Firmware Decryption: For, and By, the Cryptographically Illiterate
Craig Heffner
DEF CON 33 · Day 1 · Main Stage
In this insightful DEF CON talk, Craig Heffner, renowned for developing the **Binwalk** firmware analysis tool, delves into the increasingly common practice of firmware encryption by device manufacturers. While encryption is intended to secure intellectual property and prevent tampering, Heffner demonstrates how many vendors, particularly in the consumer and small business sectors, implement these security measures poorly. The talk serves as a practical guide for security researchers, reverse engineers, and even "cryptographically illiterate" individuals on how to identify and bypass these flawed encryption schemes to gain access to device firmware.
AI review
Heffner brings exactly the right credentials to this talk — he built the tooling the community relies on, and he's done the actual work on these devices. Three concrete case studies, each with a distinct attack path, real keys, and tooling shipped at the end. This is practitioner content that earns its slot.