Sunday, August 23, 2015

Reversemode: "I started in reverse engineering thanks to the 90's crackers"

Rubén SantamartaBugs Discoverer.

There are not much nicknames as accurate as the one owned by Rubén Santamarta: Reversemode. Reverse engineer as a profession, and almost as an addiction, Rubén “reverses” everything which faces his self-educated curiosity, it could be the Tax Agency´s network, the online tickets selling system of RENFE, the news edition software of TVE o the SCADA system which controls an energy station. When it´s as a hobby, he tells the story on the collective blog 48bits, symbol and shelter of some of the best local hackers.

Elegant and reserved , with a Peter Pan touch, Rubén was born in León 33 years ago and he works on what he likes in a super cool company called IOActive, with the Whole Wide World as it´s headquarter. He knows well what the famous 0days mining or the bad guys sending him blank checks mean, but being in the eye of the storm of the information revolution looks not to have affected his vital honesty. So, he assures he fells not like an elite hacker, but like a “proletarian hacker”, whatever it means.

What did you think when Oracle´s CSO said FORBIDDEN reading my code?

It´s like if you tell a kid that when you are not present, he must not touch this big red shinning button which says “DON´T TOUCH ME”.

Last year you denounced in a lecture in BlackHat that communications system of satellites are insecure. Have they fixed it?

The research was centered on devices used to Access satellite services, which were like gruyere cheese. There are very important companies which came to us to help them to solve the issue, others don´t care about it, but in general I´m happy because it served to create conciseness about the insecurity of this kind of devices in certain areas.

So finding systems bugs, I guess you know your systems well?

Buff, if I have to talk about my bugs you don´t have to make me an interview, but our own section on the hackstory. The other day I had a constructive argue with a person in Twitter and I told him: “Marking out in something doesn’t make you perfect”. That´s all.

What´s the difference between the XXI century hackers generation with the former one?

Maybe the image is a Little risky, but here I go: Punk is dead? It seems not, because there are still punkies… but is stills the same than it was before? I´ll say not. You don´t see 15 years old guys excited to have a crest, a pair of boots or a tape with the last of this or the other group. The remaining already lived this moment, when everything was new and you had a whole world to be discovered. Now these youngsters have 30, 40 or 50 years and some are still punkies, yes. But they also have family, work, duties…

In my opinion the same thing has happened with hacking. There was a period when everything had to be done: learning to hack was a hacking act in itself, because you just had to get by. Nowadays there's still a lot to investigate, to break and build, but the world has changed. Everything is more available now and I don't think that there's been a generational replacement.

Have you learnt from the 90's spanish crackers? 

I started in the reverse engineering because of the cracking and I'm very thankful with all of them. I learnt assembler with an Aesoft tutorial and all those tutorials in karpoff, WkT etc.. In the spanish cracker scenario there was very nice people. Besides, they generated a lot of contents, each week you could reed and learn from new tutorials, also practicing attacks against software protectors. Greetings to all of them, if someone's reading me, hpe you're doing well.

Exactly, who taught you? 

I learnt thanks to two things: the municipal library and all the tutorials which were generated at that time. So, literally, i've been taught by the community. Or if you prefer, I reached the necessary knowledge to understand the basics and continue going further by myself. In this world you never stop learning. Luckily, I've also had two friends from my circle that were inside and they are machines: Mario Ballano y Gabriel González.

Have you won anytime a Bug Bounty?

When I was solding vulnerabilities, the big bounties were not existing... But once, Nokia gave me a N900 for reporting a Cross Site Scripting (XSS).

Do you remember the first bug you discovered?

Yes, you don't forget your first time :). It was in a driver of Microsoft Windows, what allowed a privilege scale in every version. It was a little bit curious. For some reason not related to this, I found a chain called "Shadow" in that driver. It surprised me quite a lot so I opened it with the IDA and afterwards I found the failure. Then, I had to read a lot of data about the impact of vulnerability, how to exploit it, what was behind it and how to report it. A new world was opened to me. After I've discovered that I could even earn my living with it.

And the bug you're most proud of?

Statistically, I would say those found in Windows just because is a system everybody look at. There's one I specially remember because I only had to read documents to find it. It was a design failure which allowed to jump over the Internet Explorer secure mode. Basically, I downloaded all the data by Microsoft about that feature. I saw that something didn't fixed, I tested it, and it worked! You can read it in detail here:

What do you do before focusing on a code?

I take a look at Menéame and I say: "what an awful world, i'd better do this".

Do you have any sentence that have not became a password?

To enter in some pubs of Malasaña I'm reading my first book by Kafka: "The Process". There's a sentence, in a conversation among many cops and the main character that I loved: "Look, Willem, you admit you don't know the law and at the same time you say you're innocent". I think it summarizes very well what we are living nowadays.

Text: Mercè Molist


Post a Comment