Chipping away at root: A practical exploration of real world hardware hacking
- Josh Thomas & Nathan Keltner
Do you find yourself interested in hardware hacking or reverse engineering but simply unsure where to start? This class aims to educate the student on exactly where to start and will provide real world detail on what we do for a living and a hobby. The class is centered around a real world target platform, and we will guide the students through the entire assessment and exploitation process. We will start the class with unboxing a commercial product and end with persistent root shells.
Students should expect to spend 70-80% of their time in guided labs as this is a highly hands on course.
Pre-requisite of Training Class:
Student
- An interest in hardware, a desire to break and understand things
Hardware
- The trainers will provide all hardware required for the class for the students to keep afterwards.
Software
- A mac or linux laptop is required. In the past, students have attempted to use Windows laptops with limited success. It may be possible, but please consider yourself forewarned.
Daily Class Outline
This is a rough outline. In the past, we have lectured specifics while the class is working through labs. One person lectures while the other instructor helps the students who are either ahead or behind the curve. This allows us to not teach to the lowest common denominator for the class, but to make sure everyone gains knowledge and has fun.
Day 1: The Basics
Hours 0-1 -> Meeting our target platform and general introductions / schedules and whatnot. (This will set the full expectations of the class and allow us to determine student knowledge levels… and thus customize the class based on the skill sets.) Hours 1-2 -> How to build a home hardware hacking lab (what you need to get dirty and where in china to pick it up… or on eBay). Why do you care about tools, what makes some tools better than others… general info with advice. < bio break /> Hours 2-3 -> from n00b to EE in an hour (what you really need to know before picking up an iron) Hours 3-4 -> Hands on with hardware lab 1 (taking it apart and understanding the components / learning to google for docs) < Lunch /> -> try not to eat lead solder. Hours 4-5 -> WTF is UART? / WTF is JTAG (and why does Travis love to hate us)? Hours 5-6 -> Hands on with hardware lab 2 (tapping the components and interacting with the device / learn to solder!) < bio break /> Hours 6-7 -> Ok, we have a shell and a nice blob of stuff… what do we do now? (Exploring firmware) Hours 7-8 -> Hands on with hardware lab 3 (wrapping up the hands on labs and finishing intro information…) < Drink /> - Try not to drink molten lead solder * We end day 1 with a temporary root shell on the target device!
Day 2: Slightly More Advanced
(Day 2 will cover anything that slipped from day one + questions.) This day is very lab heavy… lecture is actually a secondary topic to the hands on portions of the labs Hours 1-2 -> Introduction to logic analyzers, introduction of USB sniffing, general advanced tool lecture. Hours 2-3 -> Hands on with hardware lab 4 (exploring the foothold and looking for persistent connections) Hours 3-4 -> Soldering and reworking techniques AKA How to:
- pop a chip with chipquick or hot-air!
- rake solder
- work with BGA
- bridge a trace
- break a connection
- pull up / pull down lines
- solder through hole & surface mount
- (Sort of an open lab jacking the board we RE'd on day one)
- defeat very simple hardware protection!
- just know WTF you are looking at!
| Organiser: | ||||
 |
||||
| Patron of SyScan'14: | ||||
 |
||||
| Diamond Sponsor: | ||||
 |
||||
| Platinum Sponsor: | ||||
 |
 |
|||
| Silver Sponsor: | ||||
 |
Friends of SyScan'14: | |||
 |
 |
 |
 |
 |
