A Hitchhikers Guide for Unity: Reversing mobile games on iOS (Murphy)

This presentation will teach how to reverse-engineer Unity applications on iOS. Alex Soler (Murphy) will show how to sideload the associated metadata, use r2 capabilities to symbolicate the application and decompile the code back into C#. Our main goal is to recover as much as possible of the original code and understand the game's logic as the developer would. This will help us analyze essential parts of the app and identify critical parts, allowing us to manipulate its behavior using r2frida dynamically.

afen - a tool for renaming expressions (satk0)

Simple utility that renames expressions while reversing a binary. It follows the same principle as `afvn` command. It explains how afen is built as a parse plugin, allowing more control over how the disassembly is shown by using per-function patterns. To be included hopefully in r2 v6.0.

Cracking binaries with r2ai visual mode (dnakov)

This presentation introduces the latest enhancements in radare2, focusing on the integration of r2ai and its new visual mode. Through practical examples, we will explore how auto mode can be used to tackle crackmes, uncover passwords, and identify vulnerabilities within binaries. The session highlights the efficiency and ease provided by the visual interface, offering insights into how these new features can streamline analysis workflows.

Reversing Flutter apps (apkunpacker)

Reverse engineering a simple Flutter application by decompiling it with Radare2 to uncover its logic and use of Frida to hook into the application at runtime to tamper with its behavior.

Running over an STM8 firmware (brainstorm)

In this talk we will explore reusing e-waste for multiple purposes: * Improving the r2 analysis and pseudo-C of the STM8 8-bit microcontrollers, still ubiquitous IC in consumer electronics. * Leveraging r2ai and decai to accelerate our firmware decompilation efforts. * Exploring project decompilation via custom decai prompting while swapping and comparing inference backend performance. * Have good project management skills and finishing this project and talk in time for demonstration, thanks to generative AI.

Cracking Pickles with r2 (Dennis Goodlett)

Despite the incredible simplicity of python pickle architecture, incredibly strong obfuscation methods are possible. In this talk we will attempt to fool common pickle parsing tools, bypass malicious pickle detection and show how these tools can be improved. This talk will show why Radare2 is currently the best tool for reversing pickles. Even still, the python pickle language is expressive enough to give even my own tools trouble.

Keynote (pancake)

Welcome to r2con2024! After 4 years we get the mood to organize it again to organize the event from and for the radare2 community. Taking it as a warmup for meeting all the users and contributors to have fun and learn and share together. The keynote will also show the project state and the upcoming plans.

Final Words(pancake)

Closing final words, and last minute announcements!

Combining frida-trace with radare2 (Ole Andre)

This presentation will introduce the integration of radare2 with frida-trace, built on top of webassembly, easing the introspection of assembly code right from the browser and changing hooks in realtime with few clicks.

Bad sportsmanship - Beating chess with r2frida (hexploitable)

We will explore the process of reverse engineering a mobile chess app using r2 and r2frida combining several static and dynamic instrumentation tecniques. With the aim to identify inaccessible functionalities within the app by identifying critical functions and injecting scripts in real time.