Harvard Architecture Embedded Systems Reverse Engineering and Exploitation
Overview
IoT and embedded systems became ubiquitous. However, security analysis and exploitation of its firmware could be painful. The world of embedded systems isn't limited to just ARM and MIPS but includes many other microcontroller architectures with Harvard architecture being one of the prevalent. Such MCUs are found in the cars and airplanes, ICS and smart devices, home automation systems, armature electronic projects -- almost everywhere. During the workshop the attendees will learn basic and advanced methods of reverse-engineering and exploitation of firmware in microcontrollers. The course is focused on memory corruption vulnerabilities, but some other bugs will be also covered. Main reviewed architectures are: AVR (8-bit), STM8 and PIC. However, presented principles could be used against other architectures. We will also talk about how to use radare2 and IDA Pro for reversing and exploiting MCU firmware as well as how to develop own tools that help you with your tasks.
Short course abstract:
- Microcontrollers and Harvard architecture fundamentals;
- Pre-exploitation: PCB reversing, finding debugging and I/O points, firmware extraction;
- Debugging interfaces;
- Common reverse engineering techniques for Harvard-architecture MCUs;
- Fuzzing of MCU, Watchdogs, crash detection;
- Return oriented programming for Harvard architecture MCUs;
- Post-exploitation tasks;
- Crash course on radare2;
- Architecture, assembly, reverse engineering, exploitation and post-exploitation for:
- AVR,
- STM8,
- PIC,
- Other architectures (ESP8266, 8051 family, etc.);
- Overview of firmware protection techniques.
- Secure programming for MCUs.
Every module contain several examples and practical exercises.
Who Should Take this Course
Information security professionals, software developers, embedded systems developers, computer security researchers, ICS and electronic engineers as well as everyone who wants to learn how hackers reverse engineer and exploit embedded systems and products.
Student Requirements
Basic embedded systems knowledge, basic understanding of reverse engineering and buffer overflow/memory corruption vulnerabilities are of advantage, but not strongly required.
What Students Should Bring
Students shall bring their own laptops with pre-installed VMware (Workstation, Server, Player, Fusion) or Oracle VirtualBox. Laptops should have at least 20GB of free space and two free USB ports. IDA Pro is desirable, but not necessary.
What Students Will Be Provided With
- Workshop presentation (printed and electronic format)
- VM image with all required software
- Microcontrollers and tools reference materials
- Specially developed circuit board for AVR, STM-8 and ESP8266 exploitation
- JTAG programmers
- Other required hardware components (wires, etc.)
Trainers
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and also works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, mobile, hardware and industrial protocols security. He is the author of several whitepapers in topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems and ICS security. He has presented at conferences including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.