Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Preface

This book focuses on hardware security.

It will teach you how hardware systems are architected and how to understand the general architecture of a system. You will also learn where to find information about a system, which may exist in unexpected places.

We will examine the basic protocols that electronic devices use, look at how to attack the protocols, and learn how to leverage these attacks against the device as a whole.

You will learn how to identify the scenarios that matter for impacting the way a system works, how to test for them during a hardware assessment, and how to reach a system's 'crown jewels'.

In this book, we will teach you how to leverage attacks against hardware, with very cheap tools, to reach the software that runs on the device. You will learn how to extract and analyze this software, and how to alter the software's behavior through direct hardware/software interaction.

Who this book is for

This book is for security professionals and researchers who want to get started with hardware security assessment but don't know where to start. Electrical engineers who want to understand how their devices can be attacked, and how to protect against these attacks, or makers and tinkerers who want to understand how they can recycle or reuse a system that seems to be locked down, will also find this book useful.

What this book covers

Chapter 1, Setting Up Your Pentesting Lab and Ensuring Lab Safety, will go through what hardware to buy and when, how to arrange your lab and how to keep yourself safe.

Chapter 2, Understanding Your Target, explains how to understand the functionality of a system, and how to reverse engineer an embedded system.

Chapter 3, Identifying the Components of Your Target, will help understand how to identify chips and their relationships.

Chapter 4, Approaching and Planning the Test, will show how to identify the risk scenarios and threats to a target system and how to organize the test

Chapter 5, Our Main Attack Platform, will go over the microcontroller platform we will use to attack the target systems, and will demonstrate the usage of common hardware protocols

Chapter 6, Sniffing and Attacking the Most Common Protocols, covers the most common hardware protocols and how to attack them

Chapter 7, Extracting and Manipulating Onboard Storage, covers the different hardware formats used to store information and how to extract and manipulate them

Chapter 8, Attacking Wi-Fi, Bluetooth, and BLE, covers the most common forms of wireless communication and how to attack them

Chapter 9, Software-Defined Radio Attacks, introduces you to software-defined radio and how to intercept and attack proprietary wireless communications

Chapter 10, Accessing the Debug Interfaces, introduces you to hardware-specific debugging protocols and how to exploit them in order to attack embedded systems

Chapter 11, Static Reverse Engineering and Analysis, introduces you to binary reverse engineering tools and methodology in order to understand and attack the firmware that runs on your target system.

Chapter 12, Dynamic Reverse Engineering, leverages the two previous chapters to show you how to interact and attack firmware while it is running on the target system.

Chapter 13, Scoring and Reporting Your Vulnerabilities, teaches you how to report the problems you have found on the target system to your clients.

Chapter 14, Wrapping It Up – Mitigations and Good Practices, orients you towards the solutions that can be given to your clients in order to solve the problems you have found.

To get the most out of this book

You should be familiar with Linux and be able install software on your own. All the examples and code have been developed on Debian Linux, but any distribution should work.

While it is possible to follow all the examples on a virtual machine, you may encounter USB connectivity issues. If you experience unstable communication with your hardware tools please proceed with a real installation.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Practical-Hardware-Pentesting. If there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Code in Action

Code in Action videos for this book can be viewed at http://bit.ly/3sHBxRI.

Download the color images

We also provide a PDF file containing color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781789619133_ColorImages.pdf.

Conventions used

A number of text conventions are used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "For example, this is adding 1 to every byte received on ttyUSB0 and sends it to ttyUSB1"

A block of code is set as follows:

[xxx.xx] usb xxx: New USB device found, idVendor=04d8, idProduct=fc92, bcdDevice= 1.00

[xxx.xx] usb xxx: New USB device strings: Mfr=1, Product=2, SerialNumber=0

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

import serial

#imports the serial module

serin = serial.Serial('/dev/ttyUSB0', 115200)

#opens serial adapter one

serout = serial.Serial('/dev/ttyUSB1', 115200)

Any command-line input or output is written as follows:

#udevadm control --reload-rules

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on the Connect device button and set up the analyzer"

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Preface

Create new playlist

Sign In

Sign Up