Hacking Firmware & Hardware: Software Exploitation Via Hardware Exploitation

Senrio Inc. / Xipiter LLC | July 22-25



Overview

"Software Exploitation via Hardware Exploitation" is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors. Found to be vulnerable in millions of devices worldwide.

Some skills taught include:

  • Bus spying, tampering, spoofing, injection on simple serial interfaces like UART, SPI, I2C and others
  • Finding, identifying, analyzing, and interfacing with JTAG, Serial, and other interfaces
  • Configuring, Interfacing, Using, Misusing, and Abusing JTAG for reverse engineering, manipulation, and exploitation
  • Non-destructively extracting firmware via software, JTAG and serial interfaces
  • Invasively extracting firmware by directly accessing or physically removing flash storage
  • Parsing, extracting, and analyzing firmware images
  • Manipulating firmware images to embed backdoors or other functionality
  • Binary analysis of executables on firmware to enable software exploitation


Students will get hands-on experience with tools like:

  • USB serial cables
  • Bus Pirate
  • Various JTAG Adapters
  • Logic Analyzers
  • Multimeters
  • JTAGULATOR
  • OpenOCD
  • UrJtag
  • GDB
  • IDA


A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com

Who Should Take this Course

Penetration Testers, Forensic Investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, "Makers", Tinkerers, Developers, IT Professionals, Mobile Developers, Hackers, jail breakers, and anyone interested.

Student Requirements

No prior experience with hardware based exploitation necessary.
Novice or Intermediate software exploitation experience recommended (ARM, x86, etc.)
Familiarity with IDA or disassemblers recommended.
Understanding of software development, executable file formats, and debuggers recommended.
Familiarity with assembly (ARM, x86, etc) recommended.
Novice to Intermediate knowledge of a powerful scripting language required (Ruby, Python, Java, etc.)
Familiarity with C and C++ recommended.

What Students Should Bring

Laptop with:
  • Wireless and wired connectivity
  • 4+ gb of RAM
  • 3+ usb ports or a reliable USB hub
  • VMWare player or workstation

Patience (hardware can be hard ;-)

What Students Will Be Provided With

Students will be provided with a Lab manual and USB drive with the virtual machine and all software installed. Each student will be provided a lab kit for the duration of the class containing target embedded systems including wireless routers, NAS devices, android tablets, and embedded development boards, as well as tools for identifying and interfacing with test, debug, and peripheral interfaces including serial cables, bus pirates, logic analyzers, multimeters, jtag adapters, etc.

Students will receive their own hardware to take home after the course.
A COMPLETE CLASS SYLLABUS IS AVAILABLE ON: http://sexviahex.com

Trainers

The Senrio Research Team cumulatively has decades of experience in software/hardware reverse engineering and exploitation. The team is responsible for finding and disclosing numerous public and private critical vulnerabilities in software and embedded devices. The Senrio Research Team's device vulnerability disclosures have been found to effect millions of devices worldwide. Along the way the team has written and edited several seminal books and pioneered exploitation techniques . The team largely comes from Xipiter LLC which developed the industry renown courses SexViaHex.com and ARMExploitation.com which have sold out at every public offering (including Blackhat) for over five years!