Assessing and Exploiting
Embedded Memory

Module Outline:

• Examples when to use

  • Local attack through physically exposed devices

  • Expanding physical attacks to remote attacks

  • Cryptographic keys and firmware

• Overview of methodology

• Device disassembly

  • Component analysis on embedded circuits

• Datasheet acquisition and analysis

  • Understanding engineer speak

  • Exercise: Reading an EEPROM datasheet

• Dumping data at rest

  • Tools and software to use

  • Overview of SPI serial protocol

  • How SPI is generally used on EEPROMs

  • Exercise: Using GreatFET to interact with SPI EEPROMs

  • Exercise: Writing Python functions for SPI in GreatFET software

• Capturing bus data

  • Tools and software to use

  • Dangers of voltage and current to your tool and attached computer

  • Exercise: Using GreatFET to capture SPI traffic

• Analyzing data obtained from data dumping and bus snooping

  • Exercise: Doing string analysis of datasets

  • Exercise: Doing entropy analysis of datasets

  • Exercise: Doing systematic key searches through datasets

  • Exercise: Doing file carving from datasets

• Bonus material in the appendix (not covered in class)

  • Exercise: Dumping I2C EEPROMs with buspirate

  • Exercise: I2C bus capture with buspirate

  • Exercise: I2C bus capture with Saleae Logic

  • Exercise: Dumping SPI EEPROMs with buspriate

  • Exercise: SPI bus capture with buspriate

• Exercise: SPI bus capture with Saleae Logic

Software

• ControlThings Platform Virtual Machine

Hardware

• Great Scott Gadgets GreatFET + Cable
  (Used for interfacing with EEPROMs/FLASH. Can also be used for bus capture, logic analysis, and MitM USB)

• Microchip 24LC08B/P
  (Very common EEPROM using I2C serial communications)

• Microchip 25LC640A
  (Very common EEPROM using SPI serial communications)