Our #usenix2024 paper "SIMurai: Slicing Through the Complexity of SIM Card Security Research" just went public!

We asked ourselves: What kind of attacks could a hostile SIM launch against your phone?

See the recording of our baseband emulation and fuzzing talk here:
https://media.ccc.de/v/camp2023-57330-analyzing_cellular_basebands_with_firmwire

#cccamp23

Come see @nsr and me talk about smartphone baseband emulation and #fuzzing.

Learn how to use #FirmWire and find some bugs :)

Thursday morning, 10:30 at #cccamp23
https://pretalx.c3voc.de/camp2023/talk/TQXEN7/

Disclosing CHOP, aka how attackers can bypass commodity return address protections such as stack cookies by hijacking the exception handling process. Paper to appear NDSS'23, fetch our preprint here: https://download.vusec.net/papers/chop_ndss23.pdf! Joint work of Victor Duta, Fabian Freyer, @pagabuc, @nsr, and @c_giuffrida.

Code and data available at: https://github.com/chop-project/chop.

Interested in smashing stacks or binary exploitation in general? In case you attend Backhat Europe next week, feel free to checkout Victors's and Fabian's talk "Unwinding the Stack for Fun and Profit" next Wednesday.

They will present our work on confusing the unwinder and bending exception handling for exploitation.

More info at: https://www.blackhat.com/eu-22/briefings/schedule/index.html#unwinding-the-stack-for-fun-and-profit-29449

Trying to use Twitter Spaces one last time while it's still running for the reverse engineering adventures. Tune in tomorrow at 8PM Berlin time. Tell us about the most expensive thing you bricked during security analysis and ask any question you want 💻 💥 📱

https://twitter.com/i/spaces/1mrGmkjlQkLxy

Happy to announce the release of swSIM and swICC by Tomasz Lisowski, two open source repositories to enable SIM card emulation: https://github.com/tomasz-lisowski/swicc & https://github.com/tomasz-lisowski/swsim.

Among others, we attached the emulator to a physical phone via SIMTrace2 and interact with test networks!

Ohai!