Abstract:

Ever wanted to make a CPU says Hello world? Or figure how a driver to communicate with hardware? Or how to reverse engineer a bootloader? Then this workshop is for you.

The ultimate goal of this workshop is to make participants understand how they could emulate and debug binaries which runs directly on a CPU, without an underlying operating system. Good examples of such binaries are bootloaders and the kernel of the operating system itself.

Prerequisites:

This workshop is designed to run under a docker container. Therefore, the docker engine needs to be installed first. Please refer to official instructions to install docker on your operating system:

• https://docs.docker.com/engine/install

Then clone the workshop repository

• https://github.com/Marc-andreLabonte/BareMetalEmulation

Outline:

This workshop is divided into 4 exercises as follows:

Exercise 1

The objective is to test if the docker container and the software within it are functioning properly by running the emulator on a simple binary that should print "Hello world!"

Exercise 2

The objective is to modify the source code of exercise 1 to port it on a different emulated board and architecture.

Exercise 3

Understand the difference between Qemu 's options used to load code (-bios, -kernel and -
device,loader=...)
Trace the reset vector in Qemu, look it up in the source code
Learn how to set the cpu state so the program could run (c runtime)
Use reconnaissance techniques to locate the UART in the memory map

Exercise 4

CTF time!

Break the firmware encryption implemented by a mock bootloader and get the flag