Demystifying the Secure Enclave Processor
Lyj6k4
Lyj6k4
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Attacking IMG4<br />
• ASN.1 is a very tricky thing to pull off well<br />
▫ Multiple vulns in OpenSSL, NSS, ASN1C, etc<br />
• LibDER itself actually ra<strong>the</strong>r solid<br />
▫ “Unlike most o<strong>the</strong>r DER packages, this one does no<br />
malloc or copies when it encodes or decodes”<br />
– LibDER’s readme.txt<br />
▫ KISS design philosophy<br />
• But <strong>the</strong> wrapping code that calls it may not be<br />
▫ Audit seputil and friends<br />
▫ Code is signifigantly more complex <strong>the</strong>n libDER itself