Assessing and Exploiting
Embedded Memory
Module Outline:
Examples when to use
Local attack through physically exposed devices
Expanding physical attacks to remote attacks
Cryptographic keys and firmware
Overview of methodology
Device disassembly
Component analysis on embedded circuits
Datasheet acquisition and analysis
Understanding engineer speak
Exercise: Reading an EEPROM datasheet
Dumping data at rest
Tools and software to use
Overview of SPI serial protocol
How SPI is generally used on EEPROMs
Exercise: Using GreatFET to interact with SPI EEPROMs
Exercise: Writing Python functions for SPI in GreatFET software
Capturing bus data
Tools and software to use
Dangers of voltage and current to your tool and attached computer
Exercise: Using GreatFET to capture SPI traffic
Analyzing data obtained from data dumping and bus snooping
Exercise: Doing string analysis of datasets
Exercise: Doing entropy analysis of datasets
Exercise: Doing systematic key searches through datasets
Exercise: Doing file carving from datasets
Bonus material in the appendix (not covered in class)
Exercise: Dumping I2C EEPROMs with buspirate
Exercise: I2C bus capture with buspirate
Exercise: I2C bus capture with Saleae Logic
Exercise: Dumping SPI EEPROMs with buspriate
Exercise: SPI bus capture with buspriate
Exercise: SPI bus capture with Saleae Logic
Software
ControlThings Platform Virtual Machine
Hardware
Great Scott Gadgets GreatFET + Cable
(Used for interfacing with EEPROMs/FLASH. Can also be used for bus capture, logic analysis, and MitM USB)Microchip 24LC08B/P
(Very common EEPROM using I2C serial communications)Microchip 25LC640A
(Very common EEPROM using SPI serial communications)