La ingeniería inversa y el análisis de seguridad de dispositivos hardware suele requerir herramientas especializadas que el usuario medio no tiene disponibles en casa. Durante esta charla presentaremos las herramientas y métodos básicos a utilizar durante el análisis de este tipo de productos, buscando introducir a los asistentes en el mundo del hardware hacking sin necesidad de emplear excesivos recursos. Se empezará desde la búsqueda de información inicial, el análisis de interfaces interesantes (RS232, i2c, USB, etc ), pasando por la obtención del firmware utilizado por el dispositivo y finalmente por la emulación yo debugging en tiempo real del código utilizado por el dispositivo via JTAG. Para cada uno de estos aspectos se realizarán demostraciones sobre hardware común (off-the-shelf).
13. Interesting interfaces
Interface Typical uses
RS232 Shells , debug output
Debug output, peripheral management,
i2c / SPI
serial EEPROM, ...
JTAG Testing and debugging
USB / Ethernet / SATA / Etc Same as your PC ;-)
37. Key security features
Feature Description
Internal boot code / core must assure
Secure boot
integrity of loaded firmware
Security subsystem must assure integrity
Runtime integrity
of running code
Debug interfaces must either be disabled
Interface protection
or (securely) protected
Sensitive keys must be stored within the
Key storage chipset and not readable to the
application
Content stored in external memory
(RAM) during runtime must be protected
External memory protection
from attackers.
(scrambling and maybe authentiaction)
Need to withstand SCA/FI attacks in
Protected crypto cores
order to properly protect keys.
38. Conclusion
• Embedded hacking = FUN
• Attacker’s challenges
– Info gathering often difficult
– Interfacing trickier than with software
• Defender’s challenges
– Device running under hostile environment
39. Shopping list
Item Price
Arduino / Other dev boards 20-60€ each / 20 to 300€
Bus Pirate 25€
Bus Blaster / GoodFET 30€ / DIY
Openbench Logic Sniffer / Saleae Logic Analyzer 40€ / 120€
Cables, solder, screwdrivers, probes, ... -
DSO Oscilloscope Nano / Quad 70€ / 150€
USB Microscope ~20 €
OpenVizsla (when available) 100 – 200 EUR
40. Some things to look at
• Routers, modems, STBs, MFPs ...
• Gaming consoles, modern TVs
• PC parts
• (Smart)phones
• Smart meters, alarms, SCADA/PLCs...
• Car or vehicle electronics
• Home appliances, domotics
• Gadgets
41. HW Hacking resources
• Hack a day – www.hackaday.com
• /dev/ttyS0 – www.devttys0.com
• Bunnie’s blog – www.bunniestudios.com
• Debugmo.de – debugmo.de
• Pagetable – www.pagetable.com
• HW vendors’ forums: SeedStudio, Sparkfun ,
adafruit.com, Dangerous Prototypes , ...
• Fritzing – www.fritzing.org
• [... The list goes on ...]