Eduardo Novella

"It's not that I'm so smart;

it's just that I stay with problems longer."

– Albert Einstein

Hacker, chessplayer, security enthusiast, swimmer, dreamer

Specialized in

• Android Mobile Reverse Engineering (Cloud-based payments, Malware, Video-games and DRM)
• Android Code Obfuscation (RASP, MBA, anti-tampering, CFG flattening, …)
• Source code review (C/C++/Java/JavaCard)
• Mobile Security Analyst/Engineer
• Embedded Security (Side channel & Fault injection attacks on Smartcards, Pay-TV SoCs, routers, smart-meters, IOT devices,…)

Computer Skills

• Software: Java, Python, JavaCard, Bash, C/C++/C#, HTML, JS/TypeScript, Visual Basic, Assembler (Intel,MIPS,ARM32/64,AVR,Dalvik), Matlab, Mathematica, VHDL, Yara, LATEX, Markdown

• Hardware: Side channel & Fault injection attacks, JTAG, UART, SPI, SWD, I2C, TI MSP430Fxx, AVR ATMEGA, ARM Cortex, Bus Pirate, EEPROM reader, logic analyzer, firmware dumping, soldering skills

• Tools:

  • RE: IDA Pro (idapython), Ghidra, Radare2 (r2pipe API), Frida, Xposed, JEB, Android RE tools, GDB (gef), Binary ninja
  • Network: Burp, mitmproxy, Nmap, sqlmap, aircrack-ng, and Kali toolbox
  • Fuzzing: Defensics (Synopsys), AFL
  • Others: Android Studio, VS Code, AVR Studio, QEMU, Hashcat, Truecrypt, VMware, Wireshark, Kali linux, libnfc, RFIDIOt, OpenOCD, Texmaker, Git, svn, hg, any shell-like tools

Education

2012-2015 The Kerckhoffs Institute. Radboud University Nijmegen, The Netherlands

• Master’s Degree in Computer Security. 2 year course studying : Cryptography engineering, security, smartcards, verification of security protocols, software security, hardware security, network security, security and privacy in mobile systems, side-channel attacks, machine learning and so on.

2009-2012 Universidad Politécnica de Valencia, Spain

• Bachelor’s Degree in Computer Engineering. 3 year course in Computer Engineering. Specialization: Systems and network administration.

2003-2005 I.E.S Abastos, Valencia, Spain

• High level Technical Degree in Development of Computer Applications (DAI). 2 year course about programming and databases.

Awards

2015 Best Student Paper at Usenix WOOT (Washington, USA) Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers

2015 CVE-2015-0558 Reverse-engineering the default WPA key generation algorithm for Pirelli routers in Argentina

2015 CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar

2012 CVE-2012-6371 Insecure default WPS pin in some Belkin wireless routers

2012 3rd position Crypto-challenge in my Faculty Breaking easy cryptograms

2010 Well-known vulnerability Reverse-engineering the default WPA key generation algorithm for Telefonica Comtrend routers in Spain

Occupation

2019-present NowSecure, Chicago, Washington DC and Seattle (USA). Remote

Mobile Security Research Engineer

• Keywords: Mobile Security, Android/iOS, dynamic and static analysis, Radare2, Frida, NowSecure WorkStation, Research, Engineering, Reverse-engineering, Findings, RASP bypass

2018-2019 (10 mo) Synopsys, London, United Kingdom

Senior Security Consultant

• Keywords: Android Mobile security (RASP), Dynamic Binary Instrumentation (Frida), Reverse-engineering (IDA Pro & Radare2), Reverse-engineering of Android Fingerprint Trustlets (TEE & TrustZone), ARM assembly (32-64 bits), Source code review (C/C++/Java/Python), IOT hacking & fuzzing (Defensics).

2015-2018 (3 years 2mo) Riscure, Delft, The Netherlands

Security Analyst

• Keywords: Android reverse engineer for Cloud-based payments apps (HCE) and DRM (Pay-TV), whitebox cryptography, Frida & Unicorn emulator, mPOS, Pay-TV, DRM reverse-engineering, secure boot, fault injection, glitching, source code review, embedded security, obfuscation, TEE, ARM & MIPS exploitation, side channels, smart-meters, modems, javacard & smartcards

Performing security evaluations for various products in the mobile payment and content protection markets. Concretely, evaluating satellite receivers (Pay-TV), Digital Right Management systems and Android mobile payment applications (mainly Host Card Emulation). My regular work consists of performing dynamic binary instrumentation and evaluating the security mechanisms (anti -root,-debugging,-emulation,…) on Android mobile banking apps. One of my goals is to deobfuscate binary code and fight against packers. In addition I assess the robustness of the architecture design and attempt to break the security of obfuscated ciphers implemented in software also known as White-box cryptography. Occasionally I evaluate MicroSoft PlayReady certifications on the Trusted Execution Environment (TEE) area where the main goal is to find memory corruption bugs and exploit them until gaining code execution. Another of my skills is in reviewing the hardware and software security of gas smart meters, modems and any other embedded device which may come into my hands.

2014-2015 (7mo) Fox-IT, Delft, The Netherlands

Intern. Masters Thesis; “Hardware Reverse-engineering”

• Keywords: Hardware reverse engineering, wirelessHART protocol, SCADA security, wireless sensor networks, industrial systems, JTAG, SPI sniffing, firmware dumping, OpenOCD, flashtool, Bus pirate

Internship investigating wireless SCADA devices to extract the cryptographic keys by applying hardware attacks.

2006-2011 WiFiSlaX, SeguridadWireless, Spain

Collaborator

Description: Our main goal was to create a kind of BackTrack distribution mainly focused on wireless hacking technology. During those years, I was reverse engineering some routers of important ISP’s and sniffing around with devices on 2.4Ghz. Also, I installed tools and tailored Linux distributions just for fun

SeguridadWireless

2005 Nutelco S.L., Valencia, Spain

Visual Basic Developer

Publications

• UYBHYS 2021 France Workshop - Mobile Reverse Engineering with R2Frida
• CyberTruck Challenge 2021 Detroit (online) - Android security workshop for automotive students
• OWASP Android CrackMe: Radare2 Pay v0.9
• RadareCON 2020 CTF Android CrackMe: Radare2 Pay v1.0
• RadareCON 2020 Workshop - Beginners Workshop: Mobile Reverse Engineering with R2Frida
• RadareCON 2019 Workshop - Advanced Training: Mobile Reverse Engineering with R2Frida
• CyberTruck Challenge 2019 Detroit - Android security workshop for automotive students
• BlackHat EU 2018. APKiD: “PEiD” for Android Applications (speaker)
• Contributor opensource: APKiD (2017-present). Creating Yara rules to detect obfuscators, packers, protectors and other oddities
• Besides Las Vegas 2015 Conference (speaker)
• Hacklu 2015 Luxembourg Conference (speaker)
• Hack & Beers [Spanish] 2015 Conference (speaker)
• Dutch News 2015 after releasing paper at Usenix WOOT
• Bachelor thesis : “Reverse engineering internet banking”
• Bachelor thesis : Slides of the presentation
• Masters thesis : “Reverse engineering WirelessHART Hardware”
• Poster : Removing SSL using Man-in-the-middle attacks on a wireless access point
• Project with smartcard(Javacards)
• Applying Shuffling to PRESENT (smartcards) and QUARK in AVR assembler high speed

Interests and Hobbies

I love all sports but I mostly prefer swimming and chess. Enjoy reading technical about programming, reverse engineering, exploiting, vulnerabilities and so on. Play hacking contests whenever I have some spare time. Know how to repair computers. Besides computers, I also love nature a lot.

Contact me at:

foro.dudu [At] gmail [Dot] com