Scribd
Upload
442 views28 pages

Hands-On Hardware Hacking and Reverse Engineering Techniques

Tutorial de tecnicas de engenharia reversa

Uploaded by

Arthur Rodrigues
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
442 views28 pages

Hands-On Hardware Hacking and Reverse Engineering Techniques

Tutorial de tecnicas de engenharia reversa

Uploaded by

Arthur Rodrigues
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

The Current State of

Hardware Hacking
(even a 2-year-old can do it...)

Joe Grand, Grand Idea Studio


[email protected]
We Need to Open Our Eyes...
 Hardware hacks becoming more common
 Not many use new or novel techniques
 Most "security" has been a mere roadblock

© Grand Idea Studio, Inc.


We Are Part of the Problem
 Many attacks are so easy that we (engineers &
vendors) should be blamed
 We are trained to think like engineers
 We are not trained to think like hackers
 We are constrained by budget and time-to-market
 Security is an afterthought (if at all)
 Our response to hardware attacks is antiquated
– Knee-jerk reactions
– Denial of any issue (and refusal to fix it)

© Grand Idea Studio, Inc.


Hardware Hacking Areas
 Information Gathering
– Obtaining data about the target by any means necessary
 Hardware Teardown
– Product disassembly, component/subsystem identification,
modification
 Firmware Reverse Engineering
– Extract/modify/reprogram code or data
– OS exploitation/device jailbreaking
 External Interface Analysis
– Communications monitoring, protocol decoding/emulation
 Silicon Die Analysis
– Chip-level modification/data extraction
© Grand Idea Studio, Inc.
Common Attack Surfaces
 Memory & Firmware
 Exposed Buses & Interfaces
 Passwords & Cryptography

© Grand Idea Studio, Inc.


Memory & Firmware

© Grand Idea Studio, Inc.


Memory & Firmware
1993: Oki 900 Cellphone Cloning (8051)
www.hackcanada.com/blackcrawl/cell/oki/oki900.html

© Grand Idea Studio, Inc.


Memory & Firmware
1998: NIC MAC Address Cloning (Serial EEPROM)
www.grandideastudio.com/portfolio/mac-address-cloning/

© Grand Idea Studio, Inc.


Memory & Firmware
2000: Declawing the CueCat (Serial EEPROM)
www.sujal.net/tech/declaw/

© Grand Idea Studio, Inc.


Memory & Firmware
2006: IBM ThinkPad BIOS Password (Serial EEPROM)
http://sodoityourself.com/hacking-ibm-thinkpad-bios-password/

© Grand Idea Studio, Inc.


Memory & Firmware
2006: The Netherlands Electronic Voting Machines (68K)
www.wijvertrouwenstemcomputersniet.nl

© Grand Idea Studio, Inc.


Memory & Firmware
2010: India Electronic Voting Machines (Serial EEPROM)
www.indiaevm.org

© Grand Idea Studio, Inc.


Memory & Firmware
2011: HP LaserJet Printer (VxWorks)
http://ids.cs.columbia.edu/sites/default/files/
CuiPrintMeIfYouDare.pdf

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces
1997: BlackBerry RIM 950/957 (RF)
www.grandideastudio.com/portfolio/decoding-mobitex/

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces
2002: Hacking the Xbox (HyperTransport bus)
www.xenatera.com/bunnie/proj/anatak/xboxmod.html

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces
2008: MBTA CharlieTicket (Magnetic Stripe)
http://web.mit.edu/zacka/www/mbta.html

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces
2009: San Francisco Smart Parking Meter (Smartcard)
www.grandideastudio.com/portfolio/smart-parking-meters/

© Grand Idea Studio, Inc.


Exposed Buses & Interfaces
2011: Medtronic Implantable Insulin Pump (RF)
https://media.blackhat.com/bh-us-11/Radcliffe/
BH_US_11_Radcliffe_Hacking_Medical_Devices_Slides.pdf

© Grand Idea Studio, Inc.


Passwords & Cryptography

© Grand Idea Studio, Inc.


Passwords & Crypto
1988: AT&T 1320 Answering Machine Security Code
www.grandideastudio.com/portfolio/answering-machine-advisory/

© Grand Idea Studio, Inc.


Passwords & Crypto
1994: Universal Garage Door Opener
www.grandideastudio.com/portfolio/universal-garage-door-opener/

© Grand Idea Studio, Inc.


Passwords & Crypto
2000: Rainbow iKey 1000 Password Decoding
www.grandideastudio.com/portfolio/attacks-on-usb-tokens/

© Grand Idea Studio, Inc.


Passwords & Crypto
2005: Mobil SpeedPass (TI Digital Signature Transponder RFID)
http://static.usenix.org/event/sec05/tech/bono/bono.pdf

© Grand Idea Studio, Inc.


Passwords & Crypto
2008: Mifare Classic (RFID)
www.cs.virginia.edu/~evans/pubs/usenix08/usenix08.pdf

© Grand Idea Studio, Inc.


What Can Be Done?
 Acceptance
– Admit that security needs to get better
– Acknowledge that someone might be out to get you
 Education
– Learn from history...don't repeat the same mistakes
 Awareness
– Think like a hacker during the design phase
 Dedication
– Security should be another tool in our toolbox
– All facets of the organization need to put forth the effort
to make products better

© Grand Idea Studio, Inc.


O .C OM
TU D I
I DE AS
RA N D
G
WWW.

You might also like