Rebuilt from the ground up and new for Black Hat this year, this hands-on class will introduce you to the common interfaces on embedded MIPS and ARM systems, and how to exploit physical access to grant yourself software privilege.
This course focuses on UART, JTAG, and SPI interfaces. For each, we'll do a brief architectural overview, followed by hands-on labs identifying, observing, interacting, and eventually exploiting each interface. We'll also do basic analysis and manipulation of firmware images.
Developed and taught by an electrical engineer with over a decade of hardware security experience, over 70% of our time will be hands-on with current off-the-shelf hardware, supported by lectures to fill in the background. This is why classes we developed have sold out at Black Hat the past 3 years.
This two-day course prepares you with the skills needed for Applied Hardware Attacks: Hardware Pentesting - consider taking the two together for a complete 4 days.
Please note that the course is continually improved and topics might change slightly:
Part 1: UART
- Background: UART History, Architecture, and Uses
- UART Lab 1: Connecting to a known UART
- UART Lab 2: Identifying and analyzing an unknown UART
- UART Lab 3: Escalating and persisting UART privilege
Part 2: JTAG
- Background: JTAG History and Purpose
- JTAG Lab 1: Hardware and Software Setup
- JTAG Lab 2: Escalating Privilege via Kernel
- JTAG Lab 3: Escalating Privilege via a Process
Part 3: SPI
- Background: Flash storage and the SPI interface
- SPI Lab 1: Accessing Flash from software
- SPI Lab 2: Sniffing and Parsing SPI
- SPI Lab 3: Dumping SPI from Hardware
- SPI Lab 4: Firmware Analysis
Part 4: Firmware
- Background: More types of Flash, Storage, and Firmware
- Firmware Lab 1: Dumping Firmware from Software
- Firmware Lab 2: Manipulating firmware images
- Firmware Lab 3: Finding software bugs in firmware
This course is geared toward pen testers, red teamers, exploit developers, and product developers who wish to learn how to take advantage of physical access to systems to assist and enable other attacks. In addition, security researchers and enthusiasts unwilling to 'just trust the hardware' will gain deeper insight into how hardware works and can be undermined.
No hardware or electrical background is required. Computer architecture knowledge and low-level programming experience helpful but not required.
To avoid the thrash of compatibility, software installation, virtual machines, and bootable images, attendees will be provided with all equipment for use during the class, including laptops preconfigured with all necessary software.