WORKSHOP OBJECTIVE
The objective of this training is to introduce attendees to low-level hardware hacking. Underlying concepts and idea about hardware insecurity, in-depth explanation of digital signals, protocols, and firmware dumping. Additionally, there will be exercises to practice the acquired skills, by attacking our DIVA board and will able to work on real-world devices. This includes an introduction to common software tools that hardware hackers use. After successfully completing this training, the attendees will have a Pentest Hardware procedure to evaluate security and attack IOT devices.
COURSE CONTENT
- Introduction to hardware
- Components
- PCB
- Resistors, Capacitors, Inductors, crystal etc
- Memory chips
- Vcc & Gnd
- DC/AC Voltage
- Memory
- Packages
- Through hole
- Surface mount
- Ball Grid Array
- Hardware Tools
- Bus Pirate
- Jtagulator/Jtagenum
- Logic Analyzer
- Attacking Hardware Interfaces
- Hardware Reconnaissance
- Analyzing the board
- Datasheets
- I2C
- Introduction
- I2C Protocol
- Interfacing with I2C
- Manipulating Data via I2C
- Sniffing run-time I2C communication
- SPI
- Introduction
- SPI Protocol
- Interfacing with SPI
- Manipulating data via SPI
- UART
- What is UART
- Identifying UART interface
- Method: Using Multimeter
- Accessing sensor via UART
- JTAG
- Introduction
- Identifying JTAG interface
- Method: Using Jtagenum
- Run-time analysis and data extraction with openocd
PREREQUISITE / WHO SHOULD ATTEND
- This course is intended for everyone having an interest in security aspects related to hardware products or embedded devices.
- Electronic enthusiasts and professionals
- IT security professionals
PARTICIPANTS REQUIREMENTS
- Laptop with Virtual Box installed
- Hard disk : Minimum 15GB of free space
- RAM : 4GB Minimum
- 2 free USB port
DURATION (1/2 DAY)
6 hours
WHAT TO EXPECT
- Basics of hardware hacking and hardware in general.
- A detailed take on components and communication interfaces on low level.
- Introduction to common software and hardware tools.
- Perform basic reversing exercises which will be useful in the real world.
- Hands-on on various digital signals, protocols, debug interfaces.
Have you conducted workshop before on any other security / technology conference(s)?
For privare parties
OTHER NEEDS & REQUIREMENTS
Do you (Trainer) need Internet access during the workshop? yes
Do the participants need Internet access during the workshop? yes