Reverse Engineering a Code without the Code

Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the confidentiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. Thanks to a previous attack we succeeded in having access to a dump of NVM. We try here to to take advantage of the object oriented features of the platform to provide a means to speed up the reverse engineering of the dump. The idea here is to reverse engineer an algorithm without having access to to the code. We have only access to the data. We use a specifically designed graphic tool to reason about the data such that we are able to understand the principle of the algorithm. Then, we are able to bypass the protection mechanism in order to get access to the binary code.