Course Objectives
After participating in this course, students will have experience with:
- Non-Invasive hardware analysis (component identification, etc)
- Tracing and identifying points of interest on PCBs
- Extracting firmware over multiple interfaces
- Unpacking / analyzing binary images
- Attacking/instrumenting hardware debuggers (JTAG,ETC)
- Modifying, repacking and reflashing firmware
Labs include extracting SPI/I2C-based flash chips, discovering and gaining access to consoles using UART, and identifying, enumerating, and actuating hardware-level debuggers such as JTAG and SWD. Labs are performed on four different real-world targets after introductory protocol labs are performed. Each target was chosen in order to demonstrate a specific protocol, allowing students to gain experience across multiple hardware platforms throughout the course.
All exercises and laboratories are performed using open source tooling on a Raspberry Pi. The Raspberry Pi will be used to attack and exploit all of the targets included in the kit. The tools and techniques used throughout the course were chosen specifically due to their portability across various hardware platforms.
Course Structure
This course includes multiple modules, one for each protocol of interest. For each module, we will perform the following:
- Protocol Overview and Analysis
- Understanding and Reviewing Captured Protocol Traffic
- Protocol Analysis from a Reverse Engineering Perspective
- Tools for Reverse Engineering Specific Protocols
- Practical Attacks and Applications on Provided Targets
Course Modules
Hardware Targets
Students will receive a hardware kit including:
- Raspberry Pi 4 with USBC cable and power supply
- Target #1: Travel Router
- Target #2: Arcade Cabinet
- Target #3: ARM Based USB Controller
- Target #4: Solid State Drive + USB Adapter
- Breadboard, logic level shifter, jumper wires
- Multimeter
- Logic Analyzer
- SOIC8 Clip
- SPI EEPROM, I2C EEPROM

Requirements
This course is targeted toward security researchers who want to learn more about the process of firmware extraction and embedded systems analysis. Students should be familiar with the Linux command line and be comfortable with a scripting language such as python. C experience is also useful but not required
Interfacing with the Raspberry Pi requires an available USB port. A virtual machine is also provided to automate the configuration of the Raspberry Pi. Students should be able to load and run virtual machines if they are not comfortable installing Pulseview and configuring an ethernet interface on their host machine.
Reviews
The course was exactly what I'd hoped it would be. It was the perfect way to get hands-on experience with hardware without the risk of breaking something expensive. I feel the course provided me a good foundation for working with embedded devices and learning other protocols they might use. What I learned will be directly applicable to my day-to-day work.
This was the best technical training I've ever had. As a career software goon, I always felt like electrical signaling and/or digital data transfer at the chip level is this mystical, hand wavey stuff. But that is no longer the case. Matt starts from the fundamentals of electricity, as in this is how we use voltage to represent data, and then builds up the layers of abstraction from there. The mystery is gone. The veil is lifted from mine eyes, and I have Matt to thank for that.
All in all, this course was seriously a game changer for me. This has literally taken me from an infosec employee with near-zero hardware reversing knowledge, to feeling extremely comfortable and excited about diving into some new unknown devices! I can't thank you enough Matthew. I'll continue to rave about your course to friends and colleagues :-)
The course was very helpful. I am looking forward to expanding on these skills for IoT devices. The pace of the course made it easier as a software developer with software RE experience to learn.
The course was awesome. It’s exactly what I was hoping it would be. I just wish I could’ve taken it in person as I had a few distractions at home (as we all do). Overall, I had a blast in this class and learned a ton!
This course was awesome. Even though a lot of it was review for me, I still really appreciated how in-depth Matt went into all of the topics. I didn't necessarily have that deeper background into the why and how. The course flew by for me because I found it so engaging. Thank you!
Private Offerings
This course can be offered privately (remote or onsite) for groups of five or more students. If you are interested in a private offering of this course please contact us for more information.