CanSecWest: Security Masters Dojo Vancouver
Applied Hardware Attacks: Hardware Implants
Register for March 18-19, 2019 (2-day Course)
Instructor(s):
Joseph FitzPatrick
Description
Hardware-based Evil Maid, Interdiction, and other attacks sound fancy and exotic. They might make headlines, but many of the techniques are accessible to hobbyists.. They may not be as small as a grain of rice, but in this two-day course you’ll combine hardware hacking with rapid prototyping to build real custom hardware implants.
In the span of two days, you will design, build, and program:
- a hardware man-in-the-middle device
- a wireless 'tap' for a wired hardware protocol
- a standalone hardware protocol payload delivery device
This class builds upon the previous Applied Hardware Attacks classes, combining the hardware hacking basics and the rapid prototyping skills into one end product. Combining this course with either Applied Hardware Attacks 1: Embedded Systems or Applied Hardware Attacks 3: Rapid prototyping should help you fill in any background you need.
Key Learning Outcomes:
- End-to-end experience building a malicious hardware device
- Realization of the flexibility and impact a hardware implant can have
- Understanding of how easy it really is to build these devices.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Course Outline
This course is still in development. The format will be less linear than my other classes.
We’ll start off by introducing four cases. Individually or in groups, you will be guided through the process of:
- Identifying the target and measure it mechanically and electrically
- Designing the circuit to interface with the protocol
- Laying out and milling a PCB to help them interface
- Designing and printing an enclosure/jig for the implant
- Coding the microcontroller to perform the malicious action
- Testing and demonstrate the result.
There should be sufficient time to complete 2 of the test cases within the class time, possibly more depending on prior background. In the unlikely even that all the prototyping equipment fails, reference designs will be available.
The case studies are still in development but will likely be:
- UART MITM to filter traffic
- JTAG-based implant that plays back a stored payload
- Remotely-triggered I/O override
- Malicious USB Cables (if feasible with the limited manufacturing precision available on-site)
Who Should Take This Course:
This course is specifically geared towards attendees who have some hardware hacking under their belt plus familiarity with rapid prototyping techniques.
Pre-requisites:
This two-day course assumes some experience:
- An introductory hardware hacking course (Joe Grand's Hardware Hacking Basics, Applied H ardware Attacks: Embedded Systems) or similar knowledge
- Soldering experience is beneficial but not required - we'll be able to help, but won't have time to teach how to solder
- Practice poking around a few hardware devices on your own
- Completion of the Applied Hardware Attacks: Rapid prototyping or similar experience:
- PCB layout using KiCad or Eagle.
- Electrically interfacing to various busses
- Coding microcontrollers in C