Duration: 2 Days
Dec 13–14, 2016 (8:30 a.m.–4:30 p.m.)
Mar 8–9, 2017 (8:30 a.m.–4:30 p.m.)
Location: 3500 Pentagon Blvd, Beavercreek, OH 45431

Embedded hardware is everywhere you look today from your vehicle’s infotainment system to refrigerator to medical devices and everything else in-between. With so much exposure one would think that such devices are secure against attack; however, sadly for a large number of devices this is not the case. For proof, just look no further than your local news reports. They are full of reports on devices being hacked into.

So, as engineers, how do we go about first identifying and mitigating (or capitalizing) the potential security vulnerabilities within these devices? The answer to this question, and the subject of this seminar, is through the reverse engineering of the hardware itself. This seminar is a combination of lecture and hands-on exercises which will conclude with the students attempting to attack and defeat a custom embedded device.

While the idea of taking apart a complicated piece of hardware may seem overwhelming, with both the technical background and reverse engineering techniques presented in this seminar you will soon find that you are not only up to the task but more comfortable doing so in the future. To expedite the learning process and remove some of the potential over complexities of embedded systems, the material presented in this seminar will focus on a custom made embedded device which has been designed with simplicity of understanding in mind. At the end of the seminar, students are free to take home with them the embedded device, a starter kit of physical exploitation tools, and the pre-built work environment that was used in the seminar.

Learning Objectives

By attending this seminar, you will be able to:

  • Identify key hardware components of embedded systems
  • Research and use datasheets
  • Interpret basic schematics
  • Identify the computing languages commonly used in embedded devices (including C, Python, AVR, Linux, and Java)
  • Use a Linux-based PC to interface with target hardware
  • Become familiar with common reverse engineering tools
  • Locate and use hidden communication paths (i.e. debug ports)
  • Use a logic analyzer to capture communications between a Micro Controller Unit (MCU) and external memory
  • Extract firmware from an embedded system

Who Should Attend

This seminar is intended for engineers who want to develop a basic understanding and the corresponding skill set needed for the hardware reverse engineering of embedded systems. The seminar assumes students have at least a basic understanding of programming. Other prospective students who will benefit from this course include computer security researchers, digital forensic investigators, software engineers, network engineers, and senior management.



Topical Outline

Day 1

  • Overview of Hardware Reverse Engineering
    • Accepted Definitions
    • Why would we hack hardware
    • Limitations
    • Adopting a hacker mindset
  • Engineer Bling – Gather Your Tools
    • Soldering / desoldering
    • Multimeters, logic analyzers, and oscilloscopes
    • MCU reader / writers (programmers)
    • Prototyping MCU
    • Miscellaneous items
  • Basic Electronic Concepts for the Budding Hardware Engineer
    • Voltage
    • Resistance
    • Component identification
    • Data sheets
  • Key Components in Embedded Systems
    • MCU
    • Memory
    • Storage
  • Embedded Systems Communication Protocols of Interest
    • Universal Asynchronous Receiver/Transmitter (UART)
    • Serial Peripheral Interface (SPI)
    • Joint Test Action Group (JTAG)
    • Inter-integrated Circuit (I2C)

Day 2

  • Perimeter Reconnaissance
    • Identifying information
    • Exposed entry points
    • Exterior anti-tamper
  • Cracking Open the Box
    • Recording the way things were
    • Tracking the order of things
  • Identification of Pins and Components
    • Company logos
    • Part numbers
    • Pin counts, organization, and layout
  • Datasheet Reconnoitering
    • Google
    • Federal Trade Commission (FTC)
    • Company websites
  • Building a Pre-Attack Plan
    • Locating ports
    • Finding ground and voltage pins
    • Isolating the transmit pin
    • Interfacing to the PC
    • Finding the receive pin
  • Covert Operations
    • Gathering data from off-the-wire
    • Disinformation in communications
    • Firmware acquisition
  • End Game
    • Using your supporting tools and software
    • Hacking and slashing your way through the firmware
    • Looking for missed opportunities
  • Wrapping Up
    • Cleaning up the battle field
    • After action report

Instructor(s): Michael Messuri

Michael Messuri is a Senior System Analyst and Exploitation Engineer at the Embedded, Commercial and Security Office of Assured Information Security, Inc. Mr. Messuri has over 20 years of experience in low-level software engineering, reverse engineering, and malware analysis.

System Requirements:

For this class students will need to bring a laptop computer system with at least 4GB of RAM, 2+ USB 2.0 ports, and has the ability to boot an OS from a USB drive or DVD (OS on USB/DVD will be provided).

Class times for this two day class are from 8:30 am until 4:30 pm each day (lunch and snacks will be provided).

This course qualifies for 13 Continuing Education Units (CEUs).

Registration Dates (Dec 13–14, 2016)
Early Registration (until October 29): $1,500
Regular Registration (October 30 – November 13): $1,600
Late Registration (November 14 – December 6): $1,700
Cancellation Policy: Substitutions allowed up to 1 week prior to event. No refunds after November 13.

Registration Dates (Mar 8–9, 2017)
Early Registration (until January 22): $1,500
Regular Registration (January 23 – February 6): $1,600
Late Registration (February 7 – March 5): $1,700
Cancellation Policy: Substitutions allowed up to 1 week prior to event. No refunds after February 6.