Training Hardware Hacking
From BruCON 2014
Contents
Hardware Hacking by Joe Grand
Course Description
This course teaches hardware hacking and reverse engineering techniques commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they've learned in the course to defeat the security mechanism of a custom circuit board. The main goal is to give students the resources and skills they need to confidently approach hardware hacking and to come up with creative solutions for their own particular projects or problems.
Objectives
During the course, the student will:
- Understand the hardware hacking process and mindset
- Learn the skills needed to successfully reverse engineer, modify, and/or attack electronic products
- Apply real world techniques to defeat the security of a custom circuit board
Course Contents
- A. Hardware Hacking Overview
- 1. Methodology
- 2. Key goals
- 3. Common themes
- 4. Electronics fundamentals
- B. Information Gathering
- 1. General techniques
- 2. FCC ID search
- C. Product Teardown
- 1. Opening housings
- 2. Anti-tamper mechanisms
- 2.1. Defeating encapsulation
- 2.2. Hands-on exercise: Epoxy removal
- 3. Component identification
- 3.1. Basic components
- 3.2. Microcontrollers
- 3.3. Identifying ICs (Integrated Circuits)
- 3.4. Data sheets
- 4. PCBs (Printed Circuit Boards)
- 4.1. Fabrication/features
- 4.2. Hands-on exercise: PCB modifications
- 5. Schematics
- D. Soldering and Desoldering
- 1. Techniques/tips
- 2. Hands-on exercise: Soldering
- 3. Hands-on exercise: Desoldering
- 4. Difficult package types
- E. Buses and Interfaces
- 1. Identifying interfaces
- 2. Determining pin function
- 2.1. Hands-on exercise: Initial probing w/ multimeter
- 3. Debug interfaces
- 3.1. JTAG (IEEE 1149.1)
- 4. Signal monitoring/analysis
- 4.1. Hands-on exercise: Signal monitoring w/ oscilloscope
- 4.2. Serial/UART
- 4.3. Wireless/RF
- 5. Signal manipulation
- 5.1. Glitching
- 6. Hands-on exercise: Create a block diagram/schematic
- F. Side Channel Attacks
- 1. Electromagnetic/RF
- 2. Power
- 2.1. Hands-on exercise: Simple power analysis w/ multimeter
- 3. Timing
- 4. Other side channels
- G. Memory and Firmware
- 1. Memory types/technologies
- 2. Security considerations
- 3. Hands-on exercise: Data extraction/modification
- 4. Firmware analysis/disassembly
- H. Chip-Level Hacking
- 1. IC decapsulation
- 2. Die analysis/modification
- I. Embedded Security
- 1. Best practices
- 2. Product/vendor resources
- 3. Common attack/exploit vectors
- J. Hardware Hacking Challenge
- Apply the knowledge and skills learned in the course to reverse engineer and defeat
- the security mechanism of a custom electronic product.
Prerequisites
Students will be provided with the following materials and equipment:
- Course presentation and hardware hacking/embedded security reference material (in electronic format)
- Grand Idea Studio's custom hardware hacking training circuit board (one for each student to keep)
- Electronics and hardware hacking tools, including a soldering iron, multimeter, digital oscilloscope, and device programmer
- Safety equipment
Students should bring their own laptop running Windows (or equivalent virtual machine) and containing a functional USB interface. The laptop will be used for online research and to control test equipment. Software and drivers may need to be installed. No prior electronics experience is required.
Trainer Biography
Joe Grand is a product designer, hardware hacker, and the founder of Grand Idea Studio. He specializes in the invention and design of consumer products and modules for electronics hobbyists. Joe is a sought after speaker for his work on the reverse engineering and security analysis of embedded systems and is an active contributor to computer security conferences around the world.
Formerly known as Kingpin, Joe was a member of the legendary hacker group L0pht Heavy Industries and has testified before the United States Senate Governmental Affairs Committee regarding government and homeland computer security. He co-founded @stake, an information security firm later acquired by Symantec, and Chumby Industries, which produced one of the first intentionally open and hackable consumer devices.
Joe holds a Bachelor of Science degree in Computer Engineering from Boston University and a Doctorate of Science in Technology (Honorary) degree from the University of Advancing Technology.
Mon. 22 - Tue. 23 September 2014 (09:00 - 17:00)