Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
wrongbaud Profile picture
wrongbaud
@wrongbaud
Cars, Bikes, Coffee and Embedded Systems Security | Founder @voidstarsec Training and Consulting https://t.co/0ib8fK31Ib https://t.co/YzN9K2LaST

Aug 13, 2024, 17 tweets

Looking to get started with hardware hacking after DefCon? Here are a few blogs to get you started! 🧵

The first question I get is: "What tools to we need to build a hardware hacking lab?" - we've got you covered here with a wiki outlining common tools and their use cases:

voidstarsec.wiki

If you have a @Raspberry_Pi 4/5 handy - we've written a guide on how to configure it for common hardware hacking needs:

voidstarsec.com/blog/pifex-con…

@Raspberry_Pi Here is an example of how to use a Raspberry Pi to interface with an undocumented JTAG TAP:

voidstarsec.com/blog/jtag-pifex

If you want to learn more about JTAG, check out this other blog that I wrote covering how JTAG works at a low level:

wrongbaud.github.io/posts/jtag-hdd/

If you want a more interractive guide to how to use JTAG and SWD as a reverse engineer, check out this hack chat that I did in 2020:

If you're looking to learn more about UART, UBoot and how to use both of these to extract firmware, check out this blog post where we extract the firmware from an arcade cabinet:

voidstarsec.com/blog/uart-uboo…

If you want to learn more about fault injection - check out our blog post here:

voidstarsec.com/blog/replicant…

Taking fault injection a step further - here are some resources to learn about electromagnetic fault injection ⚡️⚡️⚡️

voidstarsec.com/csw-2024/

Another common question I get is - "Where do I find devices to learn more about this?"

Start by looking for anything with a screen in the toy aisle! Here is an old post about extracting SPI flash from an arcade cabinet:

wrongbaud.github.io/posts/BasicFUN…

Now that we have the flash extracted, what do we do with it? Here is a follow up post talking about patterns to look for in bare-metal firmware dumps and working with esoteric processors:

wrongbaud.github.io/posts/BasicFUN…

Maybe your firmware image is more complex, or you're interested in reverse engineering more standard target binaries - we've got a free Ghidra course here to get you started!

wrongbaud.github.io/posts/ghidra-t…

Dang ... my processor isn't currently supported in Ghidra, or maybe it does not have a proper loader! Not to fear, adding memory maps and processor specific peripherals can be done pretty easily:

wrongbaud.github.io/posts/writing-…

Next, perhaps you're looking at a complex function and you'd like to debug it or step through it - Ghidra's PCode emulation is a great place to start when learning how your target binaries work:

wrongbaud.github.io/posts/kong-vs-…

Looking for a group of folks who love hardware hacking? Check out the @voidstarsec Discord server:

discord.gg/dmJKSctYkb

@voidstarsec Stay up to date with our latest research and blog posts by signing up for our mailing list here:

eepurl.com/hSl31f

Finally, if you or your organization is interested in a formal onsite training about hardware hacking and reverse engineering, check out our course here:

voidstarsec.com/training

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling