The Hardware Hacking Handbook. Breaking Embedded Security With Hardware Attacks

Title Page
Copyright
Dedication
About the Authors
Foreword
Acknowledgments
Introduction
	What Embedded Devices Look Like
	Ways of Hacking Embedded Devices
	What Does Hardware Attack Mean?
	Who Should Read This Book?
	About This Book
Chapter 1: Dental Hygiene: Introduction to Embedded Security
	Hardware Components
	Software Components
		Initial Boot Code
		Bootloader
		Trusted Execution Environment OS and Trusted Applications
		Firmware Images
		Main Operating System Kernel and Applications
	Hardware Threat Modeling
		What Is Security?
		The Attack Tree
	Profiling the Attackers
	Types of Attacks
		Software Attacks on Hardware
		PCB-Level Attacks
		Logical Attacks
		Noninvasive Attacks
		Chip-Invasive Attacks
	Assets and Security Objectives
		Confidentiality and Integrity of Binary Code
		Confidentiality and Integrity of Keys
		Remote Boot Attestation
		Confidentiality and Integrity of Personally Identifiable Information
		Sensor Data Integrity and Confidentiality
		Content Confidentiality Protection
		Safety and Resilience
	Countermeasures
		Protect
		Detect
		Respond
	An Attack Tree Example
		Identification vs. Exploitation
		Scalability
		Analyzing the Attack Tree
		Scoring Hardware Attack Paths
	Disclosing Security Issues
	Summary
Chapter 2: Reaching Out, Touching Me, Touching You: Hardware Peripheral Interfaces
	Electricity Basics
		Voltage
		Current
		Resistance
		Ohm’s Law
		AC/DC
		Picking Apart Resistance
		Power
	Interface with Electricity
		Logic Levels
		High Impedance, Pullups, and Pulldowns
		Push-Pull vs. Tristate vs. Open Collector or Open Drain
		Asynchronous vs. Synchronous vs. Embedded Clock
		Differential Signaling
	Low-Speed Serial Interfaces
		Universal Asynchronous Receiver/Transmitter Serial
		Serial Peripheral Interface
		Inter-IC Interface
		Secure Digital Input/Output and Embedded Multimedia Cards
		CAN Bus
		JTAG and Other Debugging Interfaces
	Parallel Interfaces
		Memory Interfaces
	High-Speed Serial Interfaces
		Universal Serial Bus
		PCI Express
		Ethernet
	Measurement
		Multimeter: Volt
		Multimeter: Continuity
		Digital Oscilloscope
		Logic Analyzer
	Summary
Chapter 3: Casing the Joint: Identifying Components and Gathering Information
	Information Gathering
		Federal Communications Commission Filings
		Patents
		Datasheets and Schematics
		Information Search Example: The USB Armory Device
	Opening the Case
		Identifying ICs on the Board
		Small Leaded Packages: SOIC, SOP, and QFP
		No-Lead Packages: SO and QFN
		Ball Grid Array
		Chip Scale Packaging
		DIP, Through-Hole, and Others
	Sample IC Packages on PCBs
		Identifying Other Components on the Board
	Mapping the PCB
		Using the JTAG Boundary Scan for Mapping
	Information Extraction from the Firmware
		Obtaining the Firmware Image
		Analyzing the Firmware Image
	Summary
Chapter 4: Bull in a Porcelain Shop: Introducing Fault Injection
	Faulting Security Mechanisms
		Circumventing Firmware Signature Verification
		Gaining Access to Locked Functionality
		Recovering Cryptographic Keys
	An Exercise in OpenSSH Fault Injection
		Injecting Faults into C Code
		Injecting Faults into Machine Code
	Fault Injection Bull
		Target Device and Fault Goal
		Fault Injector Tools
		Target Preparation and Control
	Fault Searching Methods
		Discovering Fault Primitives
		Searching for Effective Faults
		Search Strategies
		Analyzing Results
	Summary
Chapter 5: Don’t Lick the Probe: How to Inject Faults
	Clock Fault Injection
		Metastability
		Fault Sensitivity Analysis
		Limitations
		Required Hardware
		Clock Fault Injection Parameters
	Voltage Fault Injection
		Generating Voltage Glitches
		Building a Switching-Based Injector
		Crowbar Injected Faults
		Raspberry Pi Fault Attack with a Crowbar
		Voltage Fault Injection Search Parameters
	Electromagnetic Fault Injection
		Generating Electromagnetic Faults
		Architectures for Electromagnetic Fault Injection
		EMFI Pulse Shapes and Widths
		Search Parameters for Electromagnetic Fault Injection
	Optical Fault Injection
		Chip Preparation
		Front-Side and Back-Side Attacks
		Light Sources
		Optical Fault Injection Setup
		Optical Fault Injection Configurable Parameters
	Body Biasing Injection
		Parameters for Body Biasing Injection
	Triggering Hardware Faults
		Working with Unpredictable Target Timing
	Summary
Chapter 6: Bench Time: Fault Injection Lab
	Act 1: A Simple Loop
		A BBQ Lighter of Pain
	Act 2: Inserting Useful Glitches
		Crowbar Glitching to Fault a Configuration Word
		Mux Fault Injection
	Act 3: Differential Fault Analysis
		A Bit of RSA Math
		Getting a Correct Signature from the Target
	Summary
Chapter 7: X Marks the Spot: Trezor One Wallet Memory Dump
	Trezor One Wallet Internals
	USB Read Request Faulting
	Disassembling Code
	Building Firmware and Validating the Glitch
	USB Triggering and Timing
	Glitching Through the Case
		Setting Up
		Reviewing the Code for Fault Injection
		Running the Code
		Confirming a Dump
		Fine-Tuning the EM Pulse
		Tuning Timing Based on USB Messages
	Summary
Chapter 8: I’ve Got the Power: Introduction to Power Analysis
	Timing Attacks
		Hard Drive Timing Attack
		Power Measurements for Timing Attacks
	Simple Power Analysis
		Applying SPA to RSA
		Applying SPA to RSA, Redux
		SPA on ECDSA
	Summary
Chapter 9: Bench Time: Simple Power Analysis
	The Home Lab
		Building a Basic Hardware Setup
		Buying a Setup
		Preparing the Target Code
		Building the Setup
	Pulling It Together: An SPA Attack
		Preparing the Target
		Preparing the Oscilloscope
		Analysis of the Signal
		Scripting the Communication and Analysis
		Scripting the Attack
	ChipWhisperer-Nano Example
		Building and Loading Firmware
		A First Glance at the Communication
		Capturing a Trace
		From Trace to Attack
	Summary
Chapter 10: Splitting the Difference: Differential Power Analysis
	Inside the Microcontroller
		Changing the Voltage on a Capacitor
		From Power to Data and Back
	Sexy XORy Example
	Differential Power Analysis Attack
		Predicting Power Consumption Using a Leakage Assumption
		A DPA Attack in Python
	Know Thy Enemy: An Advanced Encryption Standard Crash Course
		Attacking AES-128 Using DPA
	Correlation Power Analysis Attack
		Correlation Coefficient
		Attacking AES-128 Using CPA
		Communicating with a Target Device
		Oscilloscope Capture Speed
	Summary
Chapter 11: Gettin’ Nerdy with It: Advanced Power Analysis
	The Main Obstacles
		More Powerful Attacks
	Measuring Success
		Success Rate–Based Metrics
		Entropy-Based Metrics
		Correlation Peak Progression
		Correlation Peak Height
	Measurements on Real Devices
		Device Operation
		The Measurement Probe
		Determining Sensitive Nets
		Automated Probe Scanning
		Oscilloscope Setup
	Trace Set Analysis and Processing
		Analysis Techniques
		Processing Techniques
		Deep Learning Using Convolutional Neural Networks
	Summary
Chapter 12: Bench Time: Differential Power Analysis
	Bootloader Background
		Bootloader Communications Protocol
		Details of AES-256 CBC
		Attacking AES-256
	Obtaining and Building the Bootloader Code
	Running the Target and Capturing Traces
		Calculating the CRC
		Communicating with the Bootloader
		Capturing Overview Traces
		Capturing Detailed Traces
	Analysis
		Round 14 Key
		Round 13 Key
	Recovering the IV
		What to Capture
		Getting the First Trace
		Getting the Rest of the Traces
		Analysis
	Attacking the Signature
		Attack Theory
		Power Traces
		Analysis
		All Four Bytes
	Peeping at the Bootloader Source Code
		Timing of Signature Check
	Summary
Chapter 13: No Kiddin’: Real-Life Examples
	Fault Injection Attacks
		PlayStation 3 Hypervisor
		Xbox 360
	Power Analysis Attacks
		Philips Hue Attack
	Summary
Chapter 14: Think of the Children: Countermeasures, Certifications, and Goodbytes
	Countermeasures
		Implementing Countermeasures
		Verifying Countermeasures
	Industry Certifications
	Getting Better
	Summary
Appendix A: Maxing Out Your Credit Card: Setting Up a Test Lab
	Checking Connectivity and Voltages: $50 to $500
	Fine-Pitch Soldering: $50 to $1,500
	Desoldering Through-Hole: $30 to $500
	Soldering and Desoldering Surface Mount Devices: $100 to $500
	Modifying PCBs: $5 to $700
	Optical Microscopes: $200 to $2,000
	Photographing Boards: $50 to $2,000
	Powering Targets: $10 to $1,000
	Viewing Analog Waveforms (Oscilloscopes): $300 to $25,000
		Memory Depth
		Sample Rate
		Bandwidth
		Other Features
	Viewing Logic Waveforms: $300 to $8,000
	Triggering on Serial Buses: $300 to $8,000
	Decoding Serial Protocols: $50 to $8,000
	CAN Bus Sniffing and Triggering: $50 to $5,000
	Ethernet Sniffing: $50
	Interacting Through JTAG: $20 to $10,000
		General JTAG and Boundary Scan
		JTAG Debug
	PCIe Communication: $100 to $1,000
	USB Sniffing: $100 to $6,000
	USB Triggering: $250 to $6,000
	USB Emulation: $100
	SPI Flash Connections: $25 to $1,000
	Power Analysis Measurements: $300 to $50,000
	Triggering on Analog Waveforms: $3,800+
	Measuring Magnetic Fields: $25 to $10,000
	Clock Fault Injection: $100 to $30,000
	Voltage Fault Injection: $25 to $30,000
	Electromagnetic Fault Injection: $100 to $50,000
	Optical Fault Injection: $1,000 to $250,000
	Positioning Probes: $100 to $50,000
	Target Devices: $10 to $10,000
Appendix B: All Your Base Are Belong to Us: Popular Pinouts
	SPI Flash Pinout
	0.1-Inch Headers
		20-Pin Arm JTAG
		14-Pin PowerPC JTAG
	0.05-Inch Headers
		Arm Cortex JTAG/SWD
		Ember Packet Trace Port Connector
Index