If you were busy in Cancun over spring break, you missed out on our hardware hacking workshop in the ISIS lab!
Hardware hacking is an important area of security research because while vulnerabilities in software and network interfaces have more visibility, vendors of hardware systems typically do not expect attacks at the hardware level to the same extent. This may lead to poor consideration of security at the hardware level and leave systems open to attack. Vulnerable systems can range from every day electronics like Blu-ray players, printers, and telephones to critical systems like medical electronics, core routers, and industrial control systems.
Here is an overview of some of the topics we covered at the workshop and a list of resources in case you want to get yourself up to speed on what you will need to know to work with hardware.
Current, Voltage, and Basic Circuits: These are the basics that you will need to know about to poke around on a printed circuit board (PCB).
-
Current: Usually the variable ‘I’, this is the rate of flow of electrons in a circuit, measured in Amps [A]. http://en.wikipedia.org/wiki/Electric_current
-
Voltage: ‘V’. This is electric potential difference between two nodes in a circuit. It is similar to pressure, and always measured as a differential between two points. Measured in Volts [V]. http://en.wikipedia.org/wiki/Voltage
-
Ohm’s Law: Relates current as proportional to voltage in a circuit, with another quantity, resistance ‘R’. Resistance is measured in Ohms [Ω]. http://en.wikipedia.org/wiki/Ohm’s_law
-
Kirchoff’s Circuit Laws: These are basic laws for analyzing circuits. http://en.wikipedia.org/wiki/Kirchhoff’s_circuit_laws
-
Voltage Sources: Power supplies are typically designed to act as ideal voltage sources, outputting a constant voltage and letting the resistance of the load determine the current. http://en.wikipedia.org/wiki/Voltage_source
More advanced circuit elements: You will probably run into these, but you might not necessarily need to understand the math behind them.
-
Capacitors: Store energy in an electric field. http://en.wikipedia.org/wiki/Capacitor
-
Inductors: Store energy in a magnetic field. http://en.wikipedia.org/wiki/Inductor
-
Diodes: Allow current to flow in only one direction. http://en.wikipedia.org/wiki/Diode
-
Light-emitting Diodes: Diodes that emit light. http://en.wikipedia.org/wiki/Light-emitting_diode
-
Field effect transistor: Voltage controlled transistor. http://en.wikipedia.org/wiki/Field-effect_transistor
-
Bipolar Junction Transistor: Current controlled transistor. http://en.wikipedia.org/wiki/Bipolar_junction_transistor
Bus Protocols: These are common protocols used to connect chips and embedded devices for communication, programming, and debugging.
-
I2C: Inter-IC (integrated circuit) comunication protocol, 2-wire bus typcally seen in master/slave configurations with a microcontroller controlling sensors or analog-digital convertors (ADCs). Its derivative SMBus is used on PC motherboards for reading onboard sensors. http://en.wikipedia.org/wiki/I%C2%B2C
-
SPI: Higher throughput than I2C, but more wires are required. SD cards use this. http://en.wikipedia.org/wiki/Serial_Peripheral_Interface_Bus
-
CAN: Used commonly in automobiles, noise tolerant. http://en.wikipedia.org/wiki/CAN_bus
-
RS232: Serial Ports are still common method for communicating in embedded devices. You might not see the standard 9-pin port, but you might find these signals on a PCB if you are probing around. Look for ICs from FTDI, they make many different chips for converting to/from this. http://en.wikipedia.org/wiki/RS-232
-
JTAG: Used for programming and debugging chips in embedded systems. http://en.wikipedia.org/wiki/Joint_Test_Action_Group
Tools to help in your task:
-
Digital multimeters: DMMs are measurement tools for measuing voltage, current, resistance, etc. http://learn.adafruit.com/multimeters/overview
-
Bus Pirate: Simple tool for listening to and speaking PCB-level bus protocols. http://dangerousprototypes.com/docs/Bus_Pirate
-
Logic Analyzers: More general tool than a Bus Pirate for reading digital logic signals, but less capable of speaking protocols. http://www.usbee.com/ , http://www.saleae.com/logic/
-
Oscilloscopes: These are for watching an analog signal over time. Advanced ones can decode digital protocols. You shouldn’t go out and buy one, but if your school or company has one it might be helpful. http://en.wikipedia.org/wiki/Oscilloscope
Tips on getting started:
-
Look for markings on ICs. Manufacturer imprints and model numbers can give you a general idea of what a chip does, and a web search will usually get you a white paper describing the pin-outs and functions of a chip. Check http://www.digikey.com/, http://www.findchips.com/, and of course, http://www.google.com/
-
Try to determine a floorplan for the PCB. PCB designers typically partition PCBs into functional “rooms” and keep components for similar functions and sub-systems within these areas. Power supplies, for example, will typically have heavy copper traces, voltage regulator ICs, and large capacitors nearby. Radios will typically be covered with shielding. Broadly modelling the PCB floorplan may help you understand functions of components and what they are doing in a particular area.
-
Look for dedicated bus pins on ICs that you find, and start looking from there. A logic analyzer or oscilloscope could help you in locating useful signals. You might get lucky and find a serial console.
-
Find online communities dedicated to your target. Large groups may already exist dedicated to particular manufacturers and products, and there may already be community documentation that can help you understand your target.
Projects: A key to getting started with anything new is picking a project and setting goals for youself. Students brought in a number of interesting projects consisting of old hardware to work on during the workshop:
-
Square and PayPal Here credit card readers
-
Old AM/FM and VHF radios
-
Programmable AVR Microcontrollers (not Arduinos)
-
A Palm IR keyboard
Now that you’ve got the lay of the land, it’s time to dive in. Good Luck, and try not to let the magic smoke escape!