image image

Julian Speith & Simon Klix

FPGA Reverse Engineering


Trainer: Julian Speith & Simon Klix

Date: 30th Oct to 01st Nov 2023

Time: 9:00am to 5:00pm CEST

Venue: Marriott Hotel, The Hague, Netherlands

Training Level: Basic;Intermediate


Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Objectives:

Have you ever come across an FPGA in a real-world device and wondered what is going on inside of it? Would you like to take a look into the circuit implemented on the FPGA, investigate its functionality, and potentially even perform manipulations to, e.g., leak cryptographic secrets?

FPGAs are re-configurable logic devices that can be programmed to implement arbitrary hardware designs. The implemented circuit is stored in a so-called "bitstream" configuration file that encodes the circuit in a proprietary format. To recover said circuit, the bitstream format needs to be reverse engineered to allow for the conversion into a gate-level netlist. This netlist, however, is nothing but an unstructured sea-of-gates that lacks any descriptive symbols or hierarchy. To perform a security evaluation of the implementation or even apply malicious modifications, some understanding of this gate-level netlist is required. However, this is difficult to achieve without proper tooling and training.

This training gives you an introduction to FPGA reverse engineering, starting at bitstream-level and going all the way to achieving an understanding of (parts of) its implementation. For that purpose, we first provide the relevant background on FPGAs, netlists, and cryptography. Using hands-on exercises, we then introduce you to the (mostly open-source) tooling required to perform bitstream-to-netlist conversion, netlist analysis, and bitstream manipulation. For netlist analysis, we walk you through the netlist reverse engineering framework HAL. To familiarize yourself with the tooling, we provide project tasks of varying complexity before taking on larger cryptographic designs. This training builds the foundations for you to start reverse engineering real-world FPGA implementations on your own. While the analysis of ASICs is not part of this training, the acquired knowledge on FPGA netlist reverse engineering can also be applied to ASIC netlists.


What to Expect? | Key Learning Objectives:

After completing the training, the participants will be able to

  • understand FPGAs and their low-level architecture
  • understand the basics of bitstream format reverse engineering
  • convert bitstreams to gate-level netlists using open-source tooling
  • analyze gate-level FPGA netlists using the open-source netlist reverse engineering tool HAL
  • understand dataflow and control within an unknown and unstructured netlist
  • use SMT solving for functional netlist analysis and verification of reverse engineering results
  • simulate a (partial) netlist for dynamic analysis
  • analyze parts of a cryptographic algorithms within a netlist
  • manipulate bitstreams to leak secrets from a cryptographic implementation

Training Detailed Description:

Each training day is split into two parts: (1) a brief introduction to the theoretical foundations related to FPGA reverse engineering and (2) practical exercises to learn how to apply the theoretical knowledge on actual bitstreams and netlists. Most of the training revolves around HAL and extensive Python scripting is required to complete the tasks.


Day 1:
  • Theoretical Foundations:
    • FPGA architecture and configuration
    • netlist reverse engineering
  • Introduction to HAL:
    • import a project
    • use the GUI for visual netlist exploration
    • develop Python scripts interacting with the netlist
    • analyze combinational logic by inspecting Boolean functions, e.g., using SMT solving
    • group related netlist components to reconstruct hierarchy
    • introduction to (partial) netlist simulation for netlist reverse engineering

Day 2:
  • Theoretical Foundations:
    • finite state machines (FSMs) in hardware
    • cryptography in hardware and fault attacks
  • Leaking Cryptographic Secrets:
    • recover a gate-level netlist from a bitstream using Project X-Ray
    • locate a cryptographic algorithm using datapath analysis
    • locate and analyze the FSM controlling the cryptographic algorithm
    • manipulate the FSM to tamper with the execution of the cryptographic algorithm
    • inject the manipulations into the bitstream and flash it to a real device
    • analyze the device output and reconstruct the cryptographic key

Day 3:
  • Theoretical Foundations:
    • bitstream reverse engineering and conversion
    • datapath analysis
  • Bitstream Fault Attacks:
    • detect cryptographic S-boxes in the netlist
    • inject random persistent faults into the S-boxes by manipulating the bitstream
    • flash manipulated bitstream to a real device
    • reconstruct secret key with the faulty ciphertexts
  • Hardware Trojan Detection (optional, only if time permits):
    • identify a hardware Trojan subverting the cryptographic implementation using dataflow analysis
    • determine the Trojan trigger using SMT solving
    • remove the Trojan from the implementation and the bitstream

Who Should Attend? | Target Audience:

This training is aimed at

  • forensic investigators
  • hardware reverse engineers
  • FPGA designers and manufacturers
  • security researchers
  • hardware hackers

What to Bring? | Software and Hardware Requirements:

  • a laptop with at least one USB-A port (or a suitable USB-C adapter)
  • Ubuntu 20.04 or 22.04 running natively or within a VM (combined with knowledge on how to forward your USB ports to the VM)

What to Bring? | Prerequisite Knowledge and Skills:

  • Basic understanding of Python is strictly required
  • Basic understanding of FPGAs and netlists is strongly recommended
  • Basic understanding of cryptography is helpful, but not required

Resources Provided at the Training | Deliverables:

  • Slides covering the background and the basics
  • Access to the required tools (if not available open-source)
  • Exercise sheets detailing the hands-on tasks
  • Bitstreams and netlists required for the exercises
  • Digilent Basys3 boards featuring a Xilinx Artix-7 FPGA

ABOUT THE TRAINERS

Julian Speith is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. His research involves various aspects of hardware security and includes developing new approaches for hardware reverse engineering as well as hardware Trojan deployment and detection. He did both his B.Sc. and M.Sc. in IT security at Ruhr University Bochum, one of Europe's most prestigious research hubs for cyber security.

Simon Klix is a PhD student in the Embedded Security group at the Max Planck Institute for Security and Privacy, where he is advised by Prof. Christof Paar. He received his M.Sc. degree in IT Security from Ruhr University Bochum. His main research interest lies in embedded security with a focus on hardware reverse engineering.