My Favorite Things: Hardware Hacking and Reverse Engineering
Favorite (Hacking) Things
I really enjoy researching and acquiring “gadgets”. Recently, I spent a little time with Eclypsium’s research team discussing which hardware and software are most useful for security research, specifically hardware and firmware. The Eclypsium team has published extensive research in the past so I thought it would be excellent for the community to get an inside peek at some of the tools we use. Seasoned security researchers will probably recognize most, if not all, of the items on the list. And for others, this may read like a shopping list!
Hardware
- Chip whisper – Description: “The ChipWhisperer® ecosystem presents the first open-source, low-cost solution to expose weaknesses that exist in embedded systems all around us.” The researchers who recently discovered Tesla vehicles use AMD chips prone to glitching attacks likely used this device (or something similar).
- See also the Chip shouter (“The ChipSHOUTER® (CW520) is a fully-featured Electromagnetic Fault Injection (EMFI) platform that can be used to discover and characterize vulnerabilities in embedded systems.”)
- Bus pirate – This is one of the preferred devices for communicating over SPI, but it does much more, including: “communicates between a PC and any embedded device over 1-wire, 2-wire, 3-wire, UART, I2C, SPI, and HD44780 LCD protocols – all at voltages from 0-5.5VDC.”.
- Raspberry PIs – This includes a Raspberry PI 4, Raspberry PI Zero (finding these at the time of this writing is difficult due to supply chain issues), and a Raspberry PI Pico (and/or Pico W).
- Arduino – Along with some breadboards and patch cables.
- JTAGulator – Description: “an open source hardware tool that assists in identifying OCD interfaces from test points, vias, component pads, or connectors on a target device.” – Created by Joe Grand.
- Hantek 2D72 handheld voltmeter, signal generator, oscilloscope – This one looks much nicer than the beat-up one currently on my desk.
- Saleae – USB Logic Analyzer Saleae Logic 8 – “The Saleae Logic 8 is a powerful logic analyzer that lets you record and display signals in your circuit, so you can debug it fast.”
- Hak5 Packet Squirrel (and/or Ethernet Tap) – This is a great tool for capturing device traffic, such as firmware updates.
- Deadyprog SPI Flash Programmer – For those times when you need to re-flash the SPI!
- Flipper Zero – While there are many better alternatives to the hardware included with the Flipper Zero, I like the form factor. I can easily take a suite of tools with me wherever I go and “conduct experiments”. I installed the Unleashed firmware on the Flipper Zero and selected sets of files for Sub-GHz, RFID, NFC, and IR. Please use responsibly and ensure you have permission to hack things!
Software
- Ghidra – Reverse engineering framework.
- Binary Ninja – Another great reverse engineering framework.
- A ChatGPT (OpenAI) account (or subscription) – Very helpful to generate code as a starting point (and many other “things”).
- A subscription to VirusTotal
- EMBA – A firmware security analyzer.
- strings – Sometimes a simple Linux command such as strings is all you need to get started reverse engineering.
Other / Misc
The list below complements the previous two lists in many ways. Everything from note-taking to the proper footwear is covered below:
- Minuware ds213 oscilloscope
- Leatherman titanium multi-tool
- Battery-powered pencil soldering iron (many options are available)
- Jewelers loupe
- USB-C pass-through meters and protocol analyzers
- Ifixit deluxe electronics repair kit
- Flir cameraphone
- A box full of connects and solder
- Radiation detector (This fell in the category of “Don’t ask”)
- A variety of chemicals like acetone and protective gear
- Mission Darkness Faraday bags
- Laptop to run software for tools
- Smaller laptop that has plenty of ports
- Soldering/desoldering workstation with hot air gun (many options are available)
- USB microscope
- 3D printer (capable of high-impact polymer and carbon fiber)
- Desktop CNC mill
- GoPros (or other similar small cameras for recording work)
- High-storage battery in the 100-watt range
- Titanium pen
- High-quality lab notebook journal
- Powered self-stabilization selfie stick
- Tactical gloves with exterior lining (for electrical shocks)
- Workmen’s rubber-soled boots (such as one required to be worn in places like electric substations)