Talk Title:

BAM BAM on a Budget: You CAN Do It!

Abstract:

This talk builds upon the groundbreaking BAM BAM research by Colin O'Flynn on electromagnetic fault injection (EMFI) attacks against automotive ECUs, addressing information gaps in the original publication and proving the method works on the CAN Bus as well as the UART. Hash demonstrates how to achieve firmware extraction using a low cost PicoEMP, compared to the original ChipShouter setup. Through practical examples, we'll cover probe positioning, optimal pulse timing, and fault detection methods previously undisclosed. Attendees will learn step-by-step techniques for replicating these attacks, including custom tools for automated fault injection and full source code published post-talk. This is what every person who read the initial paper hoped for!

Speaker Bio:

Hash Salehi is interested in electronics and taking things apart since he was a kid, Hash enjoys reverse engineering things to understand how they work and how they can be made to work differently than they were originally intended.

Long ago, Hash worked on reverse engineering the Neato XV-11 LIDAR and more recently Landis+Gyr Smart Meters. He presented his work decoding their frequency hopping protocol at the GNURadio conference and DEFCON ICS Village in 2021. He also presented Building a Silicon Analysis Toolkit in Your Garage at Hardwear.io USA 2024.

You can find more on his RECESSIM Reverse Engineering YouTube channel, or his bio on the RECESSIM Wiki.