squirrel.lu

View the Project on GitHub C00kie-/squirrel.lu

2019, a little return of experience

I came to IoT by the activity of reverse engineering, curious to discover what is under the hood of IoT devices. Here are a few questions I started with:

I bet you have the answers to these questions. Also, as Christmas coming, the end of the year is also a time for looking a bit at the year passed. I chose to turn this article into a return of experience, of a first year in the security industry and among the community of hackers.

It’s a bit about the path that is mine. Not because I value it this much to want to share it, but because I believe that when you start something difficult, it’s nice to see someone else who as done the same as you, or who is actually building this experience.

I came to IoT by working with a friend on ARM exploitation, our roads crossed on conference and when I mentioned I was interested in getting the part before the firmware emulation processes ; how to get the firmware part, my friend was interested too. We started digging and had great fun.

A few months before…

Discovering the 0 and 1’s world

I studied a bit at 42. From this experience, the coding part made me dive into dependencies and libraries you regularly use on a system -when you run your program, as many programming people experience it. Later, this led me to question what was inside my code, what kind of instructions was it for the machine, how compiled language works and why is it build a certain way – yay compiler stories. These questions came late after my scholarship. 42 experience showed up at a bad time in my life, I got sick, I didn’t catch the all curriculum and I didn’t finish the school. Capitalizing on another skill set I had developed, I quit school to work and then, I started learning computers again, and outside of school, it was very different then. This is a zig zag way as a career building. I discovered later that we were many in that situation. But what I loved the much was that the approach, the goals and the people were very different. There, your progress was gonna depend very much more on your motivation than the school or background you came from.

Hack?

Aside of programming, debugging my poor pieces of code, led me to question what was done into memory and understanding why it was important. Once I did my first buffer overflow I understood the power of “hijacking” a computer process to make it do something different. Here I was. Honestly I was as happy as I the day I understood bit shifting. This sentence is perfectly assumed.

All paths are unique in learning, period.

I discover that this one is rich in altitude variations, big joy, frustration, epic little moments with friends and so on… 😉

connecting the dots/

I have a training in linguistic, I use to be a language teacher and I did some other things. In one hand this experiences helped me to get the “abstraction” part of computer engineering, but in the other hand, I lacked basic knowledge about machines. To make the basics to stick to my head was an effort and it still is, when I discover something totally new : machine engineering is so different than working with humans.

Ouch’

Generally, I appreciate to understand how things related to each other, how a full system is built, based on which theories – information, electricity, or electronics – design decisions are made. It requires a lot of study and a lot of question to ask, mostly to people who have a strong curiosity too. Great, I like people! So no problem to talk with others. And you know what? If find it always fascinating to see how people manage to learn something by themselves and how happy they are to share. That why I love hacking conference so much.

What did I do? A few examples

I bought a Raspberry Pi to fix limits in my developing environment. I like the idea to have all I need in this little box.

I learn to take each problems at a time and make hierarchy between important topics and urgent topic, and that’s said, all of the IoT lab project is actually a side project, it’s not my daily job. So priorities matter.

I also adopted the strategy to chose topics of interests of what is “below a C program”. And reading a lot of documentations about protocols implementations tells you a lot about the C lines you code anyway.

I push myself to teach what I’ve learn, in conferences, to provide the best content I can and be open to answer people’s questions. I discover speaker stress, and the joy after the presentation. It’s scary yay but honestly just try, it’s cool.

Aside from this,

I’m satisfied with a terminal and a notepad, notebooks and pens.

I do have printed books about hardware that I read like a child read a story before going to bed. Can you guess which ones?

A few words on priorities and cooperation

It’s a bit like, choosing your priorities was the most difficult things to do when I got into Computers and later into Security, because it implies making choices. But once you find something that works, which can be totally time consuming – but in the good way- you are in. It’s a good feeling that feeding the curiosity and the wish to learn to improve, it’s very satisfying on a personal level and it’s an amazing feeling to share with people who do the same, and you also become curious about them. We build friendships that stand for years in this community this way. I’ve made friends, people willing to help you to find your way in learning, and who gave me the basis to start. There are passionate and patient people. I would say that this has been and still is very important. As you can’t have all the knowledge in your brain it’s crucial to be able to share and have a group to count on, so develop your cooperation and communication skills. Relationships built around knowledge are fuelled by respect, I would suggest you to never forget where you come from, and who helps you. The world of IT and Security can be very competitive and this doesn’t lead people to behave all the same way. Rely on your group and allow them to rely on you. 😉

This was a little return of experience. I hope you liked it and thank you for reading this article.

I dedicate this article to my friends for Christmas, friends that inspires me, got my back and with who I share doubts and joys for the same price, since years and years. And to new friends, too.

Life with you guys is an awesome adventure.

Merry Christmas to all.