Harvard Architecture Embedded Systems Reverse Engineering and Exploitation

IoT and embedded systems became ubiquitous. However, security analysis and exploitation of its firmware could be painful. The world of embedded systems isn't limited to just ARM and MIPS but includes many other microcontroller architectures with Harvard architecture being one of the prevalent. Such MCUs are found in the cars and airplanes, ICS and smart devices, home automation systems, armature electronic projects -- almost everywhere. During the workshop the attendees will learn basic and advanced methods of reverse-engineering and exploitation of firmware in microcontrollers. The course is focused on memory corruption vulnerabilities, but some other bugs will be also covered. Main reviewed architectures are: AVR (8-bit), STM8 and PIC. However, presented principles could be used against other architectures. We will also talk about how to use radare2 and IDA Pro for reversing and exploiting MCU firmware as well as how to develop own tools that help you with your tasks.

Short course abstract:

• Microcontrollers and Harvard architecture fundamentals;
  
• Pre-exploitation: PCB reversing, finding debugging and I/O points, firmware extraction;
  
• Debugging interfaces;
  
• Common reverse engineering techniques for Harvard-architecture MCUs;
  
• Fuzzing of MCU, Watchdogs, crash detection;
  
• Return oriented programming for Harvard architecture MCUs;
  
• Post-exploitation tasks;
  
• Crash course on radare2;
  
• Architecture, assembly, reverse engineering, exploitation and post-exploitation for:
  
• AVR,
  
• STM8,
  
• PIC,
  
• Other architectures (ESP8266, 8051 family, etc.);
  
• Overview of firmware protection techniques.
  
• Secure programming for MCUs.
  

Every module contain several examples and practical exercises.

Information security professionals, software developers, embedded systems developers, computer security researchers, ICS and electronic engineers as well as everyone who wants to learn how hackers reverse engineer and exploit embedded systems and products.

Basic embedded systems knowledge, basic understanding of reverse engineering and buffer overflow/memory corruption vulnerabilities are of advantage, but not strongly required.

Students shall bring their own laptops with pre-installed VMware (Workstation, Server, Player, Fusion) or Oracle VirtualBox. Laptops should have at least 20GB of free space and two free USB ports. IDA Pro is desirable, but not necessary.