This presentation walks through the reverse-engineering and exploitation of a hardened embedded device and provides certain techniques you can use to exploit similar devices. As MSP430 devices become more common, it is slowly becoming the norm to encounter devices in production with blown JTAG fuses. Previously, this was a significant hurdle. In 2008, Goodspeed described several attacks against the MSP's BSL (bootstrap loader). This presentation will review those attacks and describe the challenges facing a researcher attempting to perform them. This presentation will demonstrate how to reliably perform successful firmware extraction on a MSP430 with a blown JTAG fuse. Additionally, the presentation will cover what you might see while reverse-engineering MSP430 firmware. Finally, it will describe a software-only attack that uses a feature of BSL to extract sensitive data from RAM. Braden is currently a senior research scientist at Accuvant, focusing on embedded research in the AMI and medical device industries. Prior to Accuvant, he worked as a Product Security Engineer at Apple for 6 years. At Apple, Braden focused on drastically increasing the internal fuzzing throughput and coverage, as well as performing proactive security reviews for many high-profile features.