JAVIER VAZQUEZ VIDAL &

HENRIK FERDINAND NLSCHER

HARDWEAR (HTTP://HARDWEAR.IO)
JAVIER VAZQUEZ VIDAL & HENRIK FERDINAND NLSCHER

Trainer Name: JavierVazquez

Vidal & Henrik Ferdinand Nlscher
Title:Low level Hardware reversing
Duration: 2days
Dates: 29th to 30th Sept
Objective
This training is oriented for those
who have from little to no
knowledge on how a system can
be reversed on a hardware level.
To fully understand an embedded system, you must first know how it works on a physical level.
The objective of this training is to provide the attendees a starting point on pure and low-level hardware
hacking.
There will be no IDA, no file systems to be mounted, so just digital signals, protocols, and some hex file
dumping, which are the core of every embedded system.
On the other hand, there will be exercises to practice the acquired skills, by attacking an arduino-based
victim board.
After successfully completing this training, the attendees will be able to find basic attack vectors on the
physical layer of an embedded system.

COURSE OUTLINE

COURSE OUTLINE
Day 1
Module 1: Communication protocols
Why are these protocols important?
Serial
SPI
I2C
Module 2: The logic Analyzer
What is a logic analyzer?
How can it be used to reverse a system?
Decoding protocols with the LA
Module 3: Different types of low-density memories
Flash and EEPROM
Communication protocols used
How they are used on embedded systems
Day 2
Module 4: How to dump and modify the memories, and existing types of protections.
Getting to know your IC before removing it
Using the soldering iron to remove and resolder a memory IC
Using the hot air station to remove and resolder a memory IC
Checking for protections against modification
Module 5: How to effectively look for backdoors on systems (other than uart shells)
Basics of embedded system behaviour
Production backdoors
Retail product backdoors
Prerequisites
Knowledge of basic digital electronics is an advantage.
Basic skills with soldering iron is an advantage.
Basic experience with Arduino is an advantage.

What to Bring?
Laptop
Win7 OS as host or VM.
Winhex (licensed or demo).
Latest Arduino IDE installed
Saleae Logic Analizer (any model)
Latest Saleae Beta software installed (http://support.saleae.com/hc/en-us/articles/201589175
(http://support.saleae.com/hc/en-us/articles/201589175))
5 GB of free space mimimum
4 GB RAM minimum
Mouse is recommended

What to expect?
Learning how do components work and communicate on low level
Understand how an embedded system works
Perform basic reversing exercises which will be useful in the real world
What not to expect?
Becoming a hardware hacker in two days
Decaff coffee
Disappointment

ABOUT THE TRAINERS

JAVIER VAZQUEZ VIDAL
Javier Vazquez Vidal is passionate about technology and specializes in hardware and embedded
systems security. He studied Electromechanics and Telecommunications, developing a passion for
electronics and technology since his youth. He has been part of several projects that involved wellknown hardware, but his first public work was released at Black Hat Arsenal USA 2013, the ECU tool. He
also presented the CHT at Black Hat Asia 2014, a tool to take over the CAN network, and shown how a
smart meter can be fully compromised at BlackHat Europe 2014. He is currently working as a IT
Engineer, and has worked for companies such as Airbus Military and Visteon.

HENRIK FERDINAND NLSCHER

Ever since I was young, I am very passionate about information security and hardware security is a big
field of interest for me. I am 20 years old and Ive been working in information security for several years
now. Im currently studying computer science.
In the past, Ive been working with Javier in numerous CarIT projects and thus gained a lot of knowledge
on how to assess the security of embedded platforms. I did vulnerability research and developed
multiple tools assisting in vulnerability discovery and management for a big international manufacturer
in Germany. Im currently employed as a student at Code White.

(https://www.facebook.com/hardwear.io)
(https://twitter.com/hardwear_io)