𝔖 Scriptorium
✦   LIBER   ✦
📁

Practical Hardware Pentesting

✍ Scribed by Jean-Georges Valle

Publisher
Packt Publishing
Year
2021
Tongue
English
Leaves
382
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Explore embedded systems pentesting by applying the most common attack techniques and patterns
Key Features

Learn various pentesting tools and techniques to attack and secure your hardware infrastructure
Find the glitches in your hardware that can be a possible entry point for attacks
Discover best practices for securely designing products

Book Description

Hardware pentesting involves leveraging hardware interfaces and communication channels to find vulnerabilities in a device. Practical Hardware Pentesting will help you to plan attacks, hack your embedded devices, and secure the hardware infrastructure.

Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You will start by setting up your lab from scratch and then gradually work with an advanced hardware lab. The book will help you get to grips with the global architecture of an embedded system and sniff on-board traffic. You will also learn how to identify and formalize threats to the embedded system and understand its relationship with its ecosystem. Later, you will discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. Finally, focusing on the reverse engineering process from an attacker point of view will allow you to understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors.

By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.
What you will learn

Perform an embedded system test and identify security critical functionalities
Locate critical security components and buses and learn how to attack them Discover how to dump and modify stored information
Understand and exploit the relationship between the firmware and hardware
Identify and attack the security functions supported by the functional blocks of the device
Develop an attack lab to support advanced device analysis and attacks

Who this book is for

This book is for security professionals and researchers who want to get started with hardware security assessment but don't know where to start. Electrical engineers who want to understand how their devices can be attacked and how to protect against these attacks will also find this book useful.
Table of Contents

Setting Up Your Pentesting Lab and Ensuring Lab Safety
Understanding Your Target
Identifying the Components of Your Target
Approaching and Planning the Test
Our Main Attack Platform
Sniffing and Attacking the Most Common Protocols
Extracting and Manipulating Onboard Storage
Attacking Wi-Fi, Bluetooth, and BLE
Software-Defined Radio Attacks
Accessing the Debug Interfaces
Static Reverse Engineering and Analysis
Dynamic Reverse Engineering
Scoring and Reporting Your Vulnerabilities
Wrapping It Up – Mitigations and Good Practices

✦ Table of Contents

Cover
Copyright
Contributors
Table of Contents
Preface
Section 1: Getting to Know the Hardware
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Prerequisites – the basics you will need
Languages
Hardware-related skills
System configuration
Setting up a general lab
Safety
Approach to buying test equipment
Home lab versus company lab
Approaching instrument selection
What to buy, what it does, and when to buy it
Small tools and equipment
Renting versus buying
The component pantry
The pantry itself
The stock
Sample labs
Beginner
Amateur
Pro
Summary
Questions
Chapter 2: Understanding Your Target
The CPU block
CPU roles
Common embedded systems architectures
The storage block
RAM
Program storage
Storing data
The power block
The power block from a pentesting point of view
The networking blocks
Common networking protocols in embedded systems
The sensor blocks
Analog sensors
Digital sensors
The actuator blocks
The interface blocks
Summary
Questions
Further reading
Chapter 3: Identifying the Components of Your Target
Technical requirements
Harvesting information – reading the manual
Taking a system analysis approach
For our Furby manual
Harvesting information — researching on the internet
For the Furby
Starting the system diagram
For our Furby
Continuing system exploration – identifying and putting components in the diagram
Opening the Furby
Manipulating the system
Dismantling the Furby
Identifying chips
Chips in the Furby
Identifying unmarked/mysterious chips
Furby — the mystery meat
The borders of functional blocks
Summary
Questions
Chapter 4: Approaching and Planning the Test
The STRIDE methodology
Finding the crown jewels in the assessed system
Security properties – what do we expect?
Communication
Maintenance
System integrity and self-testing
Protection of secrets or security elements
Reaching the crown jewels – how do we create impacts?
STRIDE through the components to compromise properties
For the example system – the Furby
Planning the test
Balancing your scenarios
Summary
Questions
Further reading
Section 2: Attacking the Hardware
Chapter 5: Our Main Attack Platform
Technical requirements
Introduction to the bluepill board
A board to do what?
What is it?
Why C and not Arduino?
The documentation
Memory-projected registers
The toolchain
The compilation process
Driving the compilation
Flashing the chip
Putting it into practice for the bluepill
Introduction to C
Operators
Types
The dreaded pointer
Preprocessor directives
Functions
Summary
Questions
Further reading
Chapter 6: Sniffing and Attacking the Most Common Protocols
Technical requirements
Hardware
Understanding I2C
Mode of operation
Sniffing I2C
Injecting I2C
I2C man in the middle
Understanding SPI
Mode of operation
Sniffing SPI
Injecting SPI
SPI – man in the middle
Understanding UART
Mode of operation
Sniffing UART
Injecting UART
UART – man in the middle
Understanding D1W
Mode of operation
Sniffing D1W
Injecting D1W
D1W – man in the middle
Summary
Questions
Chapter 7: Extracting and Manipulating Onboard Storage
Technical requirements
Finding the data
EEPROMs
EMMC and NAND/NOR Flash
Hard drives, SSDs, and other storage mediums 
Extracting the data
On-chip firmware
Onboard storage – specific interfaces
Onboard storage – common interfaces
Understanding unknown storage structures
Unknown storage formats
Well-known storage formats
Let's look for storage in our Furby
Mounting filesystems
Repacking
Summary
Questions
Further reading
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Technical requirements
Basics of networking 
Networking in embedded systems using Wi-Fi
Selecting Wi-Fi hardware
Creating our access point
Creating the access point and the basic network services
Networking in embedded systems using Bluetooth
Bluetooth basics
Discovering Bluetooth
Native Linux Bluetooth tools – looking into the joystick crash
Sniffing the BT activity on your host
Sniffing raw BT
BLE 
Summary
Questions
Chapter 9: Software-Defined Radio Attacks
Technical requirements
Introduction to arbitrary radio/SDR
Understanding and selecting the hardware
Looking into a radio device
Receiving the signal – a look at antennas
Looking into the radio spectrum
Finding back the data
Identifying modulations – a didactic example
AM/ASK
FM/FSK
PM/PSK
MSK
Getting back to our signal
Demodulating the signal
Clock Recovery MM
WPCR
Sending it back
Summary
Questions
Section 3: Attacking the Software
Chapter 10: Accessing the Debug Interfaces
Technical requirements
Debugging/programming protocols – What are they and what are they used for?
Legitimate usage
Using JTAG to attack a system
Finding the pins
The PCB "plays nicely"
A bit harder
Very hard – JTAGulating
Using OpenOCD
Installing OpenOCD
The adapter file
The target file
Practical case
Summary
Questions
Chapter 11: Static Reverse Engineering and Analysis
Technical requirements
Executable formats
Understanding operating system formats
Dump formats and memory images
Dump structure – the bluepill as an example
Analyzing firmware – introduction to Ghidra
Getting to know Ghidra with a very simple ARM Linux executable
Going into second gear – Ghidra on raw binaries for the STM32
First identification pass
Reversing our target function
Summary
Questions
Chapter 12: Dynamic Reverse Engineering
Technical requirements
What is dynamic reverse engineering and why do it?
Leveraging OpenOCD and GDB
GDB? But... I know nothing about it!
Understanding ARM assembly – a primer
General information and syntax
Exploring the most useful ARM instructions
Using dynamic reverse engineering – an example 
First Ghidra inspection
Reversing the expected password
Of course, I aced the test
Summary
Questions
Chapter 13: Scoring and Reporting Your Vulnerabilities
Scoring your vulnerabilities
Being understandable to everyone
Building your report template
Usage of language in a report
Report quality
When engineers do not want to re-engineer
Summary
Questions
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Industry good practices – what are they and where to find them
OWASP IoT top 10
The CIS benchmarks
NIST hardware security guidelines
Common problems and their mitigations
Establishing a trust relationship between the backend and a device
Storing secrets and confidential data
Cryptographic applications in sensitive applications
JTAG, bootloaders, and serial/UART interfaces
What about now? Self-teaching and your first project
Closing words
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Other Books You May Enjoy
Index

📜 SIMILAR VOLUMES

Practical Hardware Pentesting, 2nd editi
📁 Practical Hardware Pentesting, 2nd edition (Early Release)
✍ JeanGeorges Valle 📂 Library 📅 2024 🏛 Packt Publishing 🌐 English

Practical Hardware Pentesting Second Edition is an example-driven guide that will help you plan attacks hack your embedded devices and secure the hardware infrastructure. Throughout the book you ll explore the functional and security aspects of a device and learn how a system senses and communicate

Practical Hardware Pentesting - A Guide
📁 Practical Hardware Pentesting - A Guide to Attacking Embedded Systems and Protecting Them Against the Most Common Hardware Attacks
✍ Jean-Georges Valle 📂 Library 📅 2021 🏛 Packt Publishing 🌐 English

Explore embedded systems pentesting by applying the most common attack techniques and patterns. Key Features: - Learn various pentesting tools and techniques to attack and secure your hardware infrastructure. - Find the glitches in your hardware that can be a possible entry point for attacks.

Hardware u. Security: Werkzeuge, Pentest
📁 Hardware u. Security: Werkzeuge, Pentesting, Prävention
✍ Tobias Scheible 📂 Library 📅 2022 🏛 Rheinwerk Verlag GmbH 🌐 German

Manipulierte USB-Sticks, unscheinbare Keylogger, falsche Access-Points -- die Gefahren für Ihre IT-Infrastruktur beschränken sich nicht auf Attacken von Viren und Trojanern. Dieses Handbuch zeigt Ihnen, wie Sie Ihre Rechnersysteme und Netzwerke umfassend vor Hardware-Angriffen schützen. Sorgen Sie p

CompTIA PenTest+ Practice Tests
📁 CompTIA PenTest+ Practice Tests
✍ Crystal Panek; Robb Tracy 📂 Library 📅 2019 🌐 English

<p><b>The must-have test prep for the new CompTIA PenTest+ certification</b></p> <p>CompTIA PenTest+ is an intermediate-level cybersecurity certification that assesses second-generation penetration testing, vulnerability assessment, and vulnerability-management skills. These cognitive and hands-on s

Hardware-dependent Software: Principles
📁 Hardware-dependent Software: Principles and Practice
✍ Wolfgang Ecker, Wolfgang Müller, Rainer Dömer 📂 Library 📅 2009 🏛 Springer 🌐 English

Despite its importance, the role of HdS is most often underestimated and the topic is not well represented in literature and education. To address this, Hardware-dependent Software brings together experts from different HdS areas. By providing a comprehensive overview of general HdS principles, tool