Hardware reverse engineering is a mysterious area to software reverse engineerings. This course will shed lights on the usual and verified methods to achieve acquisition of malware and control over the unknown device in relatively minimal lab environment. The challenge with hardware reverse engineering comes from the complicated processes involved with overall reverse engineering and debugging process. This course will give you verified guides and methods. The target device and essential tools will be provided.
- Registration open for Feb 2020 session in Seoul, Korea.
Overview
Part 1. Hardware Reverse Engineering Basic Skills
- Objectives: Learn basic knowledge and skills for hardware reverse engineering
- Learn basic soldering/de-soldering techniques
Contents
- Soldering theory and exercise sessions
- Types of solder and temperature
- The mechanism how soldering works
- Exercise sessions for soldering
- De-soldering theory and exercise sessions
- Methods to decapitate chips from circuit board
Part 2. Hardware Reverse Engineering Basic Concepts
- Objectives: Learn basic electronic circuit knowledge for hardware reverse engineering
- Learn basic concepts for circuit board and protocols
- Learn basic approaches to identify circuit board components
Contents
- Protocols
- Learn basic protocols used in the circuit boards (UART/SPI/I2C)
- Study cases where each protocols are used
- Memory technology
- Learn basics of NAND Flash technology and methods to dump and program contents
- Debugging access
- Learn concept of JTAG and methods to use it
Part 3. Reverse Engineering Target Device
- Objectives: Exercise reverse engineering a medical device
- Learn the basic approaches for reverse engineering unknown device
Contents
- UART access
- Learn basic approaches to find UART pins and connecting terminal programs to access it
- JTAG access
- Learn basic approaches to find JTAG pins and connecting JTAG emulators to access JTAG features (program control, firmware extraction/programming)
- Flash-memory access
- Learn basic approaches to decapitate NAND flash memory
- Learn approach to use bit-banging to dump NAND flash memory to read and write raw contents
- Learn basic approaches to access SPI-based memory/chip contents
Part 4. Reverse Engineering Firmware
- Objectives: Understanding methods to reverse engineer Flash memory structure
- Learn the most common structures of the Flash memory contents
- Learn structural approach to extract bootloader/kernel and main file system contents
Contents
- Using basic tools
- Learn basic recon tools like binwalk, etc
- Learn basics of ECC and Flash memory raw structure
- Reverse engineering bootloader
- Understanding bootloader concept and their functions
- Using static and dynamic analysis to reverse engineer bootloader
- Understanding method to access protected bootloader (bootloader modification or finding backdoor function)
- Reverse engineering kernel
- Understanding methods to extract kernel
- Understanding methods to modify kernel to implant backdoor access
- Reverse engineering file system
- Understanding usual file systems used in embedded devices and IoT devices
- Extracing contents from file systems
- Reconstructing file system with modified contents
Notes
- Soldering kits, logic analyzer and J-LINK emulator will be provided
- Target device is a medical device without any public known researches