Thomas Rinsma is a Security Analyst at Codean, focusing on continuous software security. Before, he was a Senior Security Analyst at Riscure, where he was primarily focused on mobile payment applications, but was also involved in security evaluations of TEEs/TAs, back-end systems, and embedded devices like smart energy meters, consumer routers, elevator controllers and set-top-boxes.
What is inside a Verifone VX820 payment terminal and how can we run our own code (i.e. Doom) on it?
This is a story of a software guy messing around with an interesting embedded device. It includes some reverse engineering, interesting security practices, proprietary executable formats, and a game of bootloader hopscotch.