This blog has permanently moved to

Contact Form | Email Address

© 2018 All rights reserved by Boseji

Thank you for all your support.

Saturday, January 8, 2011

Art of Reverse Embedded Engineering: 27C3 Chaos Communications Congress

We came across the proceedings of the 27C3 Chaos Communications Congress held at Berlin Germany; which can easily be considered at the heaven for the Hackers. Innovators Nathan Fain and Vadik presented their topic JTAG/Serial/FLASH/PCB Embedded Reverse Engineering Tools and Techniques.

Its of for-most importance to any one looking out to modify and alter the functionality of the Embedded devices. This also helps to understand what is called as the "Leaky Abstractions" which applies to security flaws seen in software and hardware alike.
The presenters here discuss about various types of techniques that can be used to find the debug interfaces such as Serial (UARTs), JTAG and also reprogramming of the Flash. They also dive into some of the intuitive techniques that are used by Hardware hackers to find out missing parts that can help enhance functionality and alter the use for Artistic purposes. And guess what we go gaga about Arduino again. Its simple and most used in all the presentation. With some minor alternations the Arduino becomes the hacker tool to reverse engineer the hardware. In specific one of the clones used is Teensy++ which is Modified for 3.3V to be used for the sniffing purpose. A great big cache of know how and lots of exciting finds have a look at the links.
To find the Presented material at the Conference here is Link:
The Detailed Wiki page containg explanation of the Hacks used is given in following Link:

Some of the Important Tools:
1. RS232enum is a Arduino based program that can be used to scan and find serial on 30+ pins, vias (through-holes) and pads. Load the sketch onto Arduino and then open a serial console at 115200 buad to interface to this tool.
2. JTAGenum (code, further documentation) can be used to find JTAG amongst a set of 30+ pins, vias or pads. The standard JTAG instructions (IDCODE, BYPASS) are used to scan for pins.
3. Parallel Flash Dumper used to extract the entire Hex code from a given Flash chip through CFI. The hardware is quite simple and made by breadboarding some shift registers drawn in Fritzing.
4. DePCB an PCB reverse engineering tool that is used to make a net list of the given PCB with the available images. Its presently available only for 2 layers but the team has a plan using Heat Signatures to make it for multiple layers.

Apart from this there is lots of info on the wiki page for you to ponder on and gain access to your own next embedded device. Best of luck Hacking !!

1 comment:

  1. This is a nice informational posting about embedded training and courses. Thanks for sharing this important post with us. Keep it on...

    Visit here for best Embedded Engineering Course at affordable way.