Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the confientiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. Thanks to a previous attack we succeeded in having access to a dump of the NVM. We try here to take advantage of the object oriented features of the platform to provide a means to speed up the reverse engineering of the dump. The idea here is to reverse engineer an algorithm without having access to the code. We have only access to the data. We use a specifially designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code.
Co-authors of the publication are Abdelhak Mesbah and Mohamed Mezghiche (University of Boumerdes).