Workshop Title:

Hands-on IoT firmware extraction and forensics

Abstract:

For a complete analysis of an IoT device, it is required to look at the firmware itself. In most cases this means that the firmware, data or encryption keys need to be extracted from the device memory. Many researchers are hesitant to do that as there is a high risk of destroying the device or leaving it in an inoperable state. In this workshop we will look at different flash memory types (EEPROM, SPI flash, NAND flash, eMMC flash) and how to extract the information from them. We will try various methods, which include ISP (In-System-Programming) and Chip-Off methods.

Covered topics:

Flash types, desoldering methods, re-balling of flash chips, usage of different flash tools, countermeasures

Take-away:

Students will learn how to teardown devices in a non-destructive way and to extract the firmware. In a hards-on lab, participants have the chance to desolder various kinds of flash chips, dump them and resolder them.

Speaker Bio:

Dennis Giese is currently a PhD student at Northeastern University and focuses on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices.

He did forensic and reverse engineering of various IoT devices, like Amazon Echos. His most known projects are the documentation and hacking of various vacuum robots.