Welcome to delroth.net!

About me

Resume (PDF)

I am Pierre Bourdon, a french hacker currently living and working in Zurich, Switzerland. I was previously studying Computer Science at EPITA, a french CS school located near Paris. I'm interested in all things related to programming, networking, infosec and reverse engineering.

I was previously part of a student laboratory called LSE (french acronym for Epita Systems/Security Laboratory) where I have the luck of being able to spend about half of the time I should spend on school projects working with great people on projects related to operating systems, computer security, and a lot more low-level domains. I did several talks during my time there in order to introduce other students from the school to my work and interests:

• Introduction to the Python Programming Language (slides)
• Introduction to Computer Networks
• 3D Programming With OpenGL (slides)
• The Nintendo Wii Security Model (slides)
• Reverse Engineering a Bytecode VM (slides)
• Merkle Trees and Integrity Checking (slides)
• Anti-debugging on Linux using vm86 (slides)
• Security of Video Game Consoles (slides)
• Video Game Consoles Emulation: HOWTO? (slides)
• WPA2 Enterprise and Wi-Fi security (slides)
• LSE Week 2012 Crackme Making-Of (slides)
• Reverse Engineering a DSP Firmware (slides)
• Using SAT Solvers for Security Related Problems (slides)

Some of us students at the lab take part in CTF security contests, in which we usually perform reasonably well. Our rankings are available on the CTF contests aggregator CTF Time.

On my free time I also contribute to open source projects. I am currently one of the Dolphin Emulator core developers where I work mostly on bugs fixing and emulation accuracy improvements. I also contributed a lot to stechec2, a client-server AI matchmaking system used to run Prologin, the french national programming contest. Finally, I also work on some of my own projects, of which the most notables are the following:

• wiiodfs, a FUSE filesystem allowing access to data on a Wii disc partition
• chapchap, a tool used to bruteforce a password from an intercepted MSCHAPv2 handshake, using OpenCL to crack NTLM hashes at a high rate on GPUs
• gcdsp-ida, a CPU plugin for the Interactive Disassembler (IDA) which allows analysis of assembly code for the GameCube/Wii DSP
• meta-morphosis, a proof of concept of static recompilation of binary from one ISA to another, used to run simple PlayStation MIPS demo programs on a PC after recompilation to x86
• bk-undub, some tools I used to create an undubbed version of a GameCube Japanese RPG with horrible US voice acting
• cscript-interpreter, a re-implementation of the CScript language VM which is used in some games I reverse engineered. This interpreter was created from specifications I reversed from bytecode files and game executables

Articles

Here is a short list of articles I've written that I consider interesting and/or noteworthy:

(Mar 2013) Escaping a Python Sandbox

Writeup explaining how I solved a security contest exercise with internal Python magic (crafting types and code objects to get access to stack frames).

(Dec 2012) Emulating the Gamecube Audio Processing in Dolphin

A dive into how audio processing is commonly done on two Nintendo consoles: the Gamecube and the Wii. This article explains why exactly audio processing is hard to emulate properly, why the previous implementation was lacking and the work I've done in a new implementation to solve these shortcomings.

(Oct 2012) Writeup: Zombies PPTP (Hacklu CTF 2012)

Writeup of an interesting challenge involving hash cracking and clever bruteforcing in order to recover the plaintext from a kind-of-MSCHAPv2 implementation.

(Jul 2012) Using SAT and SMT to Defeat Simple Hashing Algorithms

How to transform a broken hash algorithm into a logic formula that can be solved in seconds using a SAT solver. Good example of why you should never try to write these kind of algorithms yourself.

(May 2012) PythonGDB Tutorial for Reverse Engineering

First and last article of a series that I planned to write on PythonGDB uses in my reverse engineering work, sadly I never found the motivation to write more (about topics like tracing automation, for example). Still, this is a pretty nice introduction to what's possible with the PythonGDB API.

(Apr 2012) Static Analysis of an Unknown Compression Format

Taking an unknown binary compression format and staring at it long enough until it makes sense. This was a very fun experience for me since I never really knew much about compression before working on this reverse engineering work. This article should be very interesting if you're interested in how reverse engineers think when confronted with a new problem they don't know.

(Mar 2012) More Fun with the NDH2K12 Prequals VM

Escaping and exploiting a VM running with ASLR and NX enabled, using /proc/self/mem to bypass memory write protections (very cool trick that is unfortunately not that well known).

Links

• blog.delroth.net - my personal blog (new articles in english, old articles in french)
• code.delroth.net - most of my ongoing and "completed" projects
• twitter.com/delroth_ - my personal Twitter account