Book Image

Practical Hardware Pentesting

By : Jean-Georges Valle
Book Image

Practical Hardware Pentesting

By: Jean-Georges Valle

Overview of this book

If you’re looking for hands-on introduction to pentesting that delivers, then Practical Hardware Pentesting is for you. This book will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure. Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and then gradually work towards an advanced hardware lab—but you’ll still be able to follow along with a basic setup. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. You’ll discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. The reverse engineering chapter will get you thinking from an attacker point of view; you’ll understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors. By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.
Table of Contents (20 chapters)
1
Section 1: Getting to Know the Hardware
6
Section 2: Attacking the Hardware
12
Section 3: Attacking the Software

Looking into the radio spectrum

Gqrx is a GNU Radio application that allows you to have a nice GUI to set the frequency of your hardware and have a visual representation of the radio spectrum around the set frequency. It also allows you to hear some common modulations, such as narrow- or wide-band FM (WFM), lower and upper side band (LSB and USB), and others.

Let's fire up Gqrx and set up the source (hackrf for hackrf, RTLSDR for RTLSDR, and so on):

Figure 9.3 – Selecting the source: a HackRF example

Figure 9.3 – Selecting the source: a HackRF example

The following screenshot shows the Gqrx main window:

Figure 9.4 – Gqrx main window

Figure 9.4 – Gqrx main window

The frequency you are listening to is as follows:

  • A: The frequency you are listening to
  • B: The frequency delta between the hardware-centering frequency and the part of the captured data the software processing is focusing on
  • C: The frequency the hardware is centered on (that is, the frequency it will be capturing...