- Webinar |
- Netherlands 2024 |
- USA 2024 |
- Netherlands 2023 |
- USA 2023 |
- Netherlands 2022 |
- USA 2022 |
- Netherlands 2021 |
- USA 2021 |
- Germany 2021 |
- Berlin 2021 |
- Netherlands 2020 |
- Virtual Con 2020 |
- Berlin 2020 |
- Netherlands 2019 |
- USA 2019 |
- Berlin 2019 |
- Netherlands 2018 |
- Berlin 2018 |
- Netherlands 2017 |
- Netherlands 2016 |
- Netherlands 2015
Hardwear.io Berlin 2021 Links
EMFI and Voltage Fault injection attacks with Raiden
Duration: 4 days (5hrs each day)
Date: 27th to 30th January 2021
TRAINER
Adam Laurie & Grzegorz Wypych
Overview
This 4-day training is focused on learning fault injection techniques using our own pulse generator - Raiden (open sourced during Black Hat Asia 2020). We build it, we know it inside out, and we can share this knowledge with students. During training we want to teach you not only how to use Raiden but also how to apply gained knowledge for real attack scenarios. We want to show you attack vectors like: Voltage glitching, Electromagnetic Field Injection. You will learn how to build test setup, trigger fault injection attacks on UART/USB packets. Labs will include real CVEs reported in 2020 by us.
Hardware Targets
NXP 11xx series, STM32CubeX Microcontrollers
Target Audience
- security researches
- embedded developers who want to understand how bootloader architecture issues could impact security
- everyone who wants to learn how hackers may reverse engineer and exploit your product
Topics
- Know your tools: Oscilloscope, Raiden, USB hardware triggering, Logic Analyzer, GDB
- Bootloader reverse engineering for profit
- Understanding use of Differential Power Analysis for more accurate timing
- Understand where and how apply voltage/EMFI glitching attacks
- Understanding how to use manuals to find flaws and potential attack vectors
- Understand how USB2 descriptors works
- Building custom tools in Python to support device recon
Labs
- Connecting tools and targets
- Recompiling and upgrading libUSB library to support USB glitching attacks
- Reverse engineer USB device library and find attack vectors
- Programming Microcontrollers for CRP an RDP protection using C and Python
- Bypassing CRP3 protection on NXP microcontrollers
- Firmware recovery on protected NXP microcontrollers
- Reverse engineer USB device library and find attack vectors
- Attacking USB device library for memory leaks
Note: Labs will be available remotely via VPN access. Students will have chance to work with advanced devices and configurations in order to solve provided challenges and tasks. Labs will include real vulnerabilities with CVEs that trainers found during they research work. This will give students necessary skills to start their own hardware research journey after training and ability to reuse gained skills
Class requirements
- Understanding of reverse-engineering hardware and software (basic knowledge)
- Basic knowledge of IoT and/or embedded systems security
- Understanding of C language and python scripting skills
- Laptop with network access
ABOUT THE TRAINER
Grzegorz Wypych is a 37 year old security researcher, tool inventor, speaker at hardwear.io, SecurityPWNing - Poland. He specializes in reverse engineering binaries and fault injection attacks. He is the author of blogs on securityintelligence.com, reporting 0-day vulnerabilities for IoT devices. Before joining X-Force Red, he worked as a Software Developer and Network Engineer/Architect.
Adam Laurie is an old school hacker, DEF CON Quartermaster who specializes in embedded systems and OTA protocols. He also runs the hardware live hacking contest called Hardpwn at hardwear.io
