image image

Joe Grand

Practical Hardware Hacking Basics + Bonus Day!


Trainer: Joe Grand

Date: 28th - 30th May 2024

Time: 9:00am to 5:30pm PDT

Venue: Santa Clara Marriott

Training Level: Basic


Training Objectives:

Interested in hardware hacking, but don't know where to start? This class, taught by world-renowned engineer and hacker Joe Grand, teaches fundamental hardware hacking concepts and techniques used to reverse engineer and defeat the security of electronic devices. Having premiered at Black Hat in 2005, it is the longest running hardware hacking training in our industry.

This comprehensive training covers product teardown, component identification, circuit board reverse engineering, soldering and desoldering, signal monitoring and analysis, and memory extraction, using a variety of tools including a logic analyzer, multimeter, and device programmer. It concludes with a final challenge where you'll identify, reverse engineer, and defeat the security mechanism of a custom embedded system. No prior hardware, electronics, or security experience is required.

The bonus day (a hardwear.io exclusive) allows for exploration of more advanced hardware hacking and espionage techniques.

Through Joe's unique teaching style and relevant hands-on exercises, you'll not only gain the technical skills to explore, manipulate, and exploit electronic devices, but also the understanding of how to apply your skills against other hardware once you leave the classroom.


Training Detailed Description:

Day 1:
  • Hardware Hacking Overview
  • Information Gathering
  • Product Teardown
    • Opening housings
      • Product assembly/disassembly methods
      • Anti-tamper mechanisms
      • Hands-on exercise: Defeat epoxy encapsulation
    • Component identification
      • Discrete components
      • Integrated circuits
      • Finding and reading data sheets
      • Hands-on exercise: Identify target components
  • Schematics and PCBs (Printed Circuit Boards)
    • Creating/reading schematics
    • PCB construction/fabrication methods
    • Hands-on exercise: Modify target PCB
  • Soldering and Desoldering
    • Tips/techniques
    • Hands-on exercise: Soldering
    • Hands-on exercise: Desoldering
  • Buses and Interfaces
    • Identifying interfaces
    • Determining pin function
      • Hands-on exercise: Measurements w/ multimeter
      • Hands-on exercise: Create block diagram/schematic

Day 2:
  • Buses and Interfaces (continued)
    • Signal monitoring/analysis
      • Tools/techniques
      • Serial communications interfaces (UART, I2C, SPI)
      • Hands-on exercise: Signal monitoring w/ logic analyzer
      • Hands-on exercise: Digital decoding w/ logic analyzer
      • Hands-on exercise: Interactive console via UART
  • Signal/Data Manipulation
    • Tools/techniques/examples
    • Debug interfaces (vendor-specific, JTAG)
  • Memory and Firmware
    • Memory types
    • Hands-on exercise: Extract/modify data from EEPROM
    • Security/code protection bypass examples
    • Firmware analysis tools/techniques
  • Hardware Hacking Challenge
    • Apply the knowledge and skills learned to defeat the security mechanism of a custom electronic device.

Day 3: BONUS MATERIAL (hardwear.io Exclusive)
  • Side Channel Attacks
    • Hands-on exercise: Discover side channel weakness on a custom circuit board, defeat PIN protection via timing attack
  • Hardware Implants
    • Hands-on exercise: Build a keystroke-injection hardware implant, experiment with various payloads
  • Covert Channels/Data Exfiltration
    • Hands-on exercise: Discover covert channel on a custom circuit board, capture/decode exfiltrated data
  • Fault Injection/Glitching
    • Hands-on exercise: Extract program code from a protected microcontroller via voltage glitch using the ChipWhisperer

Who Should Attend? | Target Audience:

This class is for anyone interested in hardware hacking, including security researchers, digital forensic investigators, design engineers, and executive management. Whether you are looking to expand the capabilities of your organization or would like to understand how hackers may be reverse engineering your products, this class is a great starting point.


What to Bring? | Software and Hardware Requirements:

Everything required for the class will be provided, including (but not limited to) soldering iron, multimeter, logic analyzer, device programmer, wire strippers, test clips, safety goggles, and a laptop pre-loaded with the required software.


What to Bring? | Prerequisite Knowledge and Skills:

No prior hardware, electronics, or security experience is required. Each student will be led through the material and hands-on exercises regardless of past experience. Questions are encouraged along the way!


Resources Provided at the Training | Deliverables:

  • Course presentation on USB thumb drive
  • Custom training circuit board
  • Hardware implant (O.MG DemonSeed EDU)

ABOUT THE TRAINERS

Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, product designer, teacher, advisor, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic systems since the 1980s.