"Hardware Enabled Software Exploitation" is a hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software and hardware of embedded systems. Participants of "Hardware Enabled Software Exploitation" will gain hands-on experience with real-world devices and products, learning to interface with them on a low-level to perform tasks such as:
• Bus spying, tampering, spoofing, injection (UART, SPI, I2C, USB, etc.)
• All you need to know about simple serial interfaces (UART, SPI, I2C)
• Finding Pinouts (JTAG, Serial, etc.)
• All about JTAG: Using JTAG surreptitiously for reverse engineering, attacks, and exploit development, also: “JTAG Fuzzing”
• Stealing Firmware non-destructively (JTAG, direct interface, serial interfaces, etc.)
• Stealing Firmware destructively (pulling chips from the board and reading them)
• Parsing Firmware images and disassembling them
• Firmware analysis
• Simple Side Channel Attacks: how they work and how to use them in the real-world.Power Analysis and Power Side Channel attacks.
• “Glitching Attacks”
• ARM Exploitation via hardware debuggers
• Attacking Low-power RF devices (Zigbee, etc.)
Students will get hands-on experience with tools like:
• JTAG Adapters (JLINK)
• IDA, OpenOCD, GDB
• BusPirate, BusBlaster
• CPLDs (in lieu of FPGAs)
• Multimeter (Ammeter, Voltmeter, etc.)
Students of this course can include but are not limited to penetration testers, reverse engineers, software security auditors/analysts, software exploitation engineers, jail breakers, reverse engineers, and developers.
• No prior experience with hardware based exploitation necessary.
• Novice or Intermediate software exploitation experience recommended (ARM, x86, etc.)
• Familiarity with IDA or disassemblers recommended.
• Understanding of software development, executable file formats, and debuggers recommended.
• Familiarity with assembly (ARM, x86, etc) recommended.
• Novice to Intermediate knowledge of a powerful scripting language required (Ruby, Python, Java, etc.)
• Familiarity with C and C++ recommended.
• Laptop with wireless and wired connectivity:
• IDA Standard
• An SSH client
Target embedded systems, hardware debuggers, small desktop "bench" PC for interfacing with hardware devices and diagnostic hardware, VMWare image for remote access to bench PC, access to universal flash programmer, desoldering kits, soldering irons, jumper wires, headers, static straps, access to oscilloscopes, various diagnostic hardware tools (BusPirates, JTAGulators, Totalphase Beagles, etc.), a copy of "The Android Hackers Handbook."
Stephen A. Ridley developed and taught the sold-out "Practical ARM Exploitation" course the previous two years at Black Hat Las Vegas. Stephen A. Ridley is a security researcher and author with more than 10 years of experience in software development, software security, and reverse engineering. Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every continent except Antarctica (Black Hat, RECon, CCC, CanSecWest, etc). Stephen and his work have been featured on NPR and NBC and in Wired, Washington Post, Fast Company, VentureBeat, Slashdot, The Register, and other publications. He is a Principal at Xipiter which provides general information security services (specifically reverse engineering, software security assessment, and vulnerability research) with a focus on mobile and embedded devices. Xipiter has also developed a consumer smart sensor device called Tally (http://www.tallyyourworld.com) Stephen runs the infosec hardware manufacturing effort http://www.int3.cc
Joe FitzPatrick spent the better part of a decade doing debug, failure analysis, and hardware penetration testing of desktop and server CPUs, and trained hundreds of hardware validators worldwide on hardware security validation techniques. He currently spends his time on hardware security training, research, and consulting, and maintaining securinghardware.com