Eduardo Novella Lorente

"It's not that I'm so smart; it's just that I stay with problems longer." – Albert Einstein

Hacker, chessplayer, security enthusiast, swimmer, dreamer

Specialized in

  • Android Mobile Reverse Engineering (Cloud-based payments and DRM)
  • Source code review (C/C++/Java/JavaCard)
  • Embedded Security (Smartcards, routers, smart-meters, IOT devices,…)

Computer Skills

  • Software: Java, Python, C, JavaCard, Bash, C#, Perl, HTML, JavaScript, Visual Basic, Assembler (Intel,MIPS,ARM,AVR,Dalvik), Matlab, Mathematica, VHDL, Yara, LATEX, Markdown

  • Hardware: Side channel & Fault injection attacks, JTAG, UART, SPI, SWD, I2C, TI MSP430Fxx, AVR ATMEGA, ARM Cortex, Bus Pirate, EEPROM reader, logic analyzer, firmware dumping, soldering skills

  • Tools:

    • RE: IDA Pro (idapython), Radare2 (r2pipe API), Frida, Xposed, JEB, Android RE tools, GDB (gef), Binary ninja, Ghidra
    • Network: Burp, Nmap, sqlmap, aircrack-ng, and Kali toolbox
    • Fuzzing: Defensics (Synopsys), AFL
    • Others: Android Studio, IntelliJ IDEA, Eclipse IDE, AVR Studio, QEMU, Hashcat, Truecrypt, VMware, Wireshark, Kali linux, libnfc, RFIDIOt, OpenOCD, Texmaker, Git, svn, hg, any shell-like tools, Gimp

Education

2012-2015 The Kerckhoffs Institute. Radboud University Nijmegen, The Netherlands

  • Master’s Degree in Computer Security. 2 year course studying : Cryptography engineering, security, smartcards, verification of security protocols, software security, hardware security, network security, security and privacy in mobile systems, side-channel attacks, machine learning and so on.

2009-2012 Universidad Politécnica de Valencia, Spain

  • Bachelor’s Degree in Computer Engineering. 3 year course in Computer Engineering. Specialization: Systems and network administration.

2003-2005 I.E.S Abastos, Valencia, Spain

  • High level Technical Degree in Development of Computer Applications (DAI). 2 year course about programming and databases.

Awards

2015 Best Student Paper at Usenix WOOT (Washington, USA) Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers

2015 CVE-2015-0558 Reverse-engineering the default WPA key generation algorithm for Pirelli routers in Argentina

2015 CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar

2012 CVE-2012-6371 Insecure default WPS pin in some Belkin wireless routers

2012 3rd position Crypto-challenge in my Faculty Breaking easy cryptograms

2010 Well-known vulnerability Reverse-engineering the default WPA key generation algorithm for Telefonica Comtrend routers in Spain

Occupation

2019-present NowSecure, London, United Kingdom / Valencia, Spain

Independent Mobile Security Researcher

  • Keywords: Android Mobile security, Dynamic Binary Instrumentation (Frida), Reverse-engineering (Radare2)

2018-2019 (10 mo) Synopsys, London, United Kingdom

Senior Security Consultant

  • Keywords: Android Mobile security (RASP), Dynamic Binary Instrumentation (Frida), Reverse-engineering (IDA Pro & Radare2), Reverse-engineering of Android Fingerprint Trustlets (TEE & TrustZone), ARM assembly (32-64 bits), Source code review (C/C++/Java/Python), IOT hacking & fuzzing (Defensics)

2015-2018 (3 years 2mo) Riscure, Delft, The Netherlands

Security Analyst

  • Keywords: Android reverse engineer for Cloud-based payments apps (HCE) and DRM (Pay-TV), whitebox cryptography, Frida & Unicorn emulator, mPOS, Pay-TV, DRM reverse-engineering, secure boot, fault injection, glitching, source code review, embedded security, obfuscation, TEE, ARM & MIPS exploitation, side channels, smart-meters, modems, javacard & smartcards

Performing security evaluations for various products in the mobile payment and content protection markets. Concretely, evaluating satellite receivers (Pay-TV), Digital Right Management systems and Android mobile payment applications (mainly Host Card Emulation). My regular work consists of performing dynamic binary instrumentation and evaluating the security mechanisms (anti -root,-debugging,-emulation,…) on Android mobile banking apps. One of my goals is to deobfuscate binary code and fight against packers. In addition I assess the robustness of the architecture design and attempt to break the security of obfuscated ciphers implemented in software also known as White-box cryptography. Occasionally I evaluate MicroSoft PlayReady certifications on the Trusted Execution Environment (TEE) area where the main goal is to find memory corruption bugs and exploit them until gaining code execution. Another of my skills is in reviewing the hardware and software security of gas smart meters, modems and any other embedded device which may come into my hands.

2014-2015 (7mo) Fox-IT, Delft, The Netherlands

Intern. Masters Thesis; “Hardware Reverse-engineering”

  • Keywords: Hardware reverse engineering, wirelessHART protocol, SCADA security, wireless sensor networks, industrial systems, JTAG, SPI sniffing, firmware dumping, OpenOCD, flashtool, Bus pirate

Internship investigating wireless SCADA devices to extract the cryptographic keys by applying hardware attacks.

2006-2011 WiFiSlaX, SeguridadWireless, Spain

Collaborator

Description: Our main goal was to create a kind of BackTrack distribution mainly focused on wireless hacking technology. During those years, I was reverse engineering some routers of important ISP’s and sniffing around with devices on 2.4Ghz. Also, I installed tools and tailored Linux distributions just for fun

SeguridadWireless

2005 Nutelco S.L., Valencia, Spain

Visual Basic Developer

Publications

Interests and Hobbies

I love all sports but I mostly prefer swimming and chess. Enjoy reading technical about programming, reverse engineering, exploiting, vulnerabilities and so on. Play hacking contests whenever I have some spare time. Know how to repair computers. Besides computers, I also love nature a lot.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname: pgp.mit.edu

mQENBE1NUDQBCADLK2Xyf7tQyq2hnuZTzeMsbzY3L1VMVkl+PH5Hp+nJExv6v2FqV433hhs1
HS37wYzHQscUynKx5O9XmPVMUWQ0bxAzFNpAfLK8yZhBVydc0i+9d8qTDgzWZ0rc/81Ycy49
rukd2VyICCIxLtrIc3faKLf0EQi8rSvOf9ZymxCC1NzqRM/xJQHbG9gxykpLK23v/cHswMYE
fv+vvv31mCbMZrLceVDqWu+HMIbA/gsKVuD3L8roqE2kW4BsXr9CXRcTvxVUJp+osegS6Efa
XmvfmX02f0Z3OjdGcOjs1g3O8r+IakhtZ3HTIfU0A2cPEvSxwGUHAq7A147c1GhCtLH9ABEB
AAG0LkVkdWFyZG8gTm92ZWxsYSBMb3JlbnRlIDxlZG5vbG9AYWx1bW5pLnVwdi5lcz6JATkE
EwECACMFAlXQcXMCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBY27S8nzNRPGgX
B/9GAUJUNo9ib1X0ubIQP7Eyv3WCQSRTUT7v83uE+aV94YFqBMTAprdywdvKgGbiQ2gN1k6b
C1ZgdoKwxElEbETOWW+hd2kDv8hNvlqLV3jvdVnOHi6pUdbhRjZYSI32BznJ0q7tGSCQ88ts
zyDDDOBbKaRmgiwNp+GNT6+h0QV6DYV25T1svQlHV++/iP14y5Q8PDFIhb2hmXe7mRFPlFny
goozZjZPgjA0mV6ImvHt5JTx6+rbftked75xfVRo16eUNgVrbwu0RlyJkBqOzvT0dYIJlouo
Iws2GXyukDCKfX0IjdaqV3RUygrkrvgk8ewYCad4pVtpGwEKrt6OjY1GtDFFZHVhcmRvIFBh
YmxvIE5vdmVsbGEgTG9yZW50ZSA8ZWRub2xvQGluZi51cHYuZXM+iQE4BBMBAgAiBQJNTVA0
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBY27S8nzNRPFdiB/wIC+r9ZQ3uY+YF
caX9zlKGEOdi8v5cxza0ygBH6lq2Bpu2hLnwPLA+9ThyjrsTMb8flQ8O6281vMeOn7PxAMYf
IYl5jsWhMp2zzxdENi5sObHLMa91bkVZHfJiCm0aqwMvLcTxHXN8Ds4wtBDk7tWj99/yi271
bf+S+zLZLbYGZ0v6kDAATGQO/Grz6Pg8fnSTE0mzGsVr91r0qgElvSeGHqRxdZ/2BH+XPPhE
NwbKVJ8mfOYR96pQrkU7t9sU1uMcGor0cTq0ta1vF0TwLPopHe5qrEwi4OGdfFMZid2VPsLc
SXePW3tfLzAIrzvjDRvWJvlQXPY7EcE97lacT4pFiQE7BBMBAgAlAhsDBgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAUCVdBxtgIZAQAKCRBY27S8nzNRPOWFB/95Htc5xHph5O+meZrNHJ81
Bn/DqgsrQ8ekeIIHX0EVugfQ5+ZsaxVpG7KK7bZyRFG0c1qdHDH84ja7g3fQmZvhNDfwsi0C
AU5NHPa+/IkhgGmIAVtmu/yS+4xPhFye6C3PmDQp6uhXX2JFsOlIpTboZLQbIjLP1dWRNyDJ
5bDXQIE7MgpiuYVA3fNuq4qoE0kUGJGPUj+MZYyI5clDtXP5ZlAs/7NvT2PAfNsoooEN42dx
RDJ4PKryAcJmJ5eSleO86j3irwjcxEcBEOd4Hmb1/4UKZ+OvN6RnIWDDc/8DzMHqSwVrKVXn
nXic/BHJFtHFO8951byU9ANK5agJ9q5HiQIcBBABAgAGBQJVJ7AdAAoJEEszE/jHeuoTajQQ
AKA65zSOL2D+G99kAs5zTNzc8W1Ybcsp3B7V60X0GGgL38Rd5ox0w82+xrJ39EnhXaYWp4i1
REFz1tfQ8WT0KfzSbItYGDoYREMwjRUvF2fg8atIj/KBlEaX13n/Q41tAb6rmWYubIOWp5RZ
U2jZ8lp3VOcHYutbYe879L6/2ca6oZ0xPZP/GsvGWnWn4zF5qlDY7JzqBwOENF84spHvhTUO
/VmMgXus96ZR13rmXg2BYECuxWl9Zq1177ZuvU1yT3zlg+OWdrZtOxsIMsXecAC8H2w/R6+Z
8Qc+VfaGqUvDnAgg+R6XgYd1VDBAdGKVUu1U2IRVqzYH2lAx6Itkl8HcMIDvR9wAuZr0OTSd
ba084v6pF6UQEVk4Zx09TjJl1RJng56M5C/22uutUGsYyjVCdWWFYygdiXIMyFnlmHfpiqKM
Vl+bjEIcaX0HE8a0sbeWgGO2UZNnZAHQnEGnX8lViMI5Eg7D1tPwQqzhPUng6Qq1Y0YwdECM
5POaZS2hVIrONMO7bVu0TLMxWcbu9LP+EUzSkOgU2KAlz+0zddblXf8zwKSirOm8XTcSpGQG
Vo8kRd6I6wLND3ylMLmNrYQVGsinKg8ffkitSP8z3lmYbdGAgnPvHVM85OuCuZLU+CRcZMBh
3aHlwGDyFKpHHlLwIBbpu8e2ifmIzwvnFXpaiQIcBBABCAAGBQJVEGJ2AAoJEPY4gJff1lFa
dukP/iz/GOIgybjB6PEC37fJ4LLBK/B1yqrdMklKWjotvorg+DY6RjQKa84UVuTynTBgpCic
UhJEgrD2ckxuZ1gw+ZKBMiegoCBVswsnSIU4wS4JcYYtowA2GxsLB3Ksjc4ZhzoGHEFFPIr2
98QR4hWUvTOr1ZmyvbccJ6GZJP2Xg+wrd/I8tKKDqyctBZv5Df7hrItvAuYREQqnAcEwtjk5
OG/liB1S5yzyBJLGziJ8wvqGbi+eO2wyCwo1GxU/kUJ5EAKSYZ0XFKzNn5ty098pcZ8fiSUp
1gXZz/7O8uQyesf0df13dwzCESmBjeRRr+xWfeUzclHX6iRrLoikmOfbv70L3lRDk4YGgt7d
6g9+n2iGedGGB66bthgEcVk6/oubVAYzvEAVb/N8PnX8xa1SAyBBgHSXvN+ogkA8bS1djBmj
nGLIohl/kZS5rXJIKz0gdGMIgaAjwUmwdCHpWILlJQLIfBlKvHoBtXe04fnRs/OvNnWm9D2K
O8C/4LQh4pSKVp4M6yOacoSxiIokH/4riieGbammNrJ5wlZEVyOQIrktkUv2i2s3OVhSTKj1
OWJ+vpom59ijNyUuKz4ejlGp36St1KyYZUZQPEejAKEES2X9LV7THtcmyPtBl6Jfm11WHYrU
gp9OUnubpqh6QjJKqivF9fJeKVA82ZK2wnBJL0hriQIcBBABCAAGBQJVEGakAAoJEPY4gJff
1lFa2voP/0D0+3WLYauprS2DIEys6z6CcBsPL862N5cD9yqHrI1mlmAHvjJjAiArWnZh5YkR
8dEzNjnFZfIjbR3WkOcZN3opXoJhqKlAZJCLhnr7so+P7ryDigjasePRRrquDH0H/AxgCj5I
TeF3RviWYFM15VwblYb8SHU2S85nZfXAUphFGSon/oT0ZwTUkCv+3RJkLyDLfuRbJj8A+jwG
5jRLiEB6SQ/H3ug2w2yxEFWCw4vxeyjlLhRv8637phyb6R2UeqelF30yftDfhZbHXpYH3GGR
O5/QN7mxPDC25AuSePbmyLc8i9+Xx0iEKyrQUP/Y1AwU9ZGI/HgaaYot5NjLYVeXJArBrdJs
GO3X1phpGkhjsNiAn2yxbmMAUIR6L3Vi4ZSn7x4iUHwe1mJd1kniTj28mq0x8S8gR4699WmJ
nleD06oLvk4dj24enASH2BLQUGosqrt7HW354sr6LqX4YhW/sQStHjVQV2ChtYkCrnIj+JF2
1IQZysj6I+goXXZf5BFIGSqM4B+oIqxpEkUCmarqLh0VdIExiqhHiz4JcZIm2JY3BiiBxpNo
orNtZcbTNqrkKqD24zZZlLlbXQCld4GEORM4UTBCa9vMTs9AWQFxg/ffQYAO11LfRq1hMx3G
gNU6ByMVmEBSKbnw8S3gar/VsO6I8kd2PMVUIt0KOIrniQIcBBMBCgAGBQJVJ7BUAAoJEAQj
IReW6iMV40oP/3JoQcfX44sCY1AeAeZnrNiJYpJocdrudWp31NxiqXH4TIRkHYRguLZpSx4L
BtG5yjQWg8ALiV4ZH9n2+5KHwVfkaKe6myQ4bjJFZ1OJlrKboqc0mhBrR9EBvGINS3QaVICH
rE0MNRAbVghg2umi6AhQJMaM3T8nWMKV3mn017em/UWBjp82MtihwB10P0fi3uJWD5wdodKJ
jVHbT/bpyAKSf6R5wSpVID2tPtyWeYssAkmgxiN0a2jKMUB6KHzyNhPqBGe2BlNuifcOWFLN
dGwB3UlW5daXes4Zs/ZWbICCpcLGIXrwJcTAd47YC/rXA7PYYxxgrvp3m6T8McuwD0AXa9xV
P6WzVlDC053tcT1ttRvcKXZoWwCVFIHBYQf2BaLqA/5hmWllM0x6z6DXF+2DjmOwmPYiQj0r
NGvuFCpxL637fmxnSSsbJG1ZTBbkTSFlUCneGpRsqNk1LbSK3J+8wMu8rClSUL3mz6zvzPtD
pYkipnJ1gKeOq3ST9t0Z5olHm+g4kpCqGIJhbbI+x1BX4Zk+dZJEDOKx0qLQczDMaayJxKmx
n48XvjmPXrNhGXNSf3cYyLGH4sxyIjBlPs8T6C4EJSnKB45O3L+Ur2e+smVxE3s3Jy1ChoW1
FqkmdNc7Zff0KuKEZONzkVnlj1KR1qwEh9fMftJwANwA8KHxuQENBE1NUDQBCADEPxLN/BiE
vy0Zt/nrRhuWJCeG6hCs9HxdQukkDbS1QYCnNgVU8rer+hTAMWd0QKMKdS0t8EJfrINAfYpz
xPEDnMeD3S9KuHLz2JJAYHVtwNDlDT3GuX0PUkWfmHBakaMBUriJMVqtCYhq7rYr5Hdc87vv
l0a1Ac0MVLD/+XT11/LTray+dJKxEJ2v1l4cnAfotE4hhPujnwMoIZ0rSxr9roex1+54X+Fl
FIpqti8Y6qt+TgJgCMo4Q01VNHphcxsDQapsnsBYD3w/t8q7yL3+Rv/B50z17JJTznPYPaao
Pjg+wEvxD5PQA2HRPiixzln1zsYw49FNawX5UDXHbWQpABEBAAGJAR8EGAECAAkFAk1NUDQC
GwwACgkQWNu0vJ8zUTxX+wf9ESkZ5HJS4fjUwoZbsVCeCph1mZsSwxTyNrO6LRfK202p7ou4
tBQQanLZiaw5nX3WRi9ai9PevDZOGudUqtrhcaKGmzSIvyHdFhvYQW2cVA2WFo8S4Tk+YD/L
j8tOYklxMRYwUCJ5J/09K8YxGZHw2QtRrHNfNPBYWZsA48N+8ToU9LeDCdPw8Ahl/xkMTXQJ
ls2pKRH/2csd2TK/MXzpcKFOR65YP8pgBNzqIHOtcjvKDxlFjK/13XIWo1tsT4Xo+tvTzDiB
B6M9vRkdL36sGjhpCLh1rfKWMGZWaVRWkS1klvESWi5LVN676wy7TJC+V7pQXG/7fM8EYrA0
eHtspA==
=0e8w
-----END PGP PUBLIC KEY BLOCK-----