//
About

This page serves as both my (i.e, Joel Eriksson’s) personal home page, and the home for Team ClevCode.

I am a man of many hats. This page, however, focuses mainly on the one related to me as a vulnerability researcher, exploit developer, reverse engineer and IT security freak in general. Although most of the work I do within the IT-security field is confidential, some of it has been made public at conferences such as BlackHat, DefCon and the RSA Conference.

I am offering R&D related services within the IT security field. If you require cutting edge security research, advanced security assessments, exploit development, reversing engineering or in depth malware analysis, feel free to get in touch. I am running my own company, ClevCode AB, while also being the CTO of Cycura which is based in Toronto, Canada.

Besides running my business, I also enjoy participating in competitions related to vulnerability research, exploit development, reverse-engineering, cryptography, forensics and other IT-security related skills. We won PlaidCTF 2011 (under the name Hacking For Soju), and are currently one of the top 10 teams in the world. Read more at:

http://www.clevcode.org/team/

About me and/or my research, in English:

About me and/or my research, in Swedish:

Discussion

7 Responses to “About”

  1. Hello, I came across your blog and I find much and more of what you do fascinating. I’m going to university in a couple months to study computer science and your field is incredibly interesting. What I’m most curious about is what resources you used to gain the type of knowledge and skills you have today? Thank you for your time.

    Posted by Cody Johnson | 2012-07-12, 15:05
  2. Hej!
    Mitt namn är Mollie Westlund. Jag jobbar som headhunter. Tillsammans med min kollega jobbar vi med en mycket intressant rekytering. Jag skulle vilja komma i kontakt med dig. Maila gärna mig dina kontaktuppgifter, så ringer jag dig.

    Mollie Westlund
    0708626748

    Posted by Mollie | 2012-11-21, 14:05
  3. Hi Cody!

    Well, I first got interested in IT security when I was six or seven years old, after seeing the movie wargames, so that has been with me a long time. :) I started programming when I was 7, when I got my first computer (a C64). My parents knew nothing about computers, so I had to explore things for myself. Exploring yourself, instead of just being handed knowledge on a silver plate, is actually an advantage in my opinion. That way you must achieve a true understanding of what you are doing.

    My recommendation would be to code a lot, read a lot of code, identify both flaws in bad code and clever techniques used in good code, learn assembler and reverse-engineering. Learn about your OS, ground up. Never be satisfied with merely being able to accomplish something, always try to find the best way to do it and always strive for a complete understanding of what you are doing. Look beneath the surface of things.

    The best way to learn something is always by doing, and by constantly challenging yourself. Reading books, papers, tutorials and so on is fine to get a basic understanding of something, but you need to actually apply it to identify the limitations of your knowledge. It is also always better to try to figure out something by yourself instead of just reading a tutorial on the subject, and when you reach a certain level, tutorials and papers will not be enough for you to advance regardless.

    Playing wargames, such as the ones at http://www.overthewire.org/wargames/, is a great way to learn about basic types of vulnerabilities and how to exploit them. For reverse-engineering, there are crackmes available on sites such as http://www.crackmes.de/. Participate in CTF competitions (check out https://ctftime.org/ to see which ones are available) to challenge yourself within subjects such as diverse as forensics, cryptography, reverse engineering, vulnerability research and exploit development.

    Last but not least, remember that there are no shortcuts, and merely reading only takes you so far. Read, reflect, evolve, apply, repeat. :)

    Posted by Joel Eriksson | 2013-01-06, 21:32
  4. So the reason I contacted you is that I’ve desperately spent the last 2 weeks trying to figure out a code that someone built in to some software. It’s basically 50 bytes of hex that get sent to a usb device firmware and it sends back 50 bytes of hex that it verified back to the software before the software will proceed. I have no idea how the it does it and i really need to solve this for my client. I’ve worked on it for 2 weeks to no avail. I think you are the only person on earth that might be able to figure it out.. and we’d be happy to pay for the help!!!

    the software is called CardioScan (it sends the 50 bytes)
    and the usb device is called DMS 300-30m holter recorder (it recevies the 50 bytes via a VERIF message and returns the correct 50 hex bytes back to cardioscan, making it proceed).

    basically, the software keeps changing what it sends. So we sent it our 0’s and FF’s and this is what it returns.

    It is always new set of values from the software, It is not repeating.

    Result when I sent all 50 bytes as 0x00
    1C 2F 38 55 13 51 09 3F 10 5E 1F 17 54 3B 37 0A 18 53 3A 17 3D 62 1D 2C 20 4A 22 2A 04 06 0D 5B 0B 2D 47 16 13 1F 0A 53 3C 55 32 05 09 04 0A 14 58 03

    Result when I sent all 50 bytes as 0xff
    E3 D0 C7 AA EC AE F6 C0 EF A1 E0 E8 AB C4 C8 F5 E7 AC C5 E8 C2 9D E2 D3 DF B5 DD D5 FB F9 F2 A4 F4 D2 B8 E9 EC E0 F5 AC C3 AA CD FA F6 FB F5 EB A7 FC

    an example from CardioScan and back from the 300m is:

    send:

    f4 93 af e0 6f 4c 46 13 2c 50 cc 13 b9 46 56 6e f8 d5 03 9b 18 c4 8d 3b c3 5f 1d 9e 99 1d 64 89 de 81 e7 37 6f 3e 9a 9d fb 9e b1 f3 6f 24 b3 f8 b7 49

    receive:

    89 cd a0 d0 d3 27 15 50 29 1b 19 30 84 d3 78 27 31 5f 29 db 0b 50 6b 7a d2 15 55 a8 e7 4f 03 b5 d3 a4 c2 05 31 0e bb 93 97 d8 92 9b a2 72 9d a2 ff 9f

    we almost got the same result as when we send in all Zeros when sending in a huge prime number …

    any help would be appreciated, thanks, David.

    Posted by David Dattner | 2013-02-02, 00:00
    • Hi David!

      As you may have noticed, the byte sequence produced by sending fifty 0x00 bytes is closely related to the byte sequence you received by sending fifty 0xFF bytes.

      By simply looking at the sequences, you can see that when the byte in the first sequence is high, the byte in the other sequence is low. By adding some of these bytes together, you will notice this:

      Byte 1 in each sequence: 0x1C + 0xE3 = 0xFF (255)
      Byte 2 in each sequence: 0x2F + 0xD0 = 0xFF (255)
      Byte 3 in each sequence: 0x38 + 0xC7 = 0xFF (255)

      Of course, this is no mere coincidence. This pattern repeats for each byte in the sequence.

      One possible explanation for this would have been that the byte sequence you send in is XOR:ed with a fixed key, or with the output of a PRNG (pseudo random number generator) algorithm. If this was the case, that would actually mean that the key equals the byte sequence received after sending fifty zero-bytes, since XOR:ing something with zero leaves the value unchanged. This explains both sequences, as you can see below:

      0x00 ^ 0x1C = 0x1C
      0x00 ^ 0x2F = 0x2F
      0x00 ^ 0x38 = 0x38

      0xFF ^ 0x1C = 0xE3
      0xFF ^ 0x2F = 0xD0
      0xFF ^ 0x38 = 0xC7

      Unfortunately, when applying the same method to the sequence sent by CardioScan we get:

      0xF4 ^ 0x1C = 0xE8
      0x93 ^ 0x2F = 0xBC
      0xAF ^ 0x38 = 0x97

      This does not match the produced byte sequence 89 CD A0, and so on. To figure out what exactly is going on, I would need more samples. That you receive almost the same result when sending in all zeros as when sending in a huge prime number is interesting, by the way.

      Perhaps we should continue this discussion by email instead. You can reach me on the following address: je at clevcode dot org

      Posted by Joel Eriksson | 2013-03-06, 04:28
  5. I enjoy surfing new digital seas, and exploring lost islets of data…..

    As for the (seemingly) malfunctioning “CardioScan” “problem”, above,
    no, I’m no formally educated enough to crack it, *BUT*, um, why not just contact the original device Mfgr.?….
    SOMEbody there had to design,build and program the thing, in the first place!….

    Posted by Bradford | 2014-01-31, 23:04
  6. Joel,

    Hit me up sometime please, we have a lot in common. I would like to share stories and possibly learn a thing or two.

    John

    Posted by John Linder | 2014-05-01, 12:53

Leave a Comment

Your email address will not be published. Required fields are marked *


two + 6 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

View Joel Eriksson's profile on LinkedIn