Here on Hackaday, we regularly cover wonderful informative articles on different areas of hardware hacking, and we even have our own university with courses that delve into the topics one by one. I’ve had my own share of hardware that I’ve learned the theory and practicalities of over the years I’ve hacked – as it is, for over thirteen years. When such material was not available on a particular topic, I would scour hundreds of forum pages for details on a specific topic, or spend hours wrestling with a complexity that everyone took for granted. .
Today I’d like to highlight one of the most comprehensive introductions to hardware hacking I’ve seen so far – from general principles to technical details, covering all levels of complexity, uniting theory and practice. Here is the Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. Over four hundred pages you will find as comprehensive an introduction to hardware subversion as there is. None of the nuances are taken for granted; instead, this book strives to fill in any gaps you might have, finding words to explain every relevant concept at top-down levels.
In addition to general hardware hacking principles and examples, this book focuses on the areas of fault injection and power analysis – underestimated areas of hardware security that you would be willing to learn, given that both of these practices give you superpowers when it comes to taking control of the hardware. This makes sense, since these areas are at the center of [Colin]’the sand [Jasper]research, and they are able to provide you with something you won’t learn elsewhere. You’d better have a ChipWhisperer in hand if you wanted to repeat some of the things this book shows, but you don’t have to. For starters, the book’s hardware hacking theory is something you’ll benefit from anyway.
Having a solid theoretical basis for hardware hacking helps a lot. Don’t get me wrong, you’ll do pretty well reading our articles and learning examples of your fellow hackers’ work – but there will be structural gaps in how the hacks relate to each other and what else came out there.
Traditionally, these gaps would be due to universities and training courses taking a lot of information, structuring it, and then giving you that structure so you could sort through all the extra knowledge. Unfortunately, we know that even if you can find a teacher, their lessons don’t have to be engaging – or up to date with modern times. This book spends a hundred pages creating a structure for you, a categorized shelf to sort your books. In order to get a full picture of the hardware and never run out of ways to approach it, it helps if you understand your device the same way a hardware security understands it, and our two authors have worked tirelessly to convey their mental frames. to you, with many examples.
Whether it’s going through Intel CPU die shots and highlighting different areas, showing protocol signal traces to demystify what’s really going on with a signal, or explaining hidden potential in different features of PCBs you might come across on the board you are tackling, you get a glimpse into the mind of an expert as you browse through the examples they provide you. It also doesn’t shy away from discussing topics like cryptography – something a hacker might not know they could use and might be forced to treat like a black box. In fact, it’s arguably one of the most important topics such a book could touch on – and going there, it does. Before starting RSA key mining, they go through the RSA calculations involved in cryptographic signatures – although some understanding of algebra is beneficial, it’s not required, and you can always supplement with something like the RSA calculator we covered recently.
Undoubtedly, you’ll want examples, because that’s how we learn best. With these advanced techniques in hand, they take the Trezor One cryptowallet, a device sold online today, and bypass its security measures, extracting the private keys stored on the wallet. The focus on power analysis and glitches pays off here – in fact, quite literally. This demo is advanced and heavy enough to deserve its own chapter, and even if you don’t follow the steps as you go, the attack ties the concepts you’ve seen together, helping you make the connections between what you what you have read and what you will do when you need to extract secrets from your own device.
The authors make sure to keep the theory firmly coupled with real-world material as the book progresses. As a training ground for the Trezor wallet incursion, you’ll learn how to solder a FET onto the underside of a Raspberry Pi 3B+ PCB to block the CPU power rail and try to pop the processor instructions. This exercise assumes you have a ChipWhisperer, although only the Lite version will do, but if you still want to get real results without the precise timing provided by the ChipWhisperer, you can use an ATMega328P and a piezo generator. a barbecue lighter – giving you insights without tying the value of the book to an additional piece of material.
Then they get into power analysis – something you can often do with an oscilloscope, and introduce you to the basics. This is a chapter that I am still only going through myself, this book being as information dense as it is. However, I have high hopes for this, as power analysis is both a relatively non-invasive means of extracting information and also an attack vector to which most hardware available in nature is susceptible, making this part of the book a priority of mine over some free time in my schedule. In fact, about a third of this book is devoted to power analysis techniques, from the simplest to the most advanced, and goes through several test setups, even with an Arduino-based target to get your feet wet.
Of course, part of the power of the hardware hacker is in the equipment, which is why it’s hard to write a book like this and not expect your reader to have a few specific tools. . The authors are aware of this, which is why there is an entire chapter devoted to equipping your own lab – on budgets ranging from high to low. Lots of tools, you can improvise them or reuse them, or you can use them thanks to a friendly hackerspace nearby. Sure, most of them you’ll get by without at first, but when you run into a particular problem, it’s helpful to know that there’s a tool out there for your exact need.
Since the release of this book, we have seen Colin once again push the frontier of side-channel attacks. Last year he gave a Remoticon talk on EM injection issues and provided us with an accessible method to do this without any fancy hardware setup. These side-channel attacks are a growing area that chips will remain vulnerable to for the foreseeable future, and this book will keep you up to date on the application of these methods when unlocking yours.
For newcomers, such a promising field of study is a great introduction to obtaining hardware, as many other attack surfaces that we have known for years are now well protected and often don’t perform as well. in nature. For professionals, you will undoubtedly find some blind spots in your knowledge that you would do well to eliminate. We don’t yet have the technology to download information into our brains; As it stands, the books come closest to that, and The Hardware Hacking Handbook is a respectable attempt to teach you what hackers like. [Jasper] and [Colin] to know.