On April 18th, I'll be speaking at Toorcon Seattle at 8:35pm regarding a traffic light controller's firmware.
Inside a Traffic Light Controller's Firmware
The Econolite ASC/3 is a black-box device that manages traffic and pedestrian cross-walk lights. Having been given a unit and instructions to make it programmable from Matlab, I did what any self-respecting engineer would do. Namely, I disassembled its firmware, identified its checksumming algorithm, and mapped the relevant bytes of its file format. A bit of XML magic later, and I had a library for reading, writing, and signing configurations. This brief talk will discuss my adventure. It will not discuss forcing a green light or similar tomfoolery.
The following afternoon at 2:40, I'll be speaking at the same conference regarding msp430static.
Homegrown Analysis Tools for 16-bit Microcontroller Firmware
16-bit architectures are a playground for analysis tool developers. This talk will cover the author's development of a reverse-engineering tool for the MSP430. Both the tool and this talk feature function isolation, recovery of stripped symbol information, call-graph generation, simulation, and scripting. Rather than focusing on the usage of the tool, the intent of this talk is to demonstrate how members of the audience might write their own. Source code will be available online, and a personal walkthrough of the code will be performed during the Q&A session for those that are interested.