Javier Vazquez Vidal & Henrik Ferdinand Nölscher

hardwear_800w

Trainer Name: Javier-Vazquez Vidal , Ferdinand
Title: Low level Hardware reversing (Basic)
Duration: 2days
Dates:  20th to 21st Sept 2016

Objective
This training is oriented for those who have from little to no knowledge on how a system can be reversed on a hardware level. To fully understand an embedded system, you must first know how it works on a physical level.
 
The objective of this training is to provide the attendees a starting point on pure and low- level hardware hacking.
There will be zero to little IDA, just digital signals, protocols, and some hex file dumping, which are the core of every embedded system.
 
On the other hand, there will be exercises to practice the acquired skills, by attacking a custom victim board. On the second day, trainees will also work on real-world devices guided by our experienced instructors. This includes a brief introduction to common software tools that hardware hackers use.
 
After successfully completing this training, the attendees will be able to find basic attack vectors on the physical layer of an embedded system.
 
We will cover the following topics:
  • Serial communication
  • SPI
  • I2C
  • JTAG
  • SWD
  • The Saleae Logic Analyzer
  • EEPROMs
  • Flash Memories
  • Common design-patterns in embedded systems
  • PCB Reverse Engineering
  • IC removal without breaking everything
  • Common protection measures in embedded systems
  • Common backdoors in embedded systems
  • Common software tools used for hardware hacking

Course outline

Modules and sub topics of the training (in bullet points)
Day 1
Module 1: Communication protocols
  • Why are these protocols important?
  • Serial
  • SPI
  • I2C
  • JTAG
  • SWD
Module 2: The logic Analyzer
  • What is a logic analyzer?
  • How can it be used to reverse a system?
  • Decoding protocols with the LA

Module 3: Different types of low-density memories

  • Flash and EEPROM
  • Communication protocols used
  • How they are used on embedded systems
Day 2
Module 4: How to dump and modify the memories, and existing types of protections.
  • Getting to know your IC before removing it
  • Using the soldering iron to remove and resolder a memory IC
  • Using the hot air station to remove and resolder a memory IC
  • Checking for protections against modification
  • Finding and using Debug ports

Module 5: How to effectively look for backdoors on systems (other than “uart shells”)

  • Basics of embedded system behavior
  • Production backdoors
  • Retail product backdoors

Prerequisites:

  • Knowledge of basic digital electronics is an advantage.
  • Basic skills with soldering iron is an advantage.
  • Basic experience with embedded systems is an advantage.
What to Bring?
  • Laptop
  • Win7 OS as host or VM.
  • Winhex (licensed or demo).
  • Termite terminal installed
  • Saleae Logic Analizer (any model)
  • Latest Saleae Beta software installed (http://support.saleae.com/hc/en-us/articles/201589175)
  • 5 GB of free space mimimum
  • 4 GB RAM minimum
  • Mouse is recommended
  • Any device that the attendees would like to test the newly acquired skills on (routers, IP cams, etc…)
 
What to expect?
  • Learning how do components work and communicate on low level
  • Understand how an embedded system works
  • Perform basic reversing exercises which will be useful in the real world 

What not to expect?

  • Becoming a hardware hacker in two days
  • Decaff coffee
  • Disappointment
About the Trainers

Javier Vazquez Vidal is passionate about technology and specializes in hardware and embedded systems security. He studied Electromechanics and Telecommunications, developing a passion for electronics and technology since his youth. He has been part of several projects that involved well-known hardware, but his first public work was released at Black Hat Arsenal USA 2013, the ECU tool. He also presented the CHT at Black Hat Asia 2014, a tool to take over the CAN network, and shown how a smart meter can be fully compromised at BlackHat Europe 2014. He is currently working as a IT Engineer, and has worked for companies such as Airbus Military and Visteon.

Ferdinand was very passionate about information security ever since he was young, and hardware security is a big field of interest for him. In the past, he has been working with Javier in numerous embedded security projects. He is currently employed as an information security expert at Code White, where he enjoys breaking software and hardware in creative ways.