Book Image

Practical Hardware Pentesting

By : Jean-Georges Valle
Book Image

Practical Hardware Pentesting

By: Jean-Georges Valle

Overview of this book

If you’re looking for hands-on introduction to pentesting that delivers, then Practical Hardware Pentesting is for you. This book will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure. Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and then gradually work towards an advanced hardware lab—but you’ll still be able to follow along with a basic setup. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. You’ll discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. The reverse engineering chapter will get you thinking from an attacker point of view; you’ll understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors. By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.

Related Content you might be interested in

Current Title:

Small book image
Practical Hardware Pentesting
Jean-Georges Valle
Apr, 2021 | 382 pages
Small book image
IoT Penetration Testing Cookbook.
Aditya Gupta | Aaron Guzman
Nov, 2017 | 452 pages
Small book image
Penetration Testing Bootcamp
Jason Beltrame
Jun, 2017 | 258 pages
Small book image
Embedded Systems Architecture
Daniele Lacamera
May, 2018 | 324 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting to Know the Hardware
Section 1: Getting to Know the Hardware
Free Chapter
2
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety
Prerequisites – the basics you will need
Approach to buying test equipment
The component pantry
Sample labs
Summary
Questions
3
Chapter 2: Understanding Your Target
Chapter 2: Understanding Your Target
The CPU block
The storage block
The power block
The networking blocks
The sensor blocks
The actuator blocks
The interface blocks
Summary
Questions
Further reading
4
Chapter 3: Identifying the Components of Your Target
Chapter 3: Identifying the Components of Your Target
Technical requirements
Harvesting information – reading the manual
Harvesting information — researching on the internet
Starting the system diagram
Continuing system exploration – identifying and putting components in the diagram
Summary
Questions
5
Chapter 4: Approaching and Planning the Test
Chapter 4: Approaching and Planning the Test
The STRIDE methodology
Security properties – what do we expect?
Reaching the crown jewels – how do we create impacts?
Planning the test
Summary
Questions
Further reading
6
Section 2: Attacking the Hardware
Section 2: Attacking the Hardware
7
Chapter 5: Our Main Attack Platform
Chapter 5: Our Main Attack Platform
Technical requirements
Introduction to the bluepill board
Why C and not Arduino?
The toolchain
Introduction to C
Summary
Questions
Further reading
8
Chapter 6: Sniffing and Attacking the Most Common Protocols
Chapter 6: Sniffing and Attacking the Most Common Protocols
Technical requirements
Understanding I2C
Understanding SPI
Understanding UART
Understanding D1W
Summary
Questions
9
Chapter 7: Extracting and Manipulating Onboard Storage
Chapter 7: Extracting and Manipulating Onboard Storage
Technical requirements
Finding the data
Extracting the data
Understanding unknown storage structures
Mounting filesystems
Repacking
Summary
Questions
Further reading
10
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE
Technical requirements
Basics of networking
Networking in embedded systems using Wi-Fi
Networking in embedded systems using Bluetooth
Summary
Questions
11
Chapter 9: Software-Defined Radio Attacks
Chapter 9: Software-Defined Radio Attacks
Technical requirements
Introduction to arbitrary radio/SDR
Understanding and selecting the hardware
Looking into the radio spectrum
Finding back the data
Identifying modulations – a didactic example
Demodulating the signal
Sending it back
Summary
Questions
12
Section 3: Attacking the Software
Section 3: Attacking the Software
13
Chapter 10: Accessing the Debug Interfaces
Chapter 10: Accessing the Debug Interfaces
Technical requirements
Debugging/programming protocols – What are they and what are they used for?
Finding the pins
Using OpenOCD
Practical case
Summary
Questions
14
Chapter 11: Static Reverse Engineering and Analysis
Chapter 11: Static Reverse Engineering and Analysis
Technical requirements
Executable formats
Dump formats and memory images
Analyzing firmware – introduction to Ghidra
Summary
Questions
15
Chapter 12: Dynamic Reverse Engineering
Chapter 12: Dynamic Reverse Engineering
Technical requirements
What is dynamic reverse engineering and why do it?
Leveraging OpenOCD and GDB
Understanding ARM assembly – a primer
Using dynamic reverse engineering – an example
Summary
Questions
16
Chapter 13: Scoring and Reporting Your Vulnerabilities
Chapter 13: Scoring and Reporting Your Vulnerabilities
Scoring your vulnerabilities
Being understandable to everyone
When engineers do not want to re-engineer
Summary
Questions
17
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Chapter 14: Wrapping It Up – Mitigations and Good Practices
Industry good practices – what are they and where to find them
Common problems and their mitigations
What about now? Self-teaching and your first project
Closing words
18
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety

Embedded systems, in the broadest definition of the term, are all around us in our everyday lives (examples being our phones, our routers, our watches, our microwaves, and more). They all have a small computer inside them and take care of very critical aspects of our lives, and also collect and protect data that is very critical to us. Sadly, the embedded system industry is lagging behind the usual computing industry in terms of security. In the last 10 years, we have seen examples of how this lack of security in these kinds of systems can lead to very tangible impacts on the real world (for example, the Mirai botnet; the Stuxnet virus; a wave of attacks against routers; some countries stealing other countries' drones by spoofing the Global Positioning System (GPS); and so on). This is why it is very important to train more and more people on how to find problems in these kinds of systems, not only because the problems are already here but also because there will be more and more such systems, and their ever-growing number will manage more and more crucial aspects of our lives (think about autonomous vehicles; drone delivery; robots to assist the elderly; and so on).

Helping you start with assessing the security of these kinds of systems is the first goal of this book. The second goal of this book is that you have fun while you learn because testing these kinds of systems is going to be interesting, and I take great pleasure in making the learning process enjoyable for you. You may ask yourself: How is it going to be fun for me? For me, it is because you are messing with the most trusted part of the system: the hardware. Not only you are messing with the most fundamental elements of the system, but you also are in direct contact with it; you will be soldering, drilling, scrapping, and touching the system to pop a shell! You will not only code to compromise your target system, but (hopefully rarely) the blood, sweat, and tears will not be figurative!

In this chapter, you will learn how to set up your lab, from a simple, low investment suitable for learning at home up to a professional testing environment. This chapter will get you up to speed on how to invest your money efficiently to achieve results and, most importantly, how not to kill yourself on the job.

The following topics will be covered in this chapter:

  • The basic things you will need to get started
  • The different types of (common) tools available for your labs, what to get, and at which point
  • The approach to acquiring test equipment, and the difference between a company and a home lab
  • Basic items you will want in a lab, what they are, what are their uses, and the approach to setting up a lab
  • Examples of ramping up your lab: basic, medium, and professional labs
Previous Section
End of Section 1
Next Section