Hardware Hacking Bootcamp


This five day course is designed to teach the fundamentals of hardware reverse engineering and analysis. With a focus on understanding the low level protocols that make up embedded systems, students learn how interfaces such as SPI, I2C, JTAG, SWD work while developing tools to interface with these protocols. All hardware is provided for this course, and all software tools are kept by the students upon completion of the course.


2022 Public Offerings

Use the links below to register for a public training. Public offerings are taught remotely via Discord.


Looking for a private offering? Remote and onsite options are available for groups of five or more, reach out to us at contact [at] voidstarsec [dot] com for more information!



Course Objectives

After participating in this course, students will have experience with:

  • Non-Invasive hardware analysis (component identification, etc)
  • Tracing and identifying points of interest on PCBs
  • Extracting firmware over multiple interfaces
  • Unpacking / analyzing binary blobs
  • Attacking hardware debuggers (JTAG,ETC)
  • Modifying, repacking and reflashing firmware
Students will learn how to augment existing tools to work around problems that may arise when extracting firmware.

Labs include how to extract SPI/I2C based flash chips, discover and gain access to consoles using UART, and identify, enumerate and actuate hardware level debuggers such as JTAG and SWD.

All exercises and laboratories are performed using open source tooling on a Raspberry Pi. The Raspberry Pi will be used to attack and exploit all of the targets included in the kit. The tools and techniques used throughout the course were chosen specifically due to their portability across various hardware platforms.


Course Structure

This course includes multiple modules, one for each protocol of interest. For each module, we will perform the following:

  • Protocol Overview and Analysis
  • Understanding and Reviewing Captured Protocol Traffic
  • Protocol Analysis from a Reverse Engineering Perspective
  • Tools for Reverse Engineering Specific Protocols
  • Practical Attacks and Applications on Provided Targets
After each protocol module, a target analysis will be performed to reinforce what was learned in the analysis segment. Using this knowledge, students will perform hardware attacks on the targets included in their kits.


Course Modules


Hardware Targets

Students will receive hardware kit including:

  • Raspberry Pi 4, USBC Cable, Power Supply
  • Travel Router (Target 1)
  • Game Cabinet (Target 2)
  • Game Console Controller (Target 3)
  • SSD and USB Adapter
  • Breadboard, Logic Level Shfter, Jumper Wires
  • Multimeter
  • Logic Analyzer
  • SOP8 Clip (For flash extraction)
  • SPI EEPROM, I2C EEPROM

Cinque Terre

Requirements

This course is targeted towards security researchers who want to learn more about the process of firmware extraction and embedded systems analysis. Students should be familiar with the Linux command line, and be comfortable with a scripting language such as python. C experience is also useful but not required

Interfacing with the Raspberry Pi requires an available USB port. A virtual machine is also provided to automate the configuration of the Raspberry Pi. Students should be able to load and run virtual machines if they are not comfortable installing Pulseview and configuring an ethernet interface on their host machine.


Private Offerings

This course can be offered privately (remote or onsite) for groups of five or more students. If you are interested in a private offering of this course please contact us for more information.