SlideShare una empresa de Scribd logo

HARDWARE HACKING 101: An Intro to Hardware Hacking

Descargar como PPTX, PDF
Tiago Henriques
Tiago Henriques

Hardware hacking involves analyzing and modifying electronic devices at the hardware level. It is important because secure software relies on secure underlying hardware, but hardware is often overlooked from a security perspective. Hardware hacking requires some basic electronics knowledge as well as tools like a multimeter, logic analyzer, and oscilloscope. Common hardware hacking techniques involve identifying chip components, reading datasheets, probing pins to analyze protocols, and modifying hardware configurations. The document provides an overview of hardware hacking concepts and demonstrations of hardware attacks.

1 de 60
HARDWARE HACKING 101 An introduction to hardware hacking and why it matters...
SPEAKER • BSc Software Engineering University of Brighton • MSc by Research in Computer Security and Forensics Univ of Bedfordshire • PhD Dropout • Enjoys breaking stuff • Founder @ptcoresec • Organizer of @Bsideslisbon with @morisson • Never had electronics lessons or any type of background • You should know me by now... It’s my 6th time speaking @confraria!
TOPICS
AGENDA • Hardware Hacking • What • Why • Bill of materials • Protocols • Hardware hackz • Demos
HARDWARE HACKING - WHAT Q:What is hardware hacking, and why should I care about it ? A:Your secure software is only as secure as the hardware it is running on... Imagine implementing all your crypto correctly but then a tiny itsy bitsy of a “problem” with your RNG.
HARDWARE HACKING - WHAT
HARDWARE HACKING - WHY • Electronic equipment is virtually everywhere we look. • How safe is this hardware? Should be important to know if it is safe, since we have a ton of things running on chips and using protocols that we take for granted as “secure”.... • Hardware hacking is still a taboo, people feel that its harder to get into it – It’s high school all over again “maths is hard, physics is hard...” • Old attacks work still work on hardware... • Lot’s of security by obscurity... “black box devices”
HARDWARE HACKING – WHY WHITEHAT VERSION • We see plenty of articles, most of them say “China hacked X, Y and Z” • Do we forget that there is also something that has the word “China” everywhere? The chips that run in pretty much all the hardware we use are mass built in China. “Made in china” • What if they decided to mass backdoor these chips? Or even better what if they decided to “selectively” backdoor and affect military “grade” chips only?
HARDWARE HACKING – WHY BLACKHAT VERSION • Stealing a service – Smartmeter hacking anyone? “Via verde” can also be funny one to look at – Oh, ISP Routers, are the lulz. • Cloning – Company X builds cool Whoopadywoo Gold edition gadget and company Z hires hardware reverse engineer to understand how it works. • Authentication – fake an authentication or bruteforcing it!
HARDWARE HACKING – CONCEPTS • You do need a bit of Physics
HARDWARE HACKING – CONCEPTS • Voltage - Simply put, voltage is used to provide power. In digital circuits it can be used to transmit data in binary form ON/OFF 1/0. Also in digital circuits it is usually found in form of 3.3V and 5V. Two types of voltage exist: AC and DC • AC (alternative current) – This is what you usually find on the wall. It’s produced in higher voltage at a power station and then reduced to be used at home by your equipment using a transformer for example. • DC (Direct current) – is what you find in batteries, essentially if a battery is 6V it will stay that way until it depletes.
HARDWARE HACKING – CONCEPTS • To measure voltage you can use a multimeter or an oscilloscope (we will look at these devices further down in this presentation). A few important points to remember about voltage: • You can only check voltage when your system is powered up. • Voltage must be read between two points (test point and ground point). • Voltage follows a direction – if you see negative values on the multimeter you’re probably putting the ground/black probe on the wrong point.
HARDWARE HACKING – CONCEPTS Resistance – a measurement that indicated the amount of current opposition created by a resistor. A resistor is usually represented by the symbol and it has two leads to which a resistor is connected to a circuit. Resistance is measured in Ohms and the symbol used is Ω (Omega)
HARDWARE HACKING BILL OF MATERIALS • Soldering iron • Desoldering Tool • Solder • Multimeter • Logic Analyzer • Microscope / Magnifier • Digital Circuit Design software • Wires – long, small, different sizes • Microcontroller reprogrammer • Prototyping microcontroller • Oscilloscope • Breadboards • Random electronic components • Hardware to break!
HARDWARE HACKING BILL OF MATERIALS Soldering iron Price: range 50€ - 5000€> Multiple types: Gas, Laser, Heat...
HARDWARE HACKING BILL OF MATERIALS Desoldering gun / pump Price range: 10€ - 500€> Multiple types: Pump, Gun
HARDWARE HACKING BILL OF MATERIALS Solder Price range: 2€ - 200€> Multiple types and sizes
HARDWARE HACKING BILL OF MATERIALS Multimeter Price range: 11€ - 9000€> Multiple types: Digital and Analog
HARDWARE HACKING BILL OF MATERIALS Multimeter A multimeter is a device that can be used to measure multiple things, the most basic multimeters are able to measure the following: • Voltage • Current • Resistance The accuracy of these devices usually depends a lot on the price as well.
HARDWARE HACKING BILL OF MATERIALS
HARDWARE HACKING BILL OF MATERIALS Putting the black probe (ground) on the negative side and the red probe on the positive, and then choosing DC Voltage 2V on the multimeter shows the following result
HARDWARE HACKING BILL OF MATERIALS The same thing can be done for resistors. If we grab a random resistor: And then we connect the probes. (In this case I used a bit of cable to connect them as they wouldn’t stick for the photo , also it doesn’t matter to what end you connect each probe. Unlike voltage, resistance isn’t directional.)
HARDWARE HACKING BILL OF MATERIALS Logic Analyzer Price range: irrelevant. What you want is this: The Salae Logic Analyzer - 140 € Used to understand which protocols are running and To debug different chips/protocols.
HARDWARE HACKING BILL OF MATERIALS Microscope or Magnifier Price range: 10€ - 5000€
HARDWARE HACKING BILL OF MATERIALS Digital circuit software Price range: 0 € - 5000 € http://fritzing.org/
HARDWARE HACKING BILL OF MATERIALS Wires Price range: 5€ - 400€ Made of multiple materials, different sizes, lenght etc...
HARDWARE HACKING BILL OF MATERIALS Microcontroller reprogrammer Price range: 20€ - 500€> Different protocols, capacity, speed, functionality... In my case I have a Bus Pirate “The Bus Pirate is an open source hacker multi-tool that talks to electronic stuff. It's got a bunch of features an intrepid hacker might need to prototype their next project.” http://dangerousprototypes.com/docs/Bus_Pirate
HARDWARE HACKING BILL OF MATERIALS • Bus Pirate • Talks multiple protocols • Built in Terminal • Can be controlled using python or c • Connects via USB • Protocols: 1-wire, UART, i2c, SPI, raw-2 wire, raw-3 wire, MIDI, PC Keyboard, JTAG
HARDWARE HACKING BILL OF MATERIALS • Bus Pirate
HARDWARE HACKING BILL OF MATERIALS Microcontroller reprogrammer Price range: 20€ - 500€> Different protocols, capacity, speed, functionality... In my case I also happen to have a GoodFET 31
HARDWARE HACKING BILL OF MATERIALS Prototyping microcontroller Price range: 20€ - xxxx€> Different protocols, capacity, speed, functionality... In my case I have multiple arduinos
HARDWARE HACKING BILL OF MATERIALS Prototyping microcontroller Price range: 38€ Different protocols, capacity, speed, functionality... Another great choice are the new beagle Boards. For the price they look even better then the arduinos.
HARDWARE HACKING BILL OF MATERIALS Oscilloscope Price range: 40€ - 5000€> Different capacity, speed, functionality... In my case I currently have a DSO Nano v3, this is a cheap scope that can be bought for 40€, its really all you need when you start, currently am considering upgrade to the Rigol DS2072, which at 500€ is still a great price for a full blown scope.
HARDWARE HACKING BILL OF MATERIALS Breadboards Price range: 5€ - 50€ Different sizes.
HARDWARE HACKING BILL OF MATERIALS Random electronic components • Resistors • Batteries • Capacitors • Sensors • Diodes • Transistors
HARDWARE HACKING BILL OF MATERIALS Hardware to break! mobile Nook Tamagotchi IM-ME Routers
HARDWARE HACKING BILL OF MATERIALS Hardware to break! femtocell Printer Random Hardware
HARDWARE HACKING BILL OF MATERIALS Hardware to break! Medical devices
HARDWARE HACKING PROTOCOLS SPI - Serial Peripheral Interface – operates in full duplex, is a synchronous serial data link, the devices communicate between them in a master/slave model. For SPI you will see a minimum of 3 pins. I2C – Inter Integrated Circuit – Uses 2 bidirectional lines SDA (Serial Data Line ) and SDC (Serial Data Clock). It operates in half duplex and since it uses 2 lines you will see 2 pins on devices.
HARDWARE HACKING PROTOCOLS • JTAG - Joint Test Action Group – usually used to debug devices. There are two possible pin layouts for JTAG: • 4 pins • TDI (Test Data In) • TDO (Test Data Out) • TCK (Test Clock) • TMS (Test Mode Select) • 5 pins • TDI (Test Data In) • TDO (Test Data Out) • TCK (Test Clock) • TMS (Test Mode Select) • TRST (Test Reset) optional.
HARDWARE HACKING PROCESS • The process to start some hardware hacking should be the following: 1. Crack open the surrouding case to access PCB – Watch out for safety measures – (secure seals, protective plastics) 2. Identify pins and components get access to datasheet 3. Connect and acquire useful data 4. Reverse 5. ??? 6. Profit OUR FOCUS
HARDWARE HACKING PROCESS – PIN IDENTIFICATION • We know the different protocols, we know the number of pins, but how do we find what each pin is? 1. Use multimeter – Measure voltage on all different pins 1. If pin has 3.3 volts or less its most likely used for data 2. If pin has >5v power source! 3. 0 volts = unused pin or ground 2. Connect a scope, identify Square waves (these are digital signals) 3. Connect logic analyzer to those pins, separate clock from data pins 4. Analyze data and being reversing... Source:http://www.turbosq uid.com/FullPreview/Index.c fm/ID/428945
HARDWARE HACKING PROCESS – COMPONENT IDENTIFICATION • What if I don’t want to poke all the pins and connections? • You can try to identify the different components and access their data sheets, where u can get all the technical information you might need • Vendor and part numbers are usually printed on the components • Look for manufacturers logo • Alphanumeric codes to identify
HARDWARE HACKING PROCESS – COMPONENT IDENTIFICATION • http://www.chipdocs.com/logos/logotypes.html
HARDWARE HACKING PROCESS – DATASHEETS • Data sheets are documents that contain technical information about the component • Some are free, others are paid • http://octopart.com/ • http://www.findchips.com/ • http://datasheetlocator.com/ • http://www.eem.com/ • http://www.ihs.com/products/product-design-sourcing/component-supplier- data/caps-expert.aspx
HARDWARE HACKING PROCESS – DATASHEETS
HARDWARE HACKING HACKZ • Real man wear pink pagers!
HARDWARE HACKING HACKZ • Wiring IM-ME for custom firmware installation! 1 2 3 3 4 1 - !RST - Reset 2 – DD – Debug Data 3 – DC – Debug Clock 4 - +2,5V - Power 5 – Gnd - Ground More information: http://travisgoodspeed.blogspot.pt/2010/03/im-me-goodfet-wiring-tutorial.html
HARDWARE HACKING HACKZ • TV tuner + all mighty clock!
HARDWARE HACKING HACKZ • TV tuner + all mighty clock! Results: http://adamsblog.aperturelabs.com/2013/03/you-can-ring-my-bell-adventures-in-sub.html
HARDWARE HACKING HACKZ • Linksys WMB54G and others! Connector J9 Pin 1 – TX – Transmission Pin 2 – RX – Receiver Pin 8 – GND - Ground RAMDISK: ext2 filesystem found at block 0 RAMDISK: Loading 4096 blocks [1 disk] into ram disk... done. Freeing initrd memory: 4096k freed VFS: Mounted root (ext2 filesystem). Freeing unused kernel memory: 60k freed mount /proc file system ok! serial console detected. Disabling virtual terminals. init started: BusyBox v1.00-pre8 (2008.01.17-05:54+0000) multi-call binary BusyBox v1.00-pre8 (2008.01.17-05:54+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # http://www.devttys0.com/2012/07/hacking-the-linksys-wmb54g/
HARDWARE HACKING HACKZ • Hardware Random Number Generator • Two types of RNG: True and Pseudo • Pseudo – Created by algorithm • Problem – if someone knows your algorithm in theory can predict your random numbers • True – generates sequences that are impossible to predict. Use random physical events as sources of randomness. Component Quantity Arduino 1 2N3904 Transistor 3 4.7k Resistor 2 10k Resistor 1 1.5M Resistor 1 0.1µf Capacitor 1 10µf Capacitor 1 Breadboard 1 12v DC Adapter 1
HARDWARE HACKING HACKZ
HARDWARE HACKING HACKZ 1. The two transistors create avalanche noise 2. Third transistor amplifies the noise 3. Noise is sent across voltage dividers to the arduino
HARDWARE HACKING HACKZ 1 0 1 0 0 1 1 0 Arduino applies Von Neumann filtering to remove possible bias Provides network service that feeds random numbers
HARDWARE HACKING DEMOS • Logic analyzer and SMC WAAG EU
HARDWARE HACKING DEMOS • 2x Arduinos bomb Man in the middle Timer Activator
HARDWARE HACKING COMPLICATIONS • Hard to access pins for probing! • Solution!
HARDWARE HACKING COMPLICATIONS • Epoxy! • Heat gun • Dremel tool and sharp wooden stick • Best solution: Fuming Nitric Acid • Warm the nitric acid to 60 degree celsium • Putt small drops on the epoxy it will come right off
HARDWARE HACKING CONCLUSION • Hardware hacking can be lots of fun even for software peeps • The initial part is simple and doesn’t have a HIGH learning curve • The more complicated parts will come naturally because you had so much fun with the beginning • Tools for hardware hacking have lowered in price where a beginners kit can easily be bough for 300-350 euros • Protocols down there still need to improve a lot on security

Recomendados

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
1.Introduction to deep learning
1.Introduction to deep learning1.Introduction to deep learning
1.Introduction to deep learningKONGU ENGINEERING COLLEGE
 
Speech Processing with deep learning
Speech Processing with deep learningSpeech Processing with deep learning
Speech Processing with deep learningMohamed Essam
 
NLP State of the Art | BERT
NLP State of the Art | BERTNLP State of the Art | BERT
NLP State of the Art | BERTshaurya uppal
 
Deep Learning State of the Art (2020)
Deep Learning State of the Art (2020)Deep Learning State of the Art (2020)
Deep Learning State of the Art (2020)inside-BigData.com
 
IE: Named Entity Recognition (NER)
IE: Named Entity Recognition (NER)IE: Named Entity Recognition (NER)
IE: Named Entity Recognition (NER)Marina Santini
 
Deep Neural Networks (DNN)
Deep Neural Networks (DNN)Deep Neural Networks (DNN)
Deep Neural Networks (DNN)Sir Syed University of Engineering & Technology
 
Introduction to Deep Learning, Keras, and TensorFlow
Introduction to Deep Learning, Keras, and TensorFlowIntroduction to Deep Learning, Keras, and TensorFlow
Introduction to Deep Learning, Keras, and TensorFlowSri Ambati
 

Recomendados

Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
1.Introduction to deep learning
1.Introduction to deep learning1.Introduction to deep learning
1.Introduction to deep learningKONGU ENGINEERING COLLEGE
 
Speech Processing with deep learning
Speech Processing with deep learningSpeech Processing with deep learning
Speech Processing with deep learningMohamed Essam
 
NLP State of the Art | BERT
NLP State of the Art | BERTNLP State of the Art | BERT
NLP State of the Art | BERTshaurya uppal
 
Deep Learning State of the Art (2020)
Deep Learning State of the Art (2020)Deep Learning State of the Art (2020)
Deep Learning State of the Art (2020)inside-BigData.com
 
IE: Named Entity Recognition (NER)
IE: Named Entity Recognition (NER)IE: Named Entity Recognition (NER)
IE: Named Entity Recognition (NER)Marina Santini
 
Deep Neural Networks (DNN)
Deep Neural Networks (DNN)Deep Neural Networks (DNN)
Deep Neural Networks (DNN)Sir Syed University of Engineering & Technology
 
Introduction to Deep Learning, Keras, and TensorFlow
Introduction to Deep Learning, Keras, and TensorFlowIntroduction to Deep Learning, Keras, and TensorFlow
Introduction to Deep Learning, Keras, and TensorFlowSri Ambati
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
BERT
BERTBERT
BERTKhang Pham
 
Deep learning seminar report
Deep learning seminar reportDeep learning seminar report
Deep learning seminar reportSKS
 
bios booting process
bios booting processbios booting process
bios booting processTaimoor Ashraf
 
Deep learning
Deep learning Deep learning
Deep learning Rajgupta258
 
Transformer Zoo
Transformer ZooTransformer Zoo
Transformer ZooGrigory Sapunov
 
Images Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram AnalysisImages Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram AnalysisNortheastern University
 
Computer vision
Computer vision Computer vision
Computer vision Dmitry Ryabokon
 
Python for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd EditionPython for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd EditionAhmed Gad
 
Object detection with deep learning
Object detection with deep learningObject detection with deep learning
Object detection with deep learningSushant Shrivastava
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 
Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
Introduction to object detection
Introduction to object detectionIntroduction to object detection
Introduction to object detectionBrodmann17
 
Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)Hamidreza Bolhasani
 
Object detection and Instance Segmentation
Object detection and Instance SegmentationObject detection and Instance Segmentation
Object detection and Instance SegmentationHichem Felouat
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and DefenseKishor Datta Gupta
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningRahul Jain
 
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGSilvio Cesare
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe
 

Más contenido relacionado

La actualidad más candente

Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
Deep learning seminar report
Deep learning seminar reportDeep learning seminar report
Deep learning seminar reportSKS
 
Images Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram AnalysisImages Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram AnalysisNortheastern University
 
Python for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd EditionPython for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd EditionAhmed Gad
 
Object detection with deep learning
Object detection with deep learningObject detection with deep learning
Object detection with deep learningSushant Shrivastava
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 
Data recovery
Data recoveryData recovery
Data recoverybhaumik_c
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
Introduction to object detection
Introduction to object detectionIntroduction to object detection
Introduction to object detectionBrodmann17
 
Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)Hamidreza Bolhasani
 
Object detection and Instance Segmentation
Object detection and Instance SegmentationObject detection and Instance Segmentation
Object detection and Instance SegmentationHichem Felouat
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and DefenseKishor Datta Gupta
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningRahul Jain
 

La actualidad más candente (20)

Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
BERT
BERTBERT
BERT
 
Deep learning seminar report
Deep learning seminar reportDeep learning seminar report
Deep learning seminar report
 
bios booting process
bios booting processbios booting process
bios booting process
 
Deep learning
Deep learning Deep learning
Deep learning
 
Transformer Zoo
Transformer ZooTransformer Zoo
Transformer Zoo
 
Images Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram AnalysisImages Steganography using Pixel Value Difference and Histogram Analysis
Images Steganography using Pixel Value Difference and Histogram Analysis
 
Computer vision
Computer vision Computer vision
Computer vision
 
Python for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd EditionPython for Computer Vision - Revision 2nd Edition
Python for Computer Vision - Revision 2nd Edition
 
Object detection with deep learning
Object detection with deep learningObject detection with deep learning
Object detection with deep learning
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor Skochinsky
 
Data recovery
Data recoveryData recovery
Data recovery
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
 
Introduction to object detection
Introduction to object detectionIntroduction to object detection
Introduction to object detection
 
Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)Neural Networks Hardware Accelerators (An Introduction)
Neural Networks Hardware Accelerators (An Introduction)
 
Object detection and Instance Segmentation
Object detection and Instance SegmentationObject detection and Instance Segmentation
Object detection and Instance Segmentation
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and Defense
 
Data recovery
Data recoveryData recovery
Data recovery
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 

Destacado

A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGSilvio Cesare
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe
 
fault injection in operating systems
fault injection in operating systemsfault injection in operating systems
fault injection in operating systemsLukas Pirl
 
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsHardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsAndres Lozano
 
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapalibuildersreviews
 
Intro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingIntro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingAndrew Freeborn
 
Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Dan Bowen
 
BSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode EnabledBSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode Enabledpricemcdonald
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Takeda Pharmaceuticals
 
Coders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWCoders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWMatt Biddulph
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)Nitesh Bhatia
 
PyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkYashin Mehaboobe
 
Introduction to Oscilloscopes
Introduction to OscilloscopesIntroduction to Oscilloscopes
Introduction to Oscilloscopesbill16388
 

Destacado (20)

A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
fault injection in operating systems
fault injection in operating systemsfault injection in operating systems
fault injection in operating systems
 
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsHardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
 
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
 
Intro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingIntro to Hardware Firmware Hacking
Intro to Hardware Firmware Hacking
 
Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)
 
Playful
PlayfulPlayful
Playful
 
Hardware Hacking Primer
Hardware Hacking PrimerHardware Hacking Primer
Hardware Hacking Primer
 
BSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode EnabledBSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode Enabled
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
 
Breaking Bad EACS Implementations
Breaking Bad EACS ImplementationsBreaking Bad EACS Implementations
Breaking Bad EACS Implementations
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
 
Coders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWCoders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOW
 
Arduino Forensics
Arduino ForensicsArduino Forensics
Arduino Forensics
 
Router forensics
Router forensicsRouter forensics
Router forensics
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)
 
PyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis framework
 
Introduction to Oscilloscopes
Introduction to OscilloscopesIntroduction to Oscilloscopes
Introduction to Oscilloscopes
 

Similar a HARDWARE HACKING 101: An Intro to Hardware Hacking

Autonomous robotics based on simple sensor inputs.
Autonomous robotics based on simple sensor inputs. Autonomous robotics based on simple sensor inputs.
Autonomous robotics based on simple sensor inputs. sathish sak
 
Introduction to Arduino Webinar
Introduction to Arduino WebinarIntroduction to Arduino Webinar
Introduction to Arduino WebinarFragiskos Fourlas
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTPrice McDonald
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...PROIDEA
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
 
Introduction to the Arduino
Introduction to the ArduinoIntroduction to the Arduino
Introduction to the ArduinoWingston
 
Networking Chapter 15
Networking Chapter 15Networking Chapter 15
Networking Chapter 15mlrbrown
 
Kathryn McElroy: Building IoT Prototypes with Arduino
Kathryn McElroy: Building IoT Prototypes with ArduinoKathryn McElroy: Building IoT Prototypes with Arduino
Kathryn McElroy: Building IoT Prototypes with ArduinoJordan Bresler
 
Embedded systems basics 8051 - project approach
Embedded systems basics 8051 - project approach Embedded systems basics 8051 - project approach
Embedded systems basics 8051 - project approach hybrald industries
 
Bsides Puerto Rico-2017
Bsides Puerto Rico-2017Bsides Puerto Rico-2017
Bsides Puerto Rico-2017Price McDonald
 
BSides Indy 2017 - Hardware Hacking - Abusing the Things
BSides Indy 2017 - Hardware Hacking - Abusing the ThingsBSides Indy 2017 - Hardware Hacking - Abusing the Things
BSides Indy 2017 - Hardware Hacking - Abusing the ThingsPrice McDonald
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devicesYashin Mehaboobe
 
arduinoworkshop-160204051621.pdf
arduinoworkshop-160204051621.pdfarduinoworkshop-160204051621.pdf
arduinoworkshop-160204051621.pdfAbdErrezakChahoub
 
Digital electronics
Digital electronicsDigital electronics
Digital electronicscallr
 

Similar a HARDWARE HACKING 101: An Intro to Hardware Hacking (20)

Autonomous robotics based on simple sensor inputs.
Autonomous robotics based on simple sensor inputs. Autonomous robotics based on simple sensor inputs.
Autonomous robotics based on simple sensor inputs.
 
Hardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdfHardware-Hacking-101 By Asutosh Kumar.pdf
Hardware-Hacking-101 By Asutosh Kumar.pdf
 
ROBOTICS - Introduction to Robotics Microcontroller
ROBOTICS - Introduction to Robotics MicrocontrollerROBOTICS - Introduction to Robotics Microcontroller
ROBOTICS - Introduction to Robotics Microcontroller
 
Introduction to Arduino Webinar
Introduction to Arduino WebinarIntroduction to Arduino Webinar
Introduction to Arduino Webinar
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOT
 
B1_25Jan21.pptx
B1_25Jan21.pptxB1_25Jan21.pptx
B1_25Jan21.pptx
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
Introduction to the Arduino
Introduction to the ArduinoIntroduction to the Arduino
Introduction to the Arduino
 
Networking Chapter 15
Networking Chapter 15Networking Chapter 15
Networking Chapter 15
 
Kathryn McElroy: Building IoT Prototypes with Arduino
Kathryn McElroy: Building IoT Prototypes with ArduinoKathryn McElroy: Building IoT Prototypes with Arduino
Kathryn McElroy: Building IoT Prototypes with Arduino
 
Embedded systems basics 8051 - project approach
Embedded systems basics 8051 - project approach Embedded systems basics 8051 - project approach
Embedded systems basics 8051 - project approach
 
Bsides Puerto Rico-2017
Bsides Puerto Rico-2017Bsides Puerto Rico-2017
Bsides Puerto Rico-2017
 
BSides Indy 2017 - Hardware Hacking - Abusing the Things
BSides Indy 2017 - Hardware Hacking - Abusing the ThingsBSides Indy 2017 - Hardware Hacking - Abusing the Things
BSides Indy 2017 - Hardware Hacking - Abusing the Things
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
arduinoworkshop-160204051621.pdf
arduinoworkshop-160204051621.pdfarduinoworkshop-160204051621.pdf
arduinoworkshop-160204051621.pdf
 
Ardui no
Ardui no Ardui no
Ardui no
 
Digital electronics
Digital electronicsDigital electronics
Digital electronics
 
IOT beginnners
IOT beginnnersIOT beginnners
IOT beginnners
 
IOT beginnners
IOT beginnnersIOT beginnners
IOT beginnners
 

Más de Tiago Henriques

BSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfBSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfTiago Henriques
 
Pixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecturePixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architectureTiago Henriques
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017Tiago Henriques
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandTiago Henriques
 
BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity Tiago Henriques
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...Tiago Henriques
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015Tiago Henriques
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winTiago Henriques
 
Presentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecPresentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecTiago Henriques
 
Confraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaConfraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaTiago Henriques
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a countryTiago Henriques
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocTiago Henriques
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using sshTiago Henriques
 
Secure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesSecure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesTiago Henriques
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 

Más de Tiago Henriques (20)

BSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdfBSides Lisbon 2023 - AI in Cybersecurity.pdf
BSides Lisbon 2023 - AI in Cybersecurity.pdf
 
Pixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecturePixels Camp 2017 - Stories from the trenches of building a data architecture
Pixels Camp 2017 - Stories from the trenches of building a data architecture
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet version
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in Switzerland
 
BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity BSides Lisbon - Data science, machine learning and cybersecurity
BSides Lisbon - Data science, machine learning and cybersecurity
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the win
 
Presentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresecPresentation Brucon - Anubisnetworks and PTCoresec
Presentation Brucon - Anubisnetworks and PTCoresec
 
Workshop
WorkshopWorkshop
Workshop
 
Enei
EneiEnei
Enei
 
Confraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redondaConfraria 28-feb-2013 mesa redonda
Confraria 28-feb-2013 mesa redonda
 
Preso fcul
Preso fculPreso fcul
Preso fcul
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
Secure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago HenriquesSecure coding - Balgan - Tiago Henriques
Secure coding - Balgan - Tiago Henriques
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 

HARDWARE HACKING 101: An Intro to Hardware Hacking

  • 1. HARDWARE HACKING 101 An introduction to hardware hacking and why it matters...
  • 2. SPEAKER • BSc Software Engineering University of Brighton • MSc by Research in Computer Security and Forensics Univ of Bedfordshire • PhD Dropout • Enjoys breaking stuff • Founder @ptcoresec • Organizer of @Bsideslisbon with @morisson • Never had electronics lessons or any type of background • You should know me by now... It’s my 6th time speaking @confraria!
  • 4. AGENDA • Hardware Hacking • What • Why • Bill of materials • Protocols • Hardware hackz • Demos
  • 5. HARDWARE HACKING - WHAT Q:What is hardware hacking, and why should I care about it ? A:Your secure software is only as secure as the hardware it is running on... Imagine implementing all your crypto correctly but then a tiny itsy bitsy of a “problem” with your RNG.
  • 7. HARDWARE HACKING - WHY • Electronic equipment is virtually everywhere we look. • How safe is this hardware? Should be important to know if it is safe, since we have a ton of things running on chips and using protocols that we take for granted as “secure”.... • Hardware hacking is still a taboo, people feel that its harder to get into it – It’s high school all over again “maths is hard, physics is hard...” • Old attacks work still work on hardware... • Lot’s of security by obscurity... “black box devices”
  • 8. HARDWARE HACKING – WHY WHITEHAT VERSION • We see plenty of articles, most of them say “China hacked X, Y and Z” • Do we forget that there is also something that has the word “China” everywhere? The chips that run in pretty much all the hardware we use are mass built in China. “Made in china” • What if they decided to mass backdoor these chips? Or even better what if they decided to “selectively” backdoor and affect military “grade” chips only?
  • 9. HARDWARE HACKING – WHY BLACKHAT VERSION • Stealing a service – Smartmeter hacking anyone? “Via verde” can also be funny one to look at – Oh, ISP Routers, are the lulz. • Cloning – Company X builds cool Whoopadywoo Gold edition gadget and company Z hires hardware reverse engineer to understand how it works. • Authentication – fake an authentication or bruteforcing it!
  • 10. HARDWARE HACKING – CONCEPTS • You do need a bit of Physics
  • 11. HARDWARE HACKING – CONCEPTS • Voltage - Simply put, voltage is used to provide power. In digital circuits it can be used to transmit data in binary form ON/OFF 1/0. Also in digital circuits it is usually found in form of 3.3V and 5V. Two types of voltage exist: AC and DC • AC (alternative current) – This is what you usually find on the wall. It’s produced in higher voltage at a power station and then reduced to be used at home by your equipment using a transformer for example. • DC (Direct current) – is what you find in batteries, essentially if a battery is 6V it will stay that way until it depletes.
  • 12. HARDWARE HACKING – CONCEPTS • To measure voltage you can use a multimeter or an oscilloscope (we will look at these devices further down in this presentation). A few important points to remember about voltage: • You can only check voltage when your system is powered up. • Voltage must be read between two points (test point and ground point). • Voltage follows a direction – if you see negative values on the multimeter you’re probably putting the ground/black probe on the wrong point.
  • 13. HARDWARE HACKING – CONCEPTS Resistance – a measurement that indicated the amount of current opposition created by a resistor. A resistor is usually represented by the symbol and it has two leads to which a resistor is connected to a circuit. Resistance is measured in Ohms and the symbol used is Ω (Omega)
  • 14. HARDWARE HACKING BILL OF MATERIALS • Soldering iron • Desoldering Tool • Solder • Multimeter • Logic Analyzer • Microscope / Magnifier • Digital Circuit Design software • Wires – long, small, different sizes • Microcontroller reprogrammer • Prototyping microcontroller • Oscilloscope • Breadboards • Random electronic components • Hardware to break!
  • 15. HARDWARE HACKING BILL OF MATERIALS Soldering iron Price: range 50€ - 5000€> Multiple types: Gas, Laser, Heat...
  • 16. HARDWARE HACKING BILL OF MATERIALS Desoldering gun / pump Price range: 10€ - 500€> Multiple types: Pump, Gun
  • 17. HARDWARE HACKING BILL OF MATERIALS Solder Price range: 2€ - 200€> Multiple types and sizes
  • 18. HARDWARE HACKING BILL OF MATERIALS Multimeter Price range: 11€ - 9000€> Multiple types: Digital and Analog
  • 19. HARDWARE HACKING BILL OF MATERIALS Multimeter A multimeter is a device that can be used to measure multiple things, the most basic multimeters are able to measure the following: • Voltage • Current • Resistance The accuracy of these devices usually depends a lot on the price as well.
  • 21. HARDWARE HACKING BILL OF MATERIALS Putting the black probe (ground) on the negative side and the red probe on the positive, and then choosing DC Voltage 2V on the multimeter shows the following result
  • 22. HARDWARE HACKING BILL OF MATERIALS The same thing can be done for resistors. If we grab a random resistor: And then we connect the probes. (In this case I used a bit of cable to connect them as they wouldn’t stick for the photo , also it doesn’t matter to what end you connect each probe. Unlike voltage, resistance isn’t directional.)
  • 23. HARDWARE HACKING BILL OF MATERIALS Logic Analyzer Price range: irrelevant. What you want is this: The Salae Logic Analyzer - 140 € Used to understand which protocols are running and To debug different chips/protocols.
  • 24. HARDWARE HACKING BILL OF MATERIALS Microscope or Magnifier Price range: 10€ - 5000€
  • 25. HARDWARE HACKING BILL OF MATERIALS Digital circuit software Price range: 0 € - 5000 € http://fritzing.org/
  • 26. HARDWARE HACKING BILL OF MATERIALS Wires Price range: 5€ - 400€ Made of multiple materials, different sizes, lenght etc...
  • 27. HARDWARE HACKING BILL OF MATERIALS Microcontroller reprogrammer Price range: 20€ - 500€> Different protocols, capacity, speed, functionality... In my case I have a Bus Pirate “The Bus Pirate is an open source hacker multi-tool that talks to electronic stuff. It's got a bunch of features an intrepid hacker might need to prototype their next project.” http://dangerousprototypes.com/docs/Bus_Pirate
  • 28. HARDWARE HACKING BILL OF MATERIALS • Bus Pirate • Talks multiple protocols • Built in Terminal • Can be controlled using python or c • Connects via USB • Protocols: 1-wire, UART, i2c, SPI, raw-2 wire, raw-3 wire, MIDI, PC Keyboard, JTAG
  • 29. HARDWARE HACKING BILL OF MATERIALS • Bus Pirate
  • 30. HARDWARE HACKING BILL OF MATERIALS Microcontroller reprogrammer Price range: 20€ - 500€> Different protocols, capacity, speed, functionality... In my case I also happen to have a GoodFET 31
  • 31. HARDWARE HACKING BILL OF MATERIALS Prototyping microcontroller Price range: 20€ - xxxx€> Different protocols, capacity, speed, functionality... In my case I have multiple arduinos
  • 32. HARDWARE HACKING BILL OF MATERIALS Prototyping microcontroller Price range: 38€ Different protocols, capacity, speed, functionality... Another great choice are the new beagle Boards. For the price they look even better then the arduinos.
  • 33. HARDWARE HACKING BILL OF MATERIALS Oscilloscope Price range: 40€ - 5000€> Different capacity, speed, functionality... In my case I currently have a DSO Nano v3, this is a cheap scope that can be bought for 40€, its really all you need when you start, currently am considering upgrade to the Rigol DS2072, which at 500€ is still a great price for a full blown scope.
  • 34. HARDWARE HACKING BILL OF MATERIALS Breadboards Price range: 5€ - 50€ Different sizes.
  • 35. HARDWARE HACKING BILL OF MATERIALS Random electronic components • Resistors • Batteries • Capacitors • Sensors • Diodes • Transistors
  • 36. HARDWARE HACKING BILL OF MATERIALS Hardware to break! mobile Nook Tamagotchi IM-ME Routers
  • 37. HARDWARE HACKING BILL OF MATERIALS Hardware to break! femtocell Printer Random Hardware
  • 38. HARDWARE HACKING BILL OF MATERIALS Hardware to break! Medical devices
  • 39. HARDWARE HACKING PROTOCOLS SPI - Serial Peripheral Interface – operates in full duplex, is a synchronous serial data link, the devices communicate between them in a master/slave model. For SPI you will see a minimum of 3 pins. I2C – Inter Integrated Circuit – Uses 2 bidirectional lines SDA (Serial Data Line ) and SDC (Serial Data Clock). It operates in half duplex and since it uses 2 lines you will see 2 pins on devices.
  • 40. HARDWARE HACKING PROTOCOLS • JTAG - Joint Test Action Group – usually used to debug devices. There are two possible pin layouts for JTAG: • 4 pins • TDI (Test Data In) • TDO (Test Data Out) • TCK (Test Clock) • TMS (Test Mode Select) • 5 pins • TDI (Test Data In) • TDO (Test Data Out) • TCK (Test Clock) • TMS (Test Mode Select) • TRST (Test Reset) optional.
  • 41. HARDWARE HACKING PROCESS • The process to start some hardware hacking should be the following: 1. Crack open the surrouding case to access PCB – Watch out for safety measures – (secure seals, protective plastics) 2. Identify pins and components get access to datasheet 3. Connect and acquire useful data 4. Reverse 5. ??? 6. Profit OUR FOCUS
  • 42. HARDWARE HACKING PROCESS – PIN IDENTIFICATION • We know the different protocols, we know the number of pins, but how do we find what each pin is? 1. Use multimeter – Measure voltage on all different pins 1. If pin has 3.3 volts or less its most likely used for data 2. If pin has >5v power source! 3. 0 volts = unused pin or ground 2. Connect a scope, identify Square waves (these are digital signals) 3. Connect logic analyzer to those pins, separate clock from data pins 4. Analyze data and being reversing... Source:http://www.turbosq uid.com/FullPreview/Index.c fm/ID/428945
  • 43. HARDWARE HACKING PROCESS – COMPONENT IDENTIFICATION • What if I don’t want to poke all the pins and connections? • You can try to identify the different components and access their data sheets, where u can get all the technical information you might need • Vendor and part numbers are usually printed on the components • Look for manufacturers logo • Alphanumeric codes to identify
  • 44. HARDWARE HACKING PROCESS – COMPONENT IDENTIFICATION • http://www.chipdocs.com/logos/logotypes.html
  • 45. HARDWARE HACKING PROCESS – DATASHEETS • Data sheets are documents that contain technical information about the component • Some are free, others are paid • http://octopart.com/ • http://www.findchips.com/ • http://datasheetlocator.com/ • http://www.eem.com/ • http://www.ihs.com/products/product-design-sourcing/component-supplier- data/caps-expert.aspx
  • 47. HARDWARE HACKING HACKZ • Real man wear pink pagers!
  • 48. HARDWARE HACKING HACKZ • Wiring IM-ME for custom firmware installation! 1 2 3 3 4 1 - !RST - Reset 2 – DD – Debug Data 3 – DC – Debug Clock 4 - +2,5V - Power 5 – Gnd - Ground More information: http://travisgoodspeed.blogspot.pt/2010/03/im-me-goodfet-wiring-tutorial.html
  • 49. HARDWARE HACKING HACKZ • TV tuner + all mighty clock!
  • 50. HARDWARE HACKING HACKZ • TV tuner + all mighty clock! Results: http://adamsblog.aperturelabs.com/2013/03/you-can-ring-my-bell-adventures-in-sub.html
  • 51. HARDWARE HACKING HACKZ • Linksys WMB54G and others! Connector J9 Pin 1 – TX – Transmission Pin 2 – RX – Receiver Pin 8 – GND - Ground RAMDISK: ext2 filesystem found at block 0 RAMDISK: Loading 4096 blocks [1 disk] into ram disk... done. Freeing initrd memory: 4096k freed VFS: Mounted root (ext2 filesystem). Freeing unused kernel memory: 60k freed mount /proc file system ok! serial console detected. Disabling virtual terminals. init started: BusyBox v1.00-pre8 (2008.01.17-05:54+0000) multi-call binary BusyBox v1.00-pre8 (2008.01.17-05:54+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. # http://www.devttys0.com/2012/07/hacking-the-linksys-wmb54g/
  • 52. HARDWARE HACKING HACKZ • Hardware Random Number Generator • Two types of RNG: True and Pseudo • Pseudo – Created by algorithm • Problem – if someone knows your algorithm in theory can predict your random numbers • True – generates sequences that are impossible to predict. Use random physical events as sources of randomness. Component Quantity Arduino 1 2N3904 Transistor 3 4.7k Resistor 2 10k Resistor 1 1.5M Resistor 1 0.1µf Capacitor 1 10µf Capacitor 1 Breadboard 1 12v DC Adapter 1
  • 54. HARDWARE HACKING HACKZ 1. The two transistors create avalanche noise 2. Third transistor amplifies the noise 3. Noise is sent across voltage dividers to the arduino
  • 55. HARDWARE HACKING HACKZ 1 0 1 0 0 1 1 0 Arduino applies Von Neumann filtering to remove possible bias Provides network service that feeds random numbers
  • 56. HARDWARE HACKING DEMOS • Logic analyzer and SMC WAAG EU
  • 57. HARDWARE HACKING DEMOS • 2x Arduinos bomb Man in the middle Timer Activator
  • 58. HARDWARE HACKING COMPLICATIONS • Hard to access pins for probing! • Solution!
  • 59. HARDWARE HACKING COMPLICATIONS • Epoxy! • Heat gun • Dremel tool and sharp wooden stick • Best solution: Fuming Nitric Acid • Warm the nitric acid to 60 degree celsium • Putt small drops on the epoxy it will come right off
  • 60. HARDWARE HACKING CONCLUSION • Hardware hacking can be lots of fun even for software peeps • The initial part is simple and doesn’t have a HIGH learning curve • The more complicated parts will come naturally because you had so much fun with the beginning • Tools for hardware hacking have lowered in price where a beginners kit can easily be bough for 300-350 euros • Protocols down there still need to improve a lot on security

Notas del editor

  1. If we look at the display we can see that the resistor measures as 1.46Ω, we can then assume that this is a 1.5M Ω resistor.
  2. Charlie miller research on batteries of mac books – it used i2cWii nunchuck = i2cPower button on laptop = SMBus which is i2c
  3. Does anyone remember the times we used to buy Motorola modems for cable and then switch the configs to get higher speeds? DOCSIS 2.0
  4.  It considers bits two at a time, taking one of three actions: when two successive bits are equal, they are discarded; a sequence of 1,0 becomes a 1; and a sequence of 0,1 becomes a zero. It thus represents a falling edge with a 1, and a rising edge with a 0It cannot assure randomness in its output, however. What it can do (with significant numbers of discarded bits) is transform a biased random bit stream into an unbiased one.