BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.recon.cx//recon-2026//talk//BCKMJA
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-recon-2026-BCKMJA@cfp.recon.cx
DTSTART;TZID=EST:20260620T130000
DTEND;TZID=EST:20260620T140000
DESCRIPTION:From quite manual to semi-automated\, these are targeting the c
 onversion of pictures into a proper binary that can then be analyzed using
  the usual tools.\nOne issue that is reportedly described is the presence 
 of scrambling within the memory array making converting the pictures to so
 mething sensical a task involving trial and errors that can lead in the wo
 rst case scenario to a project halt if the scrambling scheme is not trivia
 l.\nFurthermore\, when encryption is used\, there is no obvious option to 
 try solving it. This is generally where fully invasive techniques become t
 he method of choice\, involving a much more equipped lab with an FIB and m
 icro-probing station but also the need to analyze digital circuit and to  
 potentially bypass counter-measures such as security shields for example.\
 nThis lecture aims at showing that ROM dumps including descrambling and de
 cryption can be done using a fully analytical methods where pictures of al
 l of the layers of the memory including control circuitry\, row and column
  decoders can be converted into a HDL langage which make it possible to si
 mulate the memory to retrieve its content independent of internal scrambli
 ng schemes. By extension\, the description will be pushed to decryption ci
 rcuitry which is another bloc of logic that can be modeled and simulated a
 ccurately. \nThe lecture will include demonstrations of the method using s
 imple to professional setups so as to clearly outline their benefits and l
 imitations.
DTSTAMP:20260612T170727Z
LOCATION:Grand Salon Opera
SUMMARY:ROM Dump\, Descrambling and Decryption using RE Only: the Fully Ana
 lytical MEthod (FAME)\, no FIB\, no Guesses… - Olivier THOMAS - Texplain
 ed
URL:https://cfp.recon.cx/recon-2026/talk/BCKMJA/
END:VEVENT
END:VCALENDAR