This week I had the privilege of taking the Introduction to Hardware Hacking training at DerbyCon 2013. The class was taught by Josh Thomas, Kevin Finisterre, and Nathan Keltner. Over two days the training covered topics such as setting up a home lab, EE basics, soldering techniques, JTAG basics with GoodFet, firmware analysis, performing logic analysis, and defeating hardware protections.
The first day we were given the hardware that we would be hacking. The LeapFrom LeapsterGS was selected, a popular kids educational gaming platform. This target platform was a great example of a hardware hacking application that could apply to many different devices. As we found out in the class labs, the device is using an embedded Linux operating system and common chip sets.
After examining the circuit boards and performing logic analysis on the board, we located some places we should try to solder some pins to see if we could get any information. These pins would then lead you into a root shell using UART. Once we had root shell access to the device, the options quickly became endless. We were able to utilize Ethernet over USB which, once enabled and configured,allowed the use of telnet and ftp to interact with the device.
Much like a lot of issues found on devices in SCADA, this device had some of the developer tools enabled which allowed further root access. In this case the Linux operating system had commands such as lsof and strings still loaded into the device. When it comes down to the functionality of devices in general, any unnecessary functions or programs should be be disabled and removed to prevent larger attack surfaces presented to those looking to dig deeper. This approach would prevent some of the basic attacks that were shown as examples within the training.
DerbyCon is a great security conference that is held in Louisville Kentucky that draws highly technical talks from industry experts from around the world. Training courses ran from September 25th and 26th, while the conference proper is September 27th – 29th. For more information on what topics are being presented this year, or the schedule of talks visit their website here. I will be tweeting from the conference, so you can watch for #derbycon tweets on the Digital Bond webpage or directly on my twitter account @sjhilt.