Applied Hardware Attacks: Embedded And Iot Systems
Overview
This hands-on class will introduce you to the common interfaces on embedded MIPS and ARM systems, and how to exploit physical access to grant yourself software privilege.
This course focuses on UART, JTAG, and SPI interfaces. For each, we'll do a brief architectural overview, followed by hands-on labs identifying, observing, interacting, and eventually exploiting each interface. We'll also do basic analysis and manipulation of firmware images.
Designed for newcomers to hardware, over 70% of our time will be hands-on with current off-the-shelf hardware, supported by lectures to fill in the background. This is why classes we developed have sold out at Black Hat the past 4 years.
This two-day course prepares you with the skills needed for Applied Hardware Attacks: Hardware Pentesting - consider taking the two together for a complete 4 days.
Please note that the course is continually improved and topics might change slightly:
Part 1: UART
Background: UART History, Architecture, and Uses
UART Lab 1: Connecting to a known UART
UART Lab 2: Identifying and analyzing an unknown UART
UART Lab 3: Escalating and persisting UART privilege
Part 2: JTAG
Background: JTAG History and Purpose
JTAG Lab 1: Hardware and Software Setup
JTAG Lab 2: Escalating Privilege via Kernel
JTAG Lab 3: Escalating Privilege via a Process
Part 3: SPI
Background: Flash storage and the SPI interface
SPI Lab 1: Accessing Flash from software
SPI Lab 2: Sniffing and Parsing SPI
SPI Lab 3: Dumping SPI from Hardware
SPI Lab 4: Firmware Analysis
Part 4: Firmware
Background: More types of Flash, Storage, and Firmware
Firmware Lab 1: Dumping Firmware from Software
Firmware Lab 2: Manipulating firmware images
Firmware Lab 3: Finding software bugs in firmware
Who Should Take this Course
This course is geared toward pen testers, red teamers, exploit developers, and product developers who wish to learn how to take advantage of physical access to systems to assist and enable other attacks. In addition, security researchers and enthusiasts unwilling to 'just trust the hardware' will gain deeper insight into how hardware works and can be undermined.
Student Requirements
No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.
What Students Should Bring
Your own favored writing instrument, keyboard, and mouse if you have strong preferences (otherwise provided)
USB drive to take home copies of course files
Your own laptop if you prefer to use it for note taking and internet access
What Students Will Be Provided With
To avoid the thrash of compatibility, software installation, virtual machines, and bootable images, attendees will be provided with all equipment for use during the class, including laptops preconfigured with all necessary software.
Trainers
Joe (@securelyfitz) is a Trainer and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
Josh Datko is the owner of Cryptotronix, an embedded security consultancy. As a submarine officer, he was sent to Afghanistan to ensure that the Taliban did not develop a submarine force--mission accomplished! He wrote a book on BeagleBones and crypto hardware which not many people have read and presented a better way to make a hardware implant at DEFCON which hopefully helped the NSA improve their spying.