Jtag/Serial/Flash/Pcb Embedded Reverse Engineering Tools And Techniques

No ratings

Presented at Berlinsides 2010 by

Nathan Fain

berlinsides.org

a dump of simple tools for embedded analysis at many layers Description: Bring your target. Will release a slew of simple tools that explore attack surfaces and explain of how to use: jtag/serial scanners, parallel flash dumper, DePCB board routing analysis. So, crossover from software RE and start hacking/improving like its 1996 again. --- TOOLS DISCUSSED: -- [Serial Scanner] Arduino based, will scan 30+ pins for a Serial Port at any baudrate. Includes stimulating lines with wakeup signals ( ,etc). -- [JTAGenum] Arduino based, will scan 30+ pins for a JTAG port. Once found can be used to scan for undocumented instructions and functionality. -- [Parallel FLASH Dumper] Arduino based, dumps FLASH memory. Flash programmers can be expensive or distribution restricted. Includes discussion for how to dump FLASH where public documentation/footprint cannot be found. -- [DePCB] (in progress) Given images of PCB layers, can be used to auto-route IC interconnects. Research in-progress. Based on DeGate which does the same at the transistor level of IC's.