26th - 27thApril | 2 Days
Trainers
Javier-Vazquez Vidal & Ferdinand
This training is oriented for those who have from little to no knowledge on how a system can be reversed on a hardware level. You want to hack an embedded device? Not too fast! To fully understand an embedded system, you must first know how it works on a physical level. The objective of this training is to provide the attendees a starting point on pure and low- level hardware hacking. There will be zero to little IDA, but an in-depth explanation of digital signals, protocols, and some hex file dumping, which are the core of every embedded system. Additionally, there will be exercises to practice the acquired skills, by attacking a custom victim board. On the second day, trainees will also work on real-world devices guided by our experienced instructors. This includes an introduction to common software tools that hardware hackers use. After successfully completing this training, the attendees will be able to find basic attack vectors on the physical layer of an embedded system.
Additionally, there will be exercises to practice the acquired skills, by attacking a custom victim board. On the second day, trainees will also work on real-world devices guided by our experienced instructors. This includes an introduction to common software tools that hardware hackers use. After successfully completing this training, the attendees will be able to find basic attack vectors on the physical layer of an embedded system.
Module 1: Communication protocols
Why are these protocols important?
Serial
SPI
Module 2: The logic Analyzer
What is a logic analyzer?
How can it be used to reverse a system?
Decoding protocols with the LA
Module 3:Different types of low-density memories
Flash and EEPROM
Communication protocols used
How they are used on embedded systems
Module 4: How to dump and modify the memories, and existing types of protections.
Getting to know your IC before removing it
Using the soldering iron to remove and resolder a memory IC
Using the hot air station to remove and resolder a memory IC
Checking for protections against modification
Finding and using Debug ports
Module 5: How to effectively look for backdoors on systems (other than "uart shells")
Basics of embedded system behavior
Production backdoors
Retail product backdoors
Javier Vazquez Vidal
Javier is passionate about technology and specializes in hardware and embedded systems security. He studied Electromechanics and Telecommunications, developing a passion for electronics and technology since his youth. He has been part of several projects that involved well-known hardware, but his first public work was released at Black Hat Arsenal USA 2013, the ECU tool. He also presented the CHT at Black Hat Asia 2014, a tool to take over the CAN network, and shown how a smart meter can be fully compromised at BlackHat Europe 2014. He is currently working as a IT Engineer, and has worked for companies such as Airbus Military and Visteon.
Henrik Ferdinand Nolscher
Ferdinand has been very passionate about information security ever since he was young, and hardware security is a big field of interest for him. In the past, he has been working with Javier in numerous embedded security projects and together, they presented the CANBadger, a novel automotive hacking tool, at Blackhat and DefCon 2016.
