Rubiks Cube!

Sagi Kedmi


Bitcoin Transaction Malleability

Advanced Bitcoin Seminar, Hebrew University, November 2014.

Low level bitcoin protocol talk. Explains the Transaction Malleability Attack on Bitcoin.


Attacking /dev/urandom on Android

Blackhat Europe 2014, DEFCON IL [DC9723], October 2014.

We wanted to exploit CVE-2014-3100 - a stack based buffer overflow in Android’s Keystore. We needed to bypass the stack canary. Long story short, we devised probablistic attacks that enable an attacker to predict random bytes that are extracted from the underlying entropy pool of /dev/urandom during device boot, such as Keystore’s canary value.

[slides] [paper]