# Pentesting Hardware -A Practical Handbook

Mark Carney

April 2, 2017

# Contents

| 1 | PC  | B Eye-Spy 7                        |
|---|-----|------------------------------------|
|   | 1.1 | Form Factors                       |
|   |     | 1.1.1 Through-the-hole             |
|   |     | 1.1.2 SMC                          |
|   | 1.2 | Basic Components                   |
|   |     | 1.2.1 Resistors                    |
|   |     | 1.2.2 Capacitors                   |
|   |     | 1.2.3 Transistors                  |
|   |     | 1.2.4 Integrated Circuits          |
|   |     | 1.2.5 Other Common Components      |
|   |     | 1.2.6 Miscellaneous                |
|   | 1.3 | IC Identification                  |
|   |     | 1.3.1 SoC                          |
|   |     | 1.3.2 Flash ROM                    |
|   |     | 1.3.3 RAM Chips                    |
|   |     | 1.3.4 Interface Chips              |
|   | 1.4 | Electricity and Electronics basics |
| 2 | Too | lbox 14                            |
|   | 2.1 | Hardware Hacking Toolkit           |
|   |     | 2.1.1 Software                     |
|   |     | 2.1.2 Connection Software          |
|   |     | 2.1.3 Analysis Software            |
|   |     | 2.1.4 Hardware                     |
|   | 2.2 | Soldering                          |
|   |     | 2.2.1 Soldering Basics             |
| 3 | Pro | tocol Overviews 25                 |
|   | 3.1 | UART                               |
|   | 3.2 | SPI                                |
|   | 3.3 | $I^2C$                             |

|   | 3.4                             | JTAG                                                     |  |  |  |  |  |
|---|---------------------------------|----------------------------------------------------------|--|--|--|--|--|
|   | 3.5                             | SWD                                                      |  |  |  |  |  |
|   | 3.6                             | Special Mentions                                         |  |  |  |  |  |
| 4 | Thi                             | ngs you need to know 32                                  |  |  |  |  |  |
|   | 4.1                             | Safety First                                             |  |  |  |  |  |
|   |                                 | 4.1.1 Hardware Safety                                    |  |  |  |  |  |
|   | 4.2                             | Electronics Intelligence Gathering                       |  |  |  |  |  |
|   |                                 | 4.2.1 Handy Phrases                                      |  |  |  |  |  |
| 5 | The                             | Hardware Pentesting Methodology 36                       |  |  |  |  |  |
|   | 5.1                             | The Hardware Threat Model                                |  |  |  |  |  |
|   |                                 | 5.1.1 Motivation                                         |  |  |  |  |  |
|   |                                 | 5.1.2 What hardware hacking means                        |  |  |  |  |  |
|   | 5.2                             | Pentesting Hardware - an Overview                        |  |  |  |  |  |
|   |                                 | 5.2.1 Hardware Specific Issues                           |  |  |  |  |  |
|   | 5.3                             | Hardware Pentest Timeline - from Scoping to Reporting 43 |  |  |  |  |  |
|   | 0.0                             | 5.3.1 Scoping                                            |  |  |  |  |  |
|   |                                 | 5.3.2 Testing                                            |  |  |  |  |  |
|   |                                 | 5.3.3 Reporting                                          |  |  |  |  |  |
| 6 | Terminal Access through UART 46 |                                                          |  |  |  |  |  |
| • | 6.1                             | What we will need                                        |  |  |  |  |  |
|   | 6.2                             | Identifying UART                                         |  |  |  |  |  |
|   | 0.2                             | 6.2.1 Identify and Connect to Development Headers 47     |  |  |  |  |  |
|   | 6.3                             | Connecting to UART                                       |  |  |  |  |  |
|   | 0.0                             | 6.3.1 Testing Tx                                         |  |  |  |  |  |
|   |                                 | 6.3.2 Connecting fully with Tx/Rx                        |  |  |  |  |  |
|   | 6.4                             | UART Situational Awareness                               |  |  |  |  |  |
|   | 0.1                             |                                                          |  |  |  |  |  |
| 7 | Fim                             | ware Dumping through SPI 53                              |  |  |  |  |  |
|   | 7.1                             | What we will need                                        |  |  |  |  |  |
|   | 7.2                             | Identifying SPI                                          |  |  |  |  |  |
|   |                                 | 7.2.1 Standard Analysis                                  |  |  |  |  |  |
|   |                                 | 7.2.2 What to do when Standard Analysis fails 54         |  |  |  |  |  |
|   | 7.3                             | Dumping firmware with SPI                                |  |  |  |  |  |
|   |                                 | 7.3.1 Firmware Dumping through UART and tftp 56          |  |  |  |  |  |
| 8 | Firr                            | nware Analysis 59                                        |  |  |  |  |  |
| - | 8.1                             | Extracting Firmware                                      |  |  |  |  |  |
|   | ().                             |                                                          |  |  |  |  |  |

|   | 8.3 | Correlating with UART                                    | 61 |
|---|-----|----------------------------------------------------------|----|
| 9 | Put | ting It All Together                                     | 63 |
|   | 9.1 | Background                                               | 63 |
|   | 9.2 | Hardware Specific Vulnerabilities                        | 63 |
|   | 9.3 | Pentesting Embedded Devices - Technical Overview and At- |    |
|   |     | tack Models                                              | 64 |
|   |     | 9.3.1 Web Application                                    | 64 |
|   |     | 9.3.2 Infrastructure Vulnerabilities                     | 66 |
|   |     | 9.3.3 Wi-Fi and Wireless testing                         | 67 |
|   |     | 9.3.4 Mobile App/Cloud Integration                       |    |
|   |     | 9.3.5 Denial of Service (DoS)                            |    |
|   |     | 9.3.6 Additional Testing Points                          |    |

# Introduction

Hardware hacking is dope, yo...

# Acknowledgements

I am deeply indebted, to  $\dots$  my directors, producers, make-up artists  $\dots$  whatever.

# Part I

## Hardware Skillz

First off, we need to talk about what hardware is, so that we can talk about the threats in the next part.

This part will be more preparatory stuff - What software is best to get a hold of? What hardware testing kit is best? How does Protocol X work in a little more detail?

This is not designed to be an 'undergraduate textbook', but rather a high-level overview for the interested with links to proper technical descriptions where required.

# Chapter 1

# PCB Eye-Spy

So, first off, we should discuss what each part of a Printed Circuit Board, or PCB, is - what they look like, what they do, and how they operate.

## 1.1 Form Factors

There are a few things to note about form factors on PCB's - when researching what a part is, or just working out what it could be.

## 1.1.1 Through-the-hole

When you get your electronics kits from Maplins/RadioShack/wherever, they are generally through the hole kits - that means that the components poke through the PCB, and you solder on the underside and snip off the extra wire. These are very common for hobbyist kits, but much rarer on production PCB's. As such, I'm going to mention them and move on.

#### 1.1.2 SMC

Surface Mount Components was a bit of a revolution in PCB manufacture. The idea is that you can just make a PCB, put on a few thin blobs of solder paste, use a robot arm to place the components on top of the board, and then bake in an oven until it's all bonded. SMC PCB design was instrumental in the full automation of PCB population and testing. It made life stupendously easier for manufacturers.

SMC's are packaged on reels of plastic that resembles bubble-wrap. Each plastic well contains one component, and the Pick-n-place machines (which, let's be honest, do what they say in the name) can easily load a component

into a robot arm and then gently drop it onto the PCB in the precise right place.

Many Integrated Circuits (ICs) are in an SMC format called 'Small Outline Integrated Circuit' or SOIC for short. These allow for easy access to pins with test clips (discussed later on) and allow for easy identification of components and traces between them.

Another common IC package type is Ball Grid Array, or BGA. It allows a chip to be much smaller, but have many more active pins in the smaller packaging, that are resistant to the leg-shortcircuits that can occur when soldering very tiny pins coming from an IC - it is very easy to have short circuits between them, owing to the sticky nature of hot solder on tinned metal surfaces. Indeed, the prevelance of BGA's actually encourages one of my favourite things to find on a PCB - JTAG debug capability.<sup>1</sup>

In the next few sections we'll assume that your PCB is SMC for the most part.

## 1.2 Basic Components

#### 1.2.1 Resistors

Resistors essentially provide some level of resistance. They are basically essential energy wasters. *Essential??* Oh yes - we need to talk about short circuits for this.

A short circuit is when the power finds a path of such little resistance, that all the energy in our power supply (battery, PSU, perpetual motion machine<sup>2</sup>, etc.) will race to the *path of least resistance* - it's not a cliché, it's how electricity flows. So, resistors let us manage this flow by setting different resistances.

The greatest resistance we need consider is through air - hence traces can get very very small and close together, as our voltages are so low, we don't really come into contact with the high energy stuff. Building in a resistor lets us use components without worry of shorting our power supply (lots of fuses and trip switches are in place to prevent massive surges caused by a short circuit - mainly becaues things go 'bang' when that happens).

To measure resistance, use a voltmeter with a resistance measuring setting. I'm not going to talk about colour bands on resistors, as so few of these are ever found in the wild, it's not worth knowing that stuff anymore.<sup>3</sup>

<sup>&</sup>lt;sup>1</sup>See relevant section in the testing chapters.

<sup>&</sup>lt;sup>2</sup>To any physicists - IT'S A JOKE!

<sup>&</sup>lt;sup>3</sup>It really used to be a thing, but now with SMC's, it's not really worth our while

#### 1.2.2 Capacitors

Storage tanks that use an electric field to hold voltage. ...and in normal words? Put simply, a capacitor is two plates that are very very very close together but don't touch. The various parameters of the body of a capacitor dictate how much energy it can store (measure in Farads, but a Farad is huge, so most capacitors you'll meet are in pico-Farads (pF) or micro-Farads ( $\mu F$  - that's a Greek 'mu' letter, but very common to see in its place is 'uF'). The electric field between these plates is what stores the energy inside a capacitor.

Capacitors are used for all sorts, but the most common usage is on power lines - because they store energy, you can discharge that energy when you need some backup. What do I mean? Well, powerlines are notoriously fickle and unreliable. As such, a capacitor can store charge and then 'top up' a power flow to help smooth it out. Most modern electronics are very sensitive to power fluctuations (see the section on glitching), so this is something you'll spot very easily.

These are the things that whistle and whine when a TV power supply is dying, and the larger ones (look like little cylinders) have 3 or 4 arm crosses on top. These are so that when the bit between the plates - the *dielectric*, meaning, 'between the electric bits' - fails (which it can do) you can see it, because this plate will 'pop-out' and the component will just look really different from the others. Now you can go open a business fixing TV's.<sup>4</sup>

#### 1.2.3 Transistors

Electronic switches. They have three pins - collector, emitter, base. Collector you can consider to be where 'stuff goes in', emitter is then self explanatory, and the 'base' is the switch bit. When base is 0V, then nothing flows from collector to emitter. When the base is raised over a particular voltage, then a signal can flow from collector to emitter. The simplest use is as an amplifier - a weak audio signal is sent to base, and this makes the higher voltage from the collector flow according to the base signal. Digitally, this means that you could replace slow valves in computer circuits - valves being electronic switches that rely on a heating element to give out electrons and are thereby slow and also prone to needing to be replaced.

The advent of the transistor was only met by the advent of the LED in

discussing it.

<sup>&</sup>lt;sup>4</sup>Don't. There's a lot of high-energy parts in old TV's that pack enough of a punch to seriously harm, or even kill you. If you're daft enough to touch those components, then don't put yourself on my conscience.

the history of electronic engineering - it still may be the most significant breakthrough in this field during the 20th C. regardless.

## 1.2.4 Integrated Circuits

IC's can be anything. **ANYTHING!** IC's can have moving parts, capacitors, transitors, inductors - literally, anything built into them. To be useful, capacitors and resistors and inductors tend to be external (as very small versions don't have the same effectiveness). They're amazing little doo-dads, and we're going to spend most of this book working out what's going on inside them. There are many tricks and tips for getting knowledge about IC's, but in general, this is the whole aim of hacking hardware - accessing what's going on inside IC's that we can't see.

## 1.2.5 Other Common Components

Before we get to some more interesting stuff, let's cover some other common components:

#### Power Regulators

- these take in one voltage, and either step it up or step it down to another. They're very reliable, and often get very warm (so they could well have a heat sink on them - don't remove it!). They have three pins, generally, and are usuall next to or on a power line.

How to identify a power line? To keep the resistance down, these are often the thickest traces on a PCB.

#### 1.2.6 Miscellaneous

#### **Inductors**

Like capacitors store energy in their electric field, inductors store energy in their magnetic field. In fact, if you couple one of each together, you get an 'LC tank' circuit - a capacitor connected to an inductor will have a fixed resonance that is very useful in analogue electronics.

Inductors aren't that common in digital circuits, but they are very common in radio circuits, so worth knowing about.

## 1.3 IC Identification

So, this section is intended to give you an overview of 'usual packages' that these functioning IC's are found in. That said, there's something that should be noted explicitly:

The only way to give a certain ID of a chip is via the model number on the top.

Granted, this is not always possible (cf. the 'sandwich' method used to put the RAM on top of the SoC on PiZero boards, or the placement of heat-sinks that take light munitions to remove). Nevertheless, it is a good idea to have an overview of the function of each chip, with some notes about how things are achieved/connected and what to spot.

#### 1.3.1 SoC

The 'System on Chip' was a recent revolution in IC manufacturing. The first SoC was found in a digital watch, and this marked the start of a steady flow of such IC's that would steadily condense greater and greater functionality into smaller and smaller footprints.

The core idea is to have one IC that does all the main funcionality. Nowadays, they generally run a specific firmware loaded off a nearby flash-based ROM chip. They generally do a lot of stuff for the developers these days - they tend to implement USB stacks (saves you big-banging your own), as well as Wi-Fi and Bluetooth/Bluetoot Low Energy (BLE) all in one package with a MIPS/ARM (or some other RISC-like CPU) all built in. They can have their own built in RAM, or they can defer to other chips for this. They can have their own in-built secure storage, to act as a sort of 'bootloader' or just a place to put juicy stuff like private keys and such.

SoC's run the show, and they fetch and load the firmware developed to perform the tasks at hand for a particular device. Thankfully, many many SoC's run firmware that is essentially a pared down linux installation. No GUI, but they can drive screens, interface with protocols and other chips, and crucially, have a standard set of debug/development protocols that you can use to look under the hood of a device's working.

#### 1.3.2 Flash ROM

A ROM (Read Only Memory) chip is effectively a solid state storage chip. Much like you get in USB sticks, phones, SD cards, SSD's, etc. How do they work? Well, they have an array of 'floating gate' transistors that are

arranged as if they are in a NAND circuit (a well known layout if you use transistors a lot). A floating gate has a captured electron in an isolated piece of substrate that influences the field effect of the collector. But how does that electron get there? Well, quantum tunneling.<sup>5</sup>

ROM Chips, aside from this modern physics wizardry, are very straightforward devices to look at. They tend to use SPI. (see protocols chapter)

#### 1.3.3 RAM Chips

Random Access Memory (RAM) is a well known computer concept, but here you don't get RAM on little snap-in boards, but rather long, flat IC's with lots of connections. These tend to stand out as the traces have to be of precisely the same length - as such, serpent-like 'wiggly' traces are common going to/from these chips to the SoC - these keep the trace lengths the same and stop the signals going out of sync.

#### 1.3.4 Interface Chips

USB, Ethernet, Bluetooth/BLE, Wi-Fi - these are all quite specialied protocols, and people long ago coded these into silicon. As such, SoC's will potentially have an interface chip for any protocols they don't natively support, or to act as latency-free support chips (if the on-board system is doing a lot of processing, the on-board ethernet may well suffer, so an external ethernet controller IC may be brought in - very common thing on CPE's).

Common interface-specific IC's you will find include:

- Bluetooth/BLE controllers
- Ethernet controllers reffered to as 'PHY' IC's, as they correspond to the physical layer of the OSI model
- DECT phone controllers
- Wi-Fi controllers these are usually shielded on many PCB's so may have to be identified from a bootlog
- USB Controllers a USB stack takes up valuable firmware space, so for full USB support, small controller chips are used instead

<sup>&</sup>lt;sup>5</sup>Specifically Fowler-Nordheim, or FM-tunneling

# 1.4 Electricity and Electronics basics

[This section will be a reference for some basic formulae relating to Electricity and electronics in general. Included as a reference just in case it's ever needed.]

# Chapter 2

# Toolbox

There's a lot that you need to know about when doing hardware, and some specific skills include:

- soldering
- connecting to hardware interfaces (like UART, SPI, etc.)
- Reverse Engineering PCB's

# 2.1 Hardware Hacking Toolkit

So, the protocols we will cover in the next chapter are all well and good, but how do you connect to a UART port? How do you talk to a chip over SPI? How do you get your computer to talk JTAG? None of these actions are particularly hard, but you will need some kit.

Here I will present my software and hardware toolkits - I've put these together so that you, the reader, has a 'shopping list' of tools and equipment to get/download in one place. Some of this will be repeated in later chapters, along with the protocols in play for a full picture.

#### 2.1.1 Software

#### 2.1.2 Connection Software

First, here's some software that I find useful for connecting to things like a bus pirate (see below):

#### minicom

A nice interface, reasonably intuitive, however sometimes prone to just not letting you type input to a device. Minicom is very reliable for logging and connecting to devices, and doesn't kick up a fuss nor crash out easily.

#### screen

'screen' is amazing! All your key-shortcuts you had to learn to leave running processes on a server work here (Ctrl+a+d for example). It works as follows:

```
||screen /dev/ttyUSB0 115200
```

Here, 115200 is the baud rate (see the walkthrough), and /dev/ttyUSB0 is the device you want to connect to. It's really simple, and will also log your output with the -l argument. Swiss-Army tool indeed!

#### flashrom

Flashrom can be installed using yum or apt-get, and essentially is designed for flashing BIOS ROM IC's. However, it has a config for going over bus-pirate, and is very handy for downloading firmware images (including bootloaders) directly off the flash IC's themselves. Here's an example command:

```
>$ flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M -o
    ./firmware-dump.dat
```

This will dump the firmware down in no time! (Well, up to 20 minutes, but hey, there are harder ways of doing it!)

## 2.1.3 Analysis Software

#### binwalk

Created by DevTTYS0, binwalk (https://github.com/devttys0/binwalk) is a superb firmware analysis tool. Replete with enropy analysis capability, it parses through a binary firmware file and identifies important offsets as well as compression/filesystem types and settings. If somehting is LZMA compressed SquashFS in Little endian mode, binwalk will probably see it and tell you.

The -e extract tool is monumentally useful, too - if it sees something it knows, it will parse out that data and decompress it, presenting it to you in a new subfolder for you to inspect. I will be using this in the firmware analysis walkthorughs, so I can thoroughly recommend getting ahold of this.

#### Jefferson

Where binwalk fails, others pick up the mantle - one such example is Jefferson (https://github.com/sviehb/jefferson) Created by sviehb, Jefferson is a JFFS2 compatible firmware analysis tool. This is very useful when analysing firmwares from vendors like Huawei, who have a tendency to use such formats.

#### 'Logic' by Saleae

The Logic package from Saleae (https://www.saleae.com/downloads) is a free-to-use logic analysis software. Interfaces with many analysers, and provides a nice suite of on-the-fly analysis tools. Simply set you sample rate top left, connect the logic analyser (see below), press record, then power on the device/signal you want to record.

Analysis includes the ability to play with baud rates to see which work when assessing a UART connection, through to sniffing SPI traffic (if the sample rate is high enough). Supporting Saleae by buying their stuff is worth this software alone - they could charge a lot for it!

#### OpenOCD

The Open On-Chip Debugger software is an open-source debug protocol suite that interfaces with the latest bus-pirate fimware, as well as many other devices like a GoodFET. To install for use with a bus pirate on a Debian baesd system:

```
sudo apt-get install libtool autoconf texinfo libusb-dev
    libftdi-dev
git clone git://git.code.sf.net/p/openocd/code
cd code
./bootstrap
./configure --enable-maintainer-mode --disable-werror --enable
    -buspirate
make
sudo make install
```

You'll then need to add a 'MyConfig.cfg' file with the following contents:

```
buspirate_vreg 0
buspirate_mode open-drain
buspirate_pullup 1
buspirate_port /dev/ttyUSB0
```

You can then run OpenOCD with the following command:

```
sudo openocd -f MyConfig.cfg
```

Note that you may need to add a line source [find board/ti\_beagleboard.cfg] before successfully connecting to the device. You can now access the OpenOCD running instance by going to telnet localhost 4444 and interacting with the device.

Using GDB will be discussed in the advanced section, but once started, GDB can connect once loaded by typing

```
(gdb) target remote localhost:3333
```

#### 2.1.4 Hardware

#### Arduino (any flavour)

The Arduino broke free the microcontroller (MCU) world to hobbyists and hackers alike! [I will likely do a full section on this later] From implementing a custom protocol, to using them for general purpose hackery, they are very versatile and useful devices. Having a few of them hanging around has saved my life on more than one occasion; my most common use for them is bit-banging<sup>1</sup> some protocol or other in order to get the target IC to believe that some event/input is taking place.

#### **Bus Pirate**

These little beauties are ace! They speak many protocols - the main things to do are as follows. First off, get ahold of a version 3 hardware - the earlier versions are great, but don't support the more advanced firmware.

Second, get ahold of the firmware that supports OpenOCD - Open On-Chip Debugger is a protocol that lets you do debugging in the chip itself by means of the debug protocols like JTAG and SWD. This may seem a little advanced, but it's worth entertaining as an idea - it will give you valuable information, as well as another avenue with which you can dump the firmware.

[I'll put a section here showing how to do the upgrade if it's of interest.]

<sup>&</sup>lt;sup>1</sup>We'll discuss this later, but bit-banging is essentially sending 0's and 1's corresponding to a protocol over a digital output pin by writing binary strings to the pin in order to simulate some functionality.

#### **IC Connectors**

There are two main ways that we will connect to IC's.

Spring-Loaded Taps - The first are using spring-loaded 'leg taps' that come attached to 10-line cables, usually with female pin connectors at the other end.<sup>2</sup> These are little connectors with small metal grabbing arms - when you press down, the arms extend and open out. You can then place them over the device pin you want to investigate, and release slowly. The arms will grap onto the IC leg, and you can then access the voltage going across that pin by hooking the other end of the connector to test equipment.

[Photo of these taps]

**8-pin and 16-pin SOIC Clips** - SOIC clips are *really* useful, as they are designed for debugging SOIC package IC's. They usually have a marked cable that is supposed to map to the marked leg on the IC. The clip then just sits on top of the IC and lets you analyse the signals from a pinout you connect to the other end of the clip cable (provided with the clip in most cases).

[Photo of SOIC clip and of a SOIC clip connecting to a flash ROM chip] Both of these connector types are relatively inexpensive, and will serve you very, very well!

#### UART to USB adapter

Usually marketed as 'CP2102' chips, this IC is designed to do USB-to-TTY UART conversion, mapping directly to /dev/ttyUSB0. Connect the device, start screen or minicom, and then start up the target device and you're all set!

#### Multimeter

These things are simply invaluable! Checking resistances, voltages, continuity - the average multimeter is a versatile and indispensable piece of equipment. A decent one only costs 20, but they last years and will be referenced throughout the book. I will be assuming you have access to one, they're that important.

#### Logic Analyser

These pieces of equipment are very useful - they are essentially multi-channel digital oscilloscopes. They don't measure fine-grained voltages for tracing the

<sup>&</sup>lt;sup>2</sup>I usually refer to them as 'bird's nests', as that's what it feels like you're untangling sometimes.

actual voltages on a chip, but so long as it breaks a threshold (usually 0.5V) these will record and send you data that you can then do analysis on. We will cover the precise methodologies for doing this later on, but suffice to say, these are worth every penny!

Saleae (https://www.saleae.com/) make some of the best consumergrade ones around, but many oscilloscopes come with some implementation of a logic analyser built in these days. Saleae's 'Logic' software is also free to download, and compatible with many of the 'imitation' devices found on the market.

#### Oscilloscope (Optional - unless you want to do advanced work...)

Although only really required when doing work with glitching or more advanced testing/reverse engineering, an oscilloscope can be a very handy tool. Essentially, most modern desktop oscilloscopes are self-contained units that allow you to capture and analyse analogue and digital signals on the fly. They have many many options, and proper useage of the most advanced models can yield significant results!

That said, many cheaper devices connect wirelessly or over USB and can be particularly easy to use. Beware, however, as many of the cheaper ones don't isolate their ground signals, as such, creating a ground loop<sup>3</sup> can be a significant risk!!

#### Bits and Bobs

So, there are things that are just worth having around, the list including:

- Wire just generic plastic coated wire, and some thin copper enamelled wire is so handy to have. Tin the ends (see soldering) and you've got something you can connect to a PCB in minutes.
- Breadboards also called 'prototyping boards', these are white plastic boards you can plug into. I'll discuss below how they work and how to use them, but they are a worthwhile investment.
- Spare Component Selections I recommend having a stock of the following:
  - Resistors a range between  $100\Omega$  and  $100k\Omega$  is best.

<sup>&</sup>lt;sup>3</sup>These occur when a signal has multiple paths to ground - through induction and other actions, they can gather energy and start oscillating. Search online for the kinds of noise/signals that you can generate, and then remember that such powerful signal loops are usually well beyond the tolerances for most IC's.

- Capacitors a range of small ceramic ones and larger cylindrical ones is best. From a few pF to a few  $\mu$ F is a good idea. Handy for setting up aux power supplies, if nothing else.
- Transistors in case you need them for a specific circuit
- LED's if only to give a visual signal that something is happening, LED's are low-resistance sources of confirmational light in my circuits.
- Breakout Units Arduino 'starter kits' come with 1,001 little breakout boards. Sensors, joysticks, stepper motors, LED digital output blocks there are all sorts in these kits, and they are fairly inexpensive. If nothing, it'll give you something to learn Arduino programming on.

# 2.2 Soldering

AKA 'How to play around with molten tin' - it's actually a lot of fun. Fundamentally there are three parts to soldering:

- 1. soldering iron
- 2. solder
- 3. flux

## 2.2.1 Soldering Basics

Solder is an alloy mostly consisting of tin. Tin's melting point is  $231.9 \deg C$  [Fix LaTeX] which is very low compared to most metals - it'll melt at the highest temperature of a domestic oven, and as such, is widely used owing to the fact there's quite a bit of it hanging around the planet, and it's relatively safe to use - no special handling is required, melting point is low meaning no high temperature equipment is needed, and it's also quite soft and easy to work with. We use it to seal our copper piping, connect up our copper contacts on PCB's. Tin in the form of solder is a useful material.

**THAT SAID** - 231.9 degrees C will give you a nasty burn, and as always, take great care when soldering. This isn't a toy, it isn't a game, and if you don't think you should put a hot soldering iron there, then you're right. So don't!

#### Soldering Technique

Here is a basic solid technique for doing soldering:

**NB** - I'm assuming you're using a soldering iron tip that is suitable, and solder wire that has the flux built into it. 'Fluxed solder' is much easier to use, so if you're new to all this, I recommend starting with that.

- 1. Make sure the iron is at full temperature if that means waiting a while, wait. When you start heating things up, it will pass a lot of energy on to the things you want to work on, so make sure it's good and hot. Got make a coffee or pet a cat or something...
- 2. 'tin' the soldering iron tip no matter what size soldering tip you are using, dab solder on the end, and wipe it off on a wet sponge. This will leave a shiny surface that solder loves to stick to *Warning* it will oxidise and brown very quickly, so this will need to be done regularly.
- 3. tin all the surfaces you want to solder tin sticks to tin really well. So, if you're soldering wires it is best to tin them first. If you're soldering to a circular contact test pad, then prepare this first (see below for both)
- 4. Once you're ready, make sure the PCB is well anchored/secure if things fall over you'll damage some component, or even yourself, so avoid leaving things hanging precariously.
- 5. Once the components are in place and ready to be soldered, use the tip to heat up the area were you want the solder to go, and then push solder-wire onto the hot soldering iron tip
  - What you want in this act is to flow the solder off the iron straight onto the hot tinned surfaces. It'll flow beautifully once you get the knack of it, and you'll get perfect solder joints.

## Practise makes Permanent!!

This older mantra from my violin teacher at university<sup>4</sup> is the much improved and true-to-life version of 'practice makes perfect'. 'Practice makes perfect' is wrong, if you think about it - if you keep practicing something wrong, then you'll always get it wrong!

 $<sup>^4</sup>$ Yes, I did my UG in Music, and Tony was my violin teacher who drilled this idea into me!

The trick is to do what anyone who gets good at something does - learn a technique, and then practise it slowly, and concentrate on getting the technique down. You'll soon find that your brain takes over in a sub-conscious way, and you'll get the perfect solder joint every time!

To do this with soldering, you can buy 'solder Training Kits' that give you various footprint and some old/obsolete IC's and components to solder to a PCB, and two PCB's to train on. It's worthwhile, and once you have the technique nailed down, it's a fairly straightforward exercise.

#### **Preparing Solder Contact Areas**

Here are some tips on preparing wires and contact points for soldering:

- Use an appropriate wire if the thing you want to solder to is thin/delicate, use a thinner wire
- Strip the wires with plenty of space to get some contact when you join it to a board
- When tinning plastic coated wire:
  - Strip the plastic and make sure the inner wire is clean
  - Twist the wire between finger and thumb to turn the loose copper wires inside hold together in a 'spiral'
  - Place the wire in a holder, with the metal pointing up, and with a tinned soldering iron tip and fluxed solder, cover the end of the wire from the bottom of the stripped section to the top in a smooth quick motion.
  - Allow the wire to cool before touching it it will only take a few seconds.
- When tinning enamel-coated copper wire:
  - If the wire is 0.2mm thick or less, put a blob of solder on a wedge iron tip, and holding the wire in pliers, dab the end in the blob of solder to remove the enamel and tin the wire, cleaning the iron tip on a sponge thoroughly afterwards.
  - if the wire is 0.2mm-1mm thick the enamel can be removed using a lighter or rubbing the end in extra fine sandpaper. Tin as normal before using.
  - If the wire is >1.0mm thick, it is best to use fine to extra fine sand paper to remove the enamel before tinning the end of the wire.

- Apply solder to contact points you want to solder to:
  - Often a plastic layer is on top of the pad, so use an emory board or scratch the surface with a knife before applying an iron
  - Using a blob of solder on a wedge tip, gently apply the iron to the contact point for around a second, and pull back to see if the solder has adhere.
  - careful repetition of this will prepare the contact pad to be soldered to with a jumper wire
- if soldering to a leg of an IC, line the wire up carefully, and gently rub a tinned iron tip over the pin and wire to bond them. **Be very careful** not to short the pins, and check with a voltmeter to ensure no erroneous continuity (short circuits) have been introduced.

It is also possible to use the ground-plane (the sheet of copper that covers most of a PCB and acts as ground shielding) to anchor some test pins in the following manner:

- 1. Cut an appropriate number of pins to have an anchor at either end of the jumper (so, if you need 5 pins, cut 7 from the strip of pins)
- 2. Find a free area of the PCB edge that can accommodate the new pinout, and mark the pins at either end.
- 3. Scratch off the solder/silk masks from the PCB in order to expose nice shiny orange copper.
- 4. Solder the pins onto the ground plane:
  - First, apply solder blobs to the scratched-off areas
  - Tin the first and last pins as you would a wire
  - Solder the pins onto the solder contact points we carved out, and check it's secure.
- 5. Now gently put small blobs of solder onto PCB side of the pins
- 6. Connect the tinned ends of the jumper wires you want to secure to the pins.

[Pictures to follow]

Doing this after you're identified and soldered jumper wires onto the relevant contact points (usually for a JTAG that doesn't have a development header on the PCB) will produce a 'makeshift' pinout for the interface you want to access.

[ More to follow regarding how to solder, soldering tips, and what's going on when you are soldering. ]

# Chapter 3

# Protocol Overviews

Lots of protocols are in play in hardware, so this chapter will give an overview of the main ones used by electronics IC's/systems to communicate with each other. Ultimately, the aim will be to use these to let us interface with the devices we want to, at a low level. This is the window that hardware hacking opens up to pentesting.

A 'serial' protocol is simply one that acts sequentially, usually in an 'asynchronous' manner (that is, like a turn-based game of chess, rather than a synchronous game of Command & Conquer). We will cover the main ones here, and have some special mentions at the end.

## 3.1 UART

Universal Asynchronous Receiver/Transmitter, or UART for short, is so ubiquitous that of all the many and varied serial protocols out there, we just call it 'serial'. It's a very easy protocol to understand - there's no clock signal (it relies on a preset baud rate), and the only thing to remember is that  $Tx \mapsto Rx$  and  $Rx \mapsto Tx$  when you wire it up. But first, here's how the protocol is laid out.

Like many protocols, this is a pull-up voltage protocol. The lines sit at 3.3V until they are pulled down to 0V to indicate a signal. Let's suppose we want to send a fully btye of data - 8 bits - over the wire from one end to the other. Here's the layout:



Here is a breakdown of this presentation of the protocol:

• All clock speeds are set independently of the signal - the 'baud rate' is the rate at which bits will be transmitted. On this kind of setup, it is just the number of bits per second.

- There is one 'start' bit that gets the ball rolling.
- There is one stop bit (a low voltage cycle) that signals the end of the chunk of data
- 8 data bits in the middle
- 1 parity bit at the end of the data

Normally, the settings for (number of data bits/number of parity bits/number of stop bits) is (8/N/1) (8 data bits, No parity bit, and 1 stop bit). This is generally shortened in screen and minicom to just '8N1'.

There are four connections to make this protocol work:

- 1. VCC usually 3.3V positive
- 2. GND ground
- 3. Tx transmit, which is wired to Rx on the other device
- 4. Rx receive, which is wired to Tx on the other device

So you can see that there are 2 common pitfalls. The first is wiring the devices up wrong. At worst, this will fry your USB or the device itself. At best, the devices just won't communicate. **Take care when connecting and powering these pins!** Second main issue is finding the baud rate. Thankfully, you can try many baud rates using the recorded traces from a logic analyser. The most common baud rates are as follows (in order of what I've seen the most):

- 115200
- 9600
- 57600
- 19200
- 38400

It's straightforward to script testing these, but if you try them in this order by hand (when you run screen in BASH for example), you'll probably find the right one more quickly.

## 3.2 SPI

Serial Peripheral Interface (SPI) was designed by Motorola to permit the conversation between differnt devices based off a master/slave or controller/source relationship. As opposed to UART, SPI is synchronous, and specialised for high-speed, short distance communication. The timing diagram (due to Martin Scharrer)



Here's what the various parts mean:

- MISO Master In Slave Out the bus that lets data flow from the slave units to the master unit
- MOSI Master Out Slave In the bus that lets data flow from the master unit to the slave units
- SCLK The clock signal pin the rising edge of the clock triggers the level of MISO/MOSI to be read as the current bit by the target device.
- SS/CS in order to select a device, this pin is grounded from 3.3V to 0V, telling the particular device to listen up.
- VCC/GND don't forget that the chip will still need power and ground to operate!

So, as you can see, it's hard to wire SPI connections wrong! MOSI on the target maps to MOSI on the connecting device, and the same for MISO, as well as all the other pins.

**NB** - for the real geeks who already know this stuff I have chosen the clock phase and polirity to both be CPOL=0 and CPHA=0 in the above diagram.

## 3.3 $I^2C$

Where one manufacturer goes, another follows. Motorola may have had their SPI protocol, and Philips designed their I<sup>2</sup>C!

Very unlike SPI, I<sup>2</sup>C operates as a packet-switched protocol, permitting multiple master units, multiple slave units, and is engineered towards slower, short distance communication.

[ Put a diagram here - give a proper description ]

Initially, a license fee was associated with using this protocol, but this was waived in 2006. That said, the allocation of ID's to devices is still chargeable.

#### 3.4 JTAG

The Joint Test Action Group (JTAG) had a problem to decide how to test PCB's, especially with the advent of Ball Grid Array and related packages, where the pins are hidden away underneath the package? How do you check if two of the pin connections are bonded with a solder short circuit? What is the best way to solve this problem in a general way?

In 1990, after 5 years of work, the JTAG published IEEE Standard 1149.1-1990, entitled *Standard Test Access Port and Boundary-Scan Architecture*.

The solution is roughly as follows - each leg that comes from the main silicon die in the middle of a chip has on its path a small module. These modules are joined up into a ring, and collectively form the testing apparatus for the IC. Given this particular level of access, three main functions were defined for what a 'JTAG' should perform:

- 1. Debugging allowing a developer to debug the chip, much like you would debug a local machine with GDB or related
- 2. Managing Firmware erasing, uploading, and downloading
- 3. Boundary Scan Testing this is testing the Boundary Scan Register (BSR) over the Test Access Port (TAP), or in normal terms, testing the IC pins for problems or issues.

[Put a diagram of how the JTAG looks vis-a-vis chaining chips together, etc]

JTAG doesn't just permit access to an individual chip, but rather, to all the chips on a JTAG chain. This makes debug tasks work more slowly, but gives wider acess to the IC's on the target PCB. Most instances, however, are singular JTAG's for a particular IC.

JTAG is nominally a 5-pin protocol (not counting VCC or GND):

1. **TDI** - Test Data In, this is the input pin.

- 2. **TDO** Test Data Out, this is the output pin, and when you daisy-chain IC's with JTAG, the TDO of one goes to the TDI of the next, until it loops back to the debug header.
- 3. **TCK** Test Clock, continuing the 'test' naming convention, this is just the JTAG clock signal, the rising edge triggering a read operation. TCK is not chained, but rather forms a 'test clock bus' along with TMS each IC can see the clock and TMS signals.
- 4. **TMS** Test Mode Select, This is read as the clock signal rises, and determines the next state of the internal JTAG controller
- 5. **TRST** Test Reset, an optional pin that can reset the internal test controller, but this isn't required.

The internal mechanics are as follows; There is an internal Test Access Port (TAP) Controller, just a mini-chip inside the main chip that manages the JTAG signals the IC receives. There minimally 3 registers - an Instruction Register, and two or more data registers. There is a defined statemachine that uses the TMS level to decide what to do after each clock cycle. This TAP controller connects to the boundary cells (the little bits of silicon I alluded to earlier, that are on every leg coming from the main silicon die) and drives their behaviour. Boundary Cells can raise/lower a leg's voltage to influence the behaviour of the chip.

As such, you can see that JTAG basically controls the chip, and a JTAG unit within an IC, if accessible to a skilled assessor (that's you), can be leveraged to get full control of the CPU stack, access to memory, as well as the ability to dump/upload firmware without pesky restrictions.

[Signal diagram and in depth descriptions to follow]

There is also a cut-down version of JTAG called 'reduced pin count' and this just has TMSC (Test Serial Data) and TCK (Test Clock) pins in play. This, however, was phased out by more accomplished two-wire protocols such as SWD.

#### $3.5 \quad SWD$

Serial Wire Debug bus was designed by ARM in 2004 to replace JTAG on IC's that use their processors (so chips that have inside a Cortex MCU, for example). Thankfully, most JTAG modules (like the J-Link by Segger) support this as a two-wire protocol from the data and clock lines (YMMV, so check their documentation).

[PTO for some timing diagrams]



The differences should be apparent - the 'grey blobs' are clock cycles where the host shuts up and lets the target talk. The three bits '100' that occur after every host opening byte sent is an ACK from the target - if that isn't received the whole thing loops back to the beginning.

The first byte has the third bit deciding if the READ or WRITE is required, and the other bits decide on the mode (AP ('1') or DP ('0') modes) and the ADDR bits decide which register is being talked to/requested from.

SWD has it's own little state machine, much like JTAG, and you use the single wire to talk to it, and get access to the debug data (stack traces, etc.) for ARM chipsets. Neat-o.

# 3.6 Special Mentions

Context Area Network (CAN) used in cars. Texas Instruments CC21xx series custom Debug Protocol.

template diag:



# Chapter 4

# Things you need to know

Before we get stuck in, here are the things you need to know. This is the only chapter you **must** read.

## 4.1 Safety First

So, some safety pointers from a physical and legal point of view:

## 4.1.1 Hardware Safety

I remember a handyman at a job I once had in a factory telling me the following maxim for getting stuff done with hardware:

Right tool for the right job.

That's a very important idea. Although he meant don't use a MIG welder for something a dab of glue would fix, it's a very pervasive notion. Using tools properly and safely is hugely enjoyable! But improper use can lead to some real problems for you.

Here, we'll go through some safety tips - both for your and your person, as well as for the electronics you'll be using.

#### Soldering

First off, soldering. That thing is hot. Very hot. It's roughly the temperature inside your kitchen oven on its highest setting, except that it's metal and you're holding it in your hand. Soldering irons are very efficient at heating things to this temperature - it's what they're designed for! So, here are some tips when soldering:

- 1. Use an appropriate rest for the iron when it's not in use.
- 2. If you're done with the iron, turn it off.
- 3. Keep children and animals well away.
- 4. Don't be daft if you think you shouldn't use an iron on something, then you probably shouldn't.

#### **PCB Handling**

You remember at school - you were either shown a video of, or even a real Van de Graaff generator. Someone, usually a girl with long hair, would get on an insulated plinth and put their hand tentatively onto the large metal dome of the generator, and as it whirred her hair would slowly become charged and the strands would float away from each other. Remember that?

Good. The science you saw there was that the human body can hold enough charge as a voltage to literally make your hair stand on end, and not kill you. Sources vary, but it is safe to say that the body can hold hundreds to thousands of volts of charge, and you won't die so long as the current, the number of electrons involved, isn't high. So, as a rule of thumb, volts don't kill you, amps do.

Now think to our poor little IC's. Volts love them, and they love volts. But too many, and they die, never to work again. This is why proper PCB handling is important - it's trivially easy to do the wrong thing, gain a charge, and brush up against a PCB and annihilate all the lovely chips with their secrets.

- 1. 'Earth' yourself before you touch any electronics it's as simple as just touching the exposed copper on a radiator.
- 2. Use an earth bracelet if you have one attaching it to the exposed copper of a radiator is a good idea.
- 3. Socks on carpet is a bad idea.
- 4. Keep pets at bay, lest they do the job of zapping your target PCB on your behalf.
- 5. Get an anti-static mat and use it properly see manufacturer's setup guide.
- 6. Buy anti-static bags on eBay/amazon and use these to store your previous target PCB's in. **Don't** leave them lying around unprotected in a box if you can avoid it.

## 4.2 Electronics Intelligence Gathering

Pro tip - being proficient in reading/basic knowledge of Russian/Chine-se/German is very useful. Here are a few reasons why -

- Chinese has lots of open manufacturer forums,
- Russia has lots of forums where people have already broken into stuff or gathered information.
- freifunk is a really good resource, along with DeviWiki and OpenWRT wiki/forums.

[Expand on this list]

## 4.2.1 Handy Phrases

Here are some handy phrases to search for when doing intelligence on IC's on the internet:

#### German Phrases

Russian Phrases

#### Chinese Phrases

filename 下载 "Download filename" 数据表下载 "Download the datasheet"

# Part II

# Basic Assessment Techniques

## Murphy's Law of IoT

"The router/camera/internet toaster in your home, with access to all your data, was made by the lowest bidder..."

#### To include:

- UART locating and connecting walkthrough
- SPI Flash ROM dump walkthrough
- pentesting tips/techniques using UART and dumped firmware.

# Chapter 5

# The Hardware Pentesting Methodology

To get the most out of security assessing hardware, you should ideally be proficient in numerous areas of security testing - infrastructure, web, mobile apps - as these are all presented attack surfaces on modern devices. Hardware hacking can greatly enhance the testing of these surfaces, and offers up some new attacks and a level of detail that is completely missed if the device's debug/terminal functionality is not explored.

Here, we'll explore the motivations, realistic threats, and give an overview of the testing possibilities we will build on practically in the next chapter.

## 5.1 The Hardware Threat Model

#### 5.1.1 Motivation

#### A matter of longevity

The 'half-life' of a vulnerability - the length of time for half the users to have their service/software patched against an identified threat - is nowadays very short; minutes for a hosted web service, even hours for a maintained executables and services, to weeks with clients who have strict roll-out testing requirements. However, a vulnerability in hardware will be around for **YEARS**. Once a device is installed, it's there for the long run, and if there is one guy who procured it, went on the training course, but then left under a cloud and never wrote down how to update it - you're really stuck until you upgrade. These are the true facts of hardware based security models.

## Looking past just getting a shell

There are 1,001 guides online for doing 'Hardware Hacking' online, and they mostly stop at '...and now you're connected', leaving the reader to come up with the relevant attacks, tests, and experience for themselves. Few places deal with what the risks really are, and as has been noted below, the risks as only accumulating. They are not going away.

Yes, I understand (more than most) the value of having a r00t shell on a device, delivered to you through UART, but let's be honest for a moment - **this is not a viable attack vector!** In the majority of cases, there is no way that you'll actually execute access to a UART on a victim's device without either their noticing you, or travelling around fully equipped to perform the installation and assessment of the development header.<sup>1</sup>

It is important to fully appreciate what the threat model is from an attacker's perspective, looking at realistic scenarios for attack.

## 5.1.2 What hardware hacking means

First, a quick digression into what I, the author, mean by 'hardware hacking'. This is a very broad topic - it covers circuit bending, repurposing tech, breaking DRM on games consoles, accessing debug functionality on IC's built into product PCB's, designing and getting an arduino/RasPi/(generic microcontroller) to achieve a certain task for a project you're making, accessing/writing to protected ROM areas, reverse engineering IC's that don't have public datasheets, etc. etc. etc.

Hardware hacking is a *vast* topic, and I don't want to get bogged down with definitions - they're all valid uses of the term 'hacking'.

Specifically, for me, the phrase hardware hacking is linked to my work as a pentester and security researcher where I would analyse IoT/hardware from the standpoint of an attacker looking to get some malicious leverage on a system - so, my point of view for 'what to do when you have access to a debug/terminal interface with a chip?' is to use this deep level of access to test for vulnerabilities and security flaws. This is what I'm interested in, and so I'm making this explicit from the start.

As such, here are the kinds of questions I ask of a device I come into contact with:

• What else can you do besides (generic product description)? (you could argue this is a definition of 'hacking' in a generic way...)

<sup>&</sup>lt;sup>1</sup>The only examples I have ever found where this is not the case is when such a debug port is publically available, such as Cisco switches/ASA's in car parks without adequate physical security being provided.

- Are you really a microcontroller being used to flash a light?
- Do you have a firmware-controlled radio that could be repurposed?
- Do you have some advanced functionality that goes above and beyond what you need for the task at hand, and that I can use for other stuff?
- Can I turn you into a malicious device for blackmail?
  - e.g. bugging, video recording, disclosing sensitive user data or Personally Identifiable Info (PII) - that kind of thing
- Can I get data out of you that relates to your owner?
  - e.g. PII again, usernames, passwords, secret keys for 2FA, private keys for encryption, etc.
- Can I add you to a botnet/BTC miner?
  - easy ways to monetise pwned devices get them to mine BTC to a wallet you control, or add them to a botnet and sell DDoS services a la Mirai clone botnets
- Can I think of any other malicious activity that would benefit me in some real way, that I can leverage to this device and others?

## 5.2 Pentesting Hardware - an Overview

We want to get you to understand the attack scenarios and ways in which you can pentest so as to cover off these attack vectors effectively in your work.

So, let us suppose you're a pentester and you've been given a device to hack as part of a test - what now?!? In fact, many categories of attacks relate to Hardware hacking from this security standpoint, in particular:

## **Outdated Software**

There is a major supply chain issue in IoT. A recent mass hack<sup>2</sup> in the UK showed that there are some serious flaws in the generic underlying software presented on the devices. *But how the hell are these vulns here?* Well, in part it's a supply chain problem.

<sup>2</sup>https://www.theregister.co.uk/2016/12/08/talktalk\_routers\_ may\_be\_botnet\_imperva\_says/

Often (incorrectly) referred to a ZyXEL, Allegrosoft<sup>3</sup> manufacture software for embedded systems, including the very popular RomPager server software. It was clear that there was some issue with this software in the wake of this hack. However, according to sources<sup>4</sup>, Allegro had *fixed this vulnerability already in 2005*, which was revealed when checkpoint disclosed the 'misfortune cookie' issue, which was similar in nature.

So what went wrong? Well, Allegro make money, like any other company, so they sell their software to IC manufacturers directly. In turn, these manufacturers develop a chip, and then sell/give away an SDK with the chips so that companies can quickly get products to market. As such, the problem was specifically that the manufacturer had never upgraded, so the product designers never upgraded, and these devices are in place for years and years so a vuln from 2005 can and will be a major pain in the arse in 2017 because of this major problem in the supply chain **delay-line effect**.

You will find web servers you've never heard of (because they were discontinued in 2003, like D-Link's Boa webserver), DNS servers older than most of your underwear, kernel versions that belong in museums, and best not to mention what versions of busybox they are running.

#### Wi-Fi woes

Many attacks have been found against commercial Wi-Fi setups. But from this to this, it's clear that all your Wi-Fi experience as a teenager has not gone to waste.

#### Remote Command Exec (RCE)

Many instances where you can send a command over the internet and run commands on the local device as r00t. This is quite obviously bad - and there are many sources for 'what to do' if you find this kind of vulnerabilty. Many devices also run everything (even web pages) through BASH scripts because then they don't have the overhead of including a (probably as vulnerable) PHP service. As such, injecting RCE strings all over is likely to find something, somewhere, on the web-app used to manage the devices.

<sup>3</sup>https://www.allegrosoft.com/

<sup>4</sup>http://www.ispreview.co.uk/index.php/2014/12/
masses-broadband-routers-hit-misfortune-cookie-security-scare.
html

#### Remote Code Exec

Likewise, connecting to some exposed service on the external device presentation and send crafted payloads to exploit BOF, format string vulns, etc. These service, if vulnerable, can easily be found using [shodan](https://shodan.com) and the like.

## Cross Site Requist Forgery (CSRF)

Using CSRF to fire in a user's browser, connect to the ubiquitous web based apps/API's used to manage the devices, and either get RCE or directly manipulate settings is a common vulnerability I have found on firmware-based devices. The required CSRF-Token checks needed to mitigate this can produce lines and lines of code, which is a hefty price to pay on storage-light firmware chips (remember - the max for most firmware chips is 16Mb). This vuln is going to be a common theme.

## Cross Site Scripting (XSS)

XSS is always bad, and if there is a way to compromise the device with, say, a stored or reflected XSS, the user's browser as well as the device can be compromised. I'm not going to write here on the evils of XSS as many others have done this before me! But your honed bug-bounty/web-CTF skillz are not lost here!

#### File Upload vulns

Linking into my nightmare CSRF scenarios, file parsing is almost always comically bad on devices, and I will put money on that if there's a file upload on a new-to-market device, it'll have some vulnerability related to either Local File Inclusion, Directory Traversal, or straight up pwning (as seen with a device that just unzipped a file as root into /, including the malicious /bin/evil-ELF I included).

## XML/SOAP based attacks

More and more devices are using mobile based android/iOS apps to manage these devices. As cool as this sounds, these devices open up a SOAP/XML/J-SON based API to talk to the app (rarely implementing any authentication), and UPnP attacks, enumeration, TR069 attacks and enumeration (and others) fall into this category, too - but see 'cloud' for more.

## Authentication / Session management issues

Default credentials are everywhere - literally! admin: admin or similar überweak credentials used to be a joke in the office, until it was everywhere on every device you could talk to that used some embedded platform. It is also a myth that most users even can change their passwords to these devices (many don't support this anymore - see 'cloud' below) so this is also worth reporting. Authentication information enumeration (usernames/emails) is also rampant, as well as authentication bypass - I remember doing a test on one device where just having a valid cookie (which you could guess or bruteforce to get) was enough to bypass username/password requirements.

#### Information disclosure

If the device passes through much of the user's data (as in CPE's) then this data is at risk if the device is - and so these devices can act as a source for further malicious activity (dumping CC data, seeing if someone is in the house for IPCams, etc.). Don't forget, setting malicious DNS servers is very, very easy on CPE's once you've compromised one, and most users (even tech savvy IT people) won't notice, not ever.

Additionally, if a devices offers up access to other services that they then manage (SIP/VOIP, FemtoCell or IPTV access) then disclosure of the internal mechanisms on these devices can reveal private keys for encryption, common shared secrets or credentials (often unencrypted/unhashed), certificates for authentication and encrypted access, DRM information and access methods, etc.

#### The 'Cloud'

...is just someone else's computer. But aside from all these issues (which are dealt with much better elsewhere) there is another concern. Amid this melange of written-at-4am-with-no-sleep and updated-when-West-Virginalast-voted-Democrat software (see, US-relevant jokes... how international of me), introducing new and modern services is as bad an idea as you might thing.

All I can say is that there is little reason for a user to be able to change their firewall settings on their router from the other side of the planet (read; over the internet) but that hasn't stopped manufacturers' efforts to 'solve problems people didn't know they had', thereby creating more problems that nobody whatsoever needs.

## 5.2.1 Hardware Specific Issues

There are also some specific issues relating to hardware devices themselves:

#### More Supply chain woes

Example: U-Boot doesn't support secure booting. At all. Secure boot mode has been in ARM processors from 2005/6 time, but the most common bootloader in existence doesn't support it. This means that your bootloader probably doesn't support checking if the firmware is malicious. Again, tie this into a CSRF vuln (see above) and you can upload a malicious firmware file (I'll probably do a blog on how to make these).

But how is this a supply chain issue? Well, ARM is sold under license, and as such, many of the cheapest chips use licenses of older chip designs. So we see the precise same issue as above - Jazelle mode is an old ARM exec mode that supports native Java bytecode execution (YES YOU READ THAT RIGHT). It was 'replaced' by a new mode in ARMv7 called 'ThumbEE', but you'll still see Jazelle in millions of chips in the wild worldwide.

## **Development Headers**

Kinda obvious from the outset, but the reason these are left on the boards is that the cost of tooling a 'consumer safe' board is very high. Prototyping can take weeks, and when you double that time to create a 'secure' version of a PCB layout, most project managers would shelve such an idea on the grounds of cost alone.

Also, 'omitting' a connecting resistor when going from dev board to production board *isn't fooling anybody...* 

#### **Bootlog Oracles**

Bootlogs are great. They're on the list a little down from post-it notes and using your MAC address as the default Wi-Fi password<sup>5</sup>. The tell you processor versions, chip ID's (they are often covered up with heat-sinks you need light munitions to get off), kernel versions, precise software versions, and tell you all the modes that things are running in/at/on. We will do some detailed commentaries on some bootlogs to show how this works later on.

<sup>&</sup>lt;sup>5</sup>https://twitter.com/LargeCardinal/status/682591420969029632

# 5.3 Hardware Pentest Timeline - from Scoping to Reporting

This is a proposed 'ideal' timeline that you should work towards in order to do the most effective pentration test and security assessment of an embedded device that you can. This timeline is the product of professional experience and talking to other experts/testers in the field. Although you may not be able to execute all these steps exactly, it should serve as an overview for the 'ideal' hardware/embedded security assessment.

## 5.3.1 Scoping

## Scoping Scoping Time

Have an alotted amount of time within which you can scope the device in question. It can take up to a week to fully analyse and research a board, and at least one example device must be provided for scoping. As such, this is the first step and only takes a few minutes to determine how long you will need to scope out the testing of a device.

## PCB Analysis and research

Once you have this time, there three tasks, the first of which is PCB Analysis. The aim here is to gather information about the devices and IC's in play, and how they work at a hardware level. Actions should include:

- Identifying all IC's on a PCB
- finding and storing the datasheets for all identified IC's (no matter how obscure!)
- making black-box diagrams for anything that isn't obvious
- Identify developer headers and assess what they could be
- Using logic to solve identity problems

An example of the last step is as follows; An SoC had a digital signal out trace sent to a 'black blob' epoxy IC (these are the ones where the IC is smothered in black epoxy, and no clue of what the IC underneath does is available), and a line came straight out of here to an 8-pin SOIC speaker driver. It was therefore reasonable to assume, given this black blob spoke

to the 'signal in' pin that drives the speaker, that this IC was a Digital-to-Analogue Converter (DAC). This made sense later when it was determined that the SoC had a built in ADC (Analogue-to-Digital converter) for recording sound, but no inverse audio-output channel.

Recording all this information - IC identitites, datasheets, diagrams, etc. will be very useful later down the line.

## 5.3.2 Testing

Testing should ideally have the following provided by the client:

- At least 2 devices for testing
- Firmware files
- Source Code for custom services (if code-assisted pentesting is in scope)
- Relevant technical documentation as available
- Disclosure of any known issues, should the client be willing

Ideally, the client should also determine any trophies - things that they are concerned about specifically. This is especially important if testing time is limited.

#### PCB Analysis and Research

It is highly likely that the device you eventually test is completely different from the one that you scoped. This is due to the fact that satisfying the requirement that a pentest needs to be provisioned is often put ahead, in time, of the device being finally ready - the idea is that you will test the device as soon as it completes its basic testing.

As such, it is possible that the entire PCB analysis may need to be redone once the test devices have been acquired. Allow time for this to be the case.

#### **Dumping Firmware**

Dumping the firmware, or analysing prepared firmware, is an essential step in assessing embedded systems.

## Debug/Terminal access

This is going to be especially useful, and time should be allotted to specifically trying to access this functionality. If there are any in place restrictions, these should be documented, and their effectiveness should be determined - if you got past them, the manufacturer should know how it was done.

## 5.3.3 Reporting

## Found Secrets/Trophies

Common secrets between different devices should be highlighted as a matter of priority, as they are probably in the wild. If it was possible to determine a unique secret from artefacts on the device (such as the MAC address of an interface giving rise to the default Wi-fi password), this should be made clear. Usual sensitivity should be exercised when dealing with these secrets.

#### 'Testing Narrative' of Hardware Hacks

With regard to giving visibility, if required, the client should be able to get ahold of a rough testing narrative of all the things that were attempted against the hardware. This can be particularly useful for their own risk assessment exercises, so should be encouraged.

# Chapter 6

# Terminal Access through UART

Now that we've covered the motivation for *why* we should include low-level hardware hacking in our pentesting, and we've covered off the specific details elsewhere, it is now time to do a full run-through of what to do when you want to connect to a piece of hardware.

We'll start with the most ubiquitous and easy example - UART.

## 6.1 What we will need

Here's a list of the stuff you'll require to do everything in this chapter:

- Multimeter
- Soldering Iron (with solder and flux as required)
- Header Pins usually set in plastic, 4mm apart
- Plastic Coated wire esp. if you don't have the pins, cut to lengths with tinned ends
- Logic Analyser connecting over USB, compatible with Saleae Logic
- USB to UART adapter a CP2102-like adapter is what I use, or a bus-pirate
- A target board.
- Datasheets for the SoC/IC you want to connect to (may not be available)

## 6.2 Identifying UART

## 6.2.1 Identify and Connect to Development Headers

So, when they manufacture a PCB, they don't necessarily remove the development headers from the production models. What are these? Well, they are the parts of the PCB that would carry interfaces designed for use with test equipment the designers use in development of the firmware.

Remember, the PCB design comes in two stages - the first decides the layout of the parts, and correlates this to the layout requirements of a PCB that will fit inside the proposed product. The second stage is where the firmware is written and developed so that the board works properly, and performs all required tasks.

Obviously, the first stage is costly - it costs a lot of money to prepare a PCB design, then have the prototypes made and populated, to then have access to a board you can develop on. Often, removing something like a debug header is not an option, owing a requirement to re-test the board. So to keep costs low, many prototype boards make it into production, minus the costly plastic headers that actually go on the board.

As such, this is what we want to find, so that we can do a little debugging of our own.

#### Identifying a Development Header

[Insert pictures]

Given we are looking for UART, we would expect there to be four pins, with two fine traces coming from two of them. As such, the ones with thick traces/connected to ground are likely VCC/GND, and the two with fine traces are signal lines, indicating they are likely Rx/Tx.

You can also look to the datasheets - usually available online - for the chip you want to connect to. Search the document for 'serial' or 'debug' or 'uart' and you'll usually find some listing for the UART connection. Get the name of the pins, e.g. P\_2\_6 for Tx, say, and then search for the 'pinout' and look for that pin. There is usually a large dot, notched corners, or some other fiduciary mark on the chip to tell you which way round the diagram matches to the pins. You should then be able to follow the PCB traces and see if the development/debug access leads to a development head or not.

If you don't see what looks like a gap for a development head, then it is very possible that your SoC connects to UART through a 'bed of nails', and so you will need to examine the test pads. A bed of nails test rig is one where little springy brass collared pins called 'pogopins' are arranged in a

fixed way to allow the developers to connect to a fixed set of test pads. As such, if your UART is sent there, then you need to solder onto a test pad, as described in the soldering skillz chapter.

Once you've identified the development header you want, solder a wire into each hole in the PCB, or onto each test pad, and get ready to analyse the signals with the logic analyser.

#### Analysing the Header Signals

We will need to use a multimeter to get a sense of which pin is what. For the sake of argument, we will assume that we have four pins, which we will write a b c d. Find some ground point (either labelled, or use the one connected to the main ground off the power supply unit (PSU).

- 1. Use the multimeter continuity setting (or the diode setting) to check which of our candidate pins is GND. You should see full conductivity to the ground point, as if there is nothing in the way (should be a close reading to touching the probes together). Label this on some diagram, for example if it's the last pin, label as a b c -
- 2. Next identify the VCC line this should be the pin with the highest voltage whilst the device is running. Chips run at 3.3V, but generally you'll see 3.2V or thereabouts. As such, two have a lower voltage than the third, that is a stable 3.3V from the PSU assembly. Label this on your diagram, e.g. if it is the port far left, we update it to + bc -.
- 3. We can now make the safe assumption (which we will test) that the remaining two pins are Tx and Rx. To work out which is which, you may have noticed some variance on the voltage of one of the pins when finding VCC. If you did, then that's probably a Tx line.<sup>1</sup>

We are now in a position to use the logic analyser with the Logic software to The general methodology for analysing the signals from a device is as follows.

Connect up the analyser - Connect GND to the relevant pin on the analyser. You can connect VCC to a channel if you aren't certain it's the power line. This will now let you use the logic analyser to work out what is what.

<sup>&</sup>lt;sup>1</sup>Multimeters use Root-Mean Square (RMS) chips to 'even out' the peaks and troughs of a signal to give a true level reading. As such, it would show lower voltages, such as 2.7V or briefly 0V, as it tries to interpret an digital signal.

Connect the pins to analyse - We have two, so we'll use channel 1 and 2 in our example. Now configure the sampler as in Figure 6.1. This will work for most UART implementations in the wild.



Figure 6.1: Setting the Sample Rate in Saleae Logic

Once this is setup, start the capture, and then immediately start the target device. Once it is finished you will see a caputured digital signal, as in 6.2. This will then need to be run through the analyser to get out the baud rate.



Figure 6.2: Captured Digital Signal

**ProTip:** If you get no signal from either, or signal from one but you can't connect, double check the traces. They may have omitted a resistor from the production model to stop people connecting to the debug interface (or just to save costs).

Double check the traces leading to/from the SoC to your, and look for gaps. If you find one, use a dab of solder to carefully short the gap, allowing you to connect.

Run the Analyzer Now we are ready to analyse the signal we have. On the right of the main screen in Logic you will see a small box for 'analyzers'. Click the cog icon, and you will see the analyser setting screen, as per Figure 6.3. This will then allow you to load an analysis of the signal for different baud rates and settings. Nominally, all UART systems in the wild that you will encounter will tend to use 8N1 as the data settings (see the UART protocol description for more details about that). As such, our only task is to work out what the baud rate is.



Figure 6.3: Analyser Settings - note that the baud rates are free-form text.

The most common baud rates, as mentioned in a previous chapter, are as follows:

- 115200
- 9600
- 57600

- 19200
- 38400

Once the successful one is found, you should see some meaningful output mapped above the signal when you zoom in on Logic. A successful analysis with the correct baud rate will yield an output that looks sensible, as found in Figure 6.4



Figure 6.4: Successfully analyzed signal showing version 1.04 being read from the data.

We have now successfully found our pinout for the development header, as well as our connection settings.

## 6.3 Connecting to UART

**NB** - For the sake of this section, we will assume that the pinout was +|TxRx|, and that the baud rate was 115200 (the most common).

## 6.3.1 Testing Tx

We are now ready to connect for the first time to our device. We now want to wire up our USB to UART adaptor - for ease, I will assume it's a CP2102 (the most common IC used on these boards) and will refer to it by the chip name. **NB** - ensure that the device is off!

Connect GND to the GND pin on the CP2102, and take the Tx from the target pinout, and connect that to the Rx on the CP2102. Now run the following command (as root):

```
screen /dev/ttyUSB0 115200
```

Here, /dev/ttyUSB0 is the CP2102 device<sup>2</sup> and 115200 is the baud rate we identified in the previous section.

<sup>&</sup>lt;sup>2</sup>If you're not sure, you can check by reading the dmesg log after connecting the CP2102.

Now power on the device and you should see text output in the screen terminal. It should look like a boot sequence log - that's because it is! If you're seeing this, then congratulations, you've successfully connected over UART!

## 6.3.2 Connecting fully with Tx/Rx

We are now ready to try and get a shell. Power off the target device, and disconnect the CP2102. Connect the remaining Rx pin on the pinout to the Tx on the CP2102. Reconnect the CP2102, start screen (the command will be the same) and power on the device. If you see some generic Please press a key to interrupt boot process... try it. You should either get dumped into a bootloader shell, and can access memory, or if you allow it to continue (power cycle the device if needed) you may get dumped into a root shell.

This is the debug shell that the developers used when building the firmware, so now you're ready to start testing.

## 6.4 UART Situational Awareness

There is a wealth of information you can glean from the boot sequence dump (called a 'bootlog'). Items worthy of note include:

- Bootloader name and version (Common ones are U-Boot and HiZ)
- CPU/MCU architecture (ARM/MIPS usually)
- Linux Kernel version
- busybox version (discussed below)
- Other software names and versions check against known CVE's
- Look for locations of important scripts (like /etc/rc.d/rc0.sh or the like)

If you are a little lucky (not all devices do this, but most do) then at the end of this you will see a root shell. You may have to login, but that login is usually the same as the default for the management web application, as a rule of thumb. We will discuss how to use this shell and what to do with it once we have given a methodology for dumping flash ROM data using SPI over a bus pirate.

# Chapter 7

# Fimware Dumping through SPI

SPI (Serial Programming Interface) is as ubiquitous as UART when it comes to prevelance in the IoT/embedded hardware world. When used as a communications protocol, it's primary use has been to interface and SoC with a Flash ROM IC. Although it can be used in other areas - many LCD screen breakout boards use SPI as their communications protocol with Raspberry Pis, for example - this is the most common form you will find SPI in use on production PCB's.

## 7.1 What we will need

Here is a list of the stuff you will need to do everything in this chapter:

- Multimeter
- SOIC Clip or IC Leg Taps
- Bus Pirate or other SPI compatible protocol board<sup>1</sup>
- flashrom installed or the software that works with another chosen SPI protocol board
- binwalk installed
- Optional items:
  - Logic Analyser with Saleae Logic software

<sup>&</sup>lt;sup>1</sup>A 'protocol board' is just a board that speaks to your computer and lets you communicate with a target over the defined protocol.

## 7.2 Identifying SPI

## 7.2.1 Standard Analysis

Analysis of the PCB should identify one chip that is an 8- or 16-pin IC that has a part number corresponding to a datasheet that tells you this chip is a Flash ROM Storage device.

It must be noted that not all 8-pin SOIC IC's are ROM chips. Many power convertors, speaker driver/op amp IC's, small MCU's (Microcontrollers) all come in these packages. You **must** confirm that the chip is indeed a ROM chip and supports SPI before continuing to connect it to a Bus Pirate. If you don't, bad things will happen.

**ProTip:** Flash ROM SOIC's tend to be a little 'thicker' and more square than the other types of chip using an SOIC package. This is due to the silicon die needing a large square NAND flash storage area. As such, the IC's themselves tend to look a little different from the other 8-pin SOIC's in particular.

Once you have identified the pinout from the datasheet, you're ready to connect to the device and dump the contents!

## 7.2.2 What to do when Standard Analysis fails

First, with the device powered on, identify the VCC pin with a multimeter - this can be done by putting the negative (black) probe on GND (say the collar of the power supply connector that goes to ground) and trying each of the pins in turn. As a rule of thumb, it is generally the pin opposite the pin next to the little circle (the fiducial marker) - if the circle is 'top left' then this pin is 'top right'.

Now disconnect the unit and use a multimeter in continuity mode (or diode test mode) to identify the GND pin. This has to be continuous from all GND terminals to main ground, so using a known GND point (like we did earlier) is best. As a rule of thumb, this is generally the pin at the opposite end of the chip, on the side with the circle (fiducial marker). If the marker is 'top left' the this pin is 'bottom left'.

You now have a decent indicator for the layout of the IC. This should help you work out if the pinout for this chip is similar to others - it is best to see if you can get the datasheets for chips in the same series, if not the exact one. Searching online for these datasheets may be as fruitful. Atmel ROM IC's, by and large, do not follow the diagram below.

Following from my 'rule of thumb', here is a standard pinout that works on most flash ROM IC's I have encountered personally:

|   | Bus Pirate  | Flash chip |                    | Bus Pirate   |   |        |
|---|-------------|------------|--------------------|--------------|---|--------|
| ſ | CS          | 1          | CS                 | VCC          |   | 3.3V   |
|   |             |            | DO (data out)      |              | 7 | 3.3V** |
|   | $3.3V^{**}$ | 3          | WP (write protect) | CLK          | 6 | CLK    |
|   | GND         | 4          | GND                | DI (Data In) | 5 | MOSI   |

Figure 7.1: Generic ROM IC Pinout - the numbers are just IC pin numbers \*\*See the IC datasheet for whether these should be high or low in order to read the contents.

## 7.3 Dumping firmware with SPI

Once we have our proposed pinout, we are ready to wire up the chip!

Ensure that the device is powered off! Else, you will have the SoC to compete with and all manner of mayhem will be set loose.

Following the wiring that you have identified, as the SPI pinout descriptions line up with the markings on the bus pirate.

- MOSI goes to MOSI
- MISO goes to MISO
- SS/CS goes to CS (chip select) on the bus pirate
- CLK goes to CLK.
- Now wire up VCC for power and GND.

**ProTip:** Flash ROM's can operate at 3.3V or 5V. Check the datasheet or use a multimeter to determine which is the correct voltage, else you either won't get a signal, or worse, could damage the chip by over-volting.

Now we can attempt to dump our firmware. Using a bash prompt, run the following as root:

```
>$ flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M -o
    ./firmware-dump.bin
```

**NB** - if at first it doesn't work, don't worry. Try it again. If it still doesn't work, adjust the spispeed parameter. The supported speeds for bus pirate in the flashrom source are:

- 30k
- 125k

- 250k
- 1M
- 2M
- 2.6M
- 4M
- 8M

So, if you are having problems with a particular ROM chip, start by lowering the spispeed. Upping it to 2M is supported by most ROMs (and may be a hard limit on the bus pirate itself), and will dump the storage faster.

If it is still not possible to dump the ROM file out, then there are a few possibilities:

- 1. You may have made an error in your wiring
- 2. You may have followed the wrong datasheet
- 3. You may have a ROM chip that has specific requirements you may need to adjust the buspirate firmware settings
- 4. Worst case, you may have killed the chip by accident during handling use a logic analyser when the device is running (if it runs)

If all has gone well, you now have a file firmware-dump.bin that you are ready to analyse.

## 7.3.1 Firmware Dumping through UART and tftp

If all else fails, then it is sometimes possible to dump firmware through the UART connection. This is documented here only for the U-Boot bootloader, although similar things are possible on others.

The basic methodology is as follows:

- 1. Start the interface for UART (screen or minicom) in logging mode this is important.
- 2. Load the bootloader into debug mode (usually by pressing any key during boot).

- 3. Determine (through the help menus) whether there is a way to display memory.
- 4. Ensure that the firmware image is loaded in memory.
- 5. Use the memory display functionality to dump the contents of memory to screen.
- 6. As we're logging, this will now be logged to your local drive.

## Worked Example

Here's a walkthrough for U-Boot, using screen, with the decoding at the end.

- 1. As root, run screen -L screenlog.log /dev/ttyUSB0 115200
- 2. press any key to interrupt booting
- 3. either using the bootlog or sf probe, get the addresses and offsets for your flash image
- 4. Load flash partitions into memory using fload, or if this fails, try sf
  - for example sf probe 0;sf read 0x82000000 0x40000 0x370000
- 5. Dump memory to screen using md (memory display)
  - e.g. md 0x82000000 0x40000
- 6. Copy the escaped hex into a separate file.
- 7. Hex that is in a hexdump format can be decoded into a binary file using xxd -r
  - e.g. xxd -r text-dump.txt > firmware-dump.bin

## Further options

If this fails, see if your u-boot supports tftp, and follow these steps:

- 1. As above, use sf and/or fload to ensure that the ROM images are in memory.
  - To be clear, I mean; sf probe 0; sf read 0x82000000 0x40000 0x370000

- 2. using the tftp command, load the firmware image you want over the wire
  - Start a local tftp server
  - start a local DHCP server if you can, else, set static IP's that are compatible with the subnet used by the device
  - Attempt to load the file over tftp; tftp 0x82000000 romfs.cramfs 0x370000

## Chapter 8

# Firmware Analysis

We will assume that the dumped firmware file is called firmware-dump.bin. This can either be an in-memory dump off a device, but can also be from a firmware file provided by the client or one that you found online - generally the ones online are just replacements for the ones that are held locally; the binary file gets written as-is to the ROM chip.

## 8.1 Extracting Firmware

First, run binwalk on the file to see what the likely interesting offsets are. This can be done via

```
||binwalk -e firmware-dump.bin
```

This will create a subdirectory ./\_firmware-dump.bin in which you can find any files that binwalk recognized and dumped or the contents of compressed directories and filesystems that binwalk was able to recognise and extract.

If this produces nothing, then run binwalk ./firmware-dump.bin to get an overview of the technical details and offsets. You can then use dd like so:

```
dd if=./firmware-dump.bin skip=<offset address> count=<number
    of bytes to dump>
```

Remember, the count parameter takes decimal input, not hex, so make sure to use these. Thankfully, binwalk outputs this as well, which is handy.

**ProTip:** If you are not sure what to make of a file and binwalk is not making sense of it, look at the bootlog. This will usually contain the filesystem format, start addresses and block sizes, as well as compression schemes involved.

## 8.2 Trophies and Loot

Here are the things you should keep an eye out when parsing through extracted files from a firmware image. These artefacts are particularly useful when testing, as they may give you some clue as to how to overcome a particular login/parameter, and are usually universal for all devices of the same model number or series.

General tips when hunting for such treasure:

- Keep a note of what was found, so you can check if it changed later
- Keep a note of where it was found for use in later testing

## Configuration Files

Many firmwares, especially for RomPager based firmware files, there is a file /etc/romfile.cfg, that can also be found at /var/romfile.cfg in some instances. This file contains all the details required to setup the system on the fly. When the system is booted this file is parsed out, and its contents are used to populate various BASH script .sh files, as well as populate configuration files for wpa\_supplicant settings, DHCP ranges, etc.

As such, this is a good example for understanding the kind of thinking that takes place when firmware files are put together. There are near-infinite ways of achieving the same thing with the same setup, so it would be remiss to say "This is how it's done!", when it clearly may not be the case. Instead, here are some tips for

#### Passwords/Secrets

The following command, run in the directory where you store the extracted files, will find all sorts:

```
grep -RiE --color 'pass|usern|config|private|key'
```

Pulling /etc/passwd is a good idea - cracking the passwords¹ therein may reveal default user accounts that can access SSH/Telnet/management ports/management web application/etc. It also may give you a clue as to how authentication is done on the web applications used to manage the app - very often, the /etc/passwd file, or some other localised passwd file, is used for all authentication sytemwide, or for multiple subsystems.

<sup>&</sup>lt;sup>1</sup>Generally passwords are hashed with one of the earlier crypt implementations - usually \$3\$ or \$3\$. No joke.

Likewise, parsing for common developer variable names such as secret\_key or api\_key may reveal uniform secrets that are used across all these devices.

The same can be done for DECT phone secrets on CPE's that can talk to wireless phones (which would enable call snooping), and for media access/Digital copyright keys on devices that access media, like IPTV's. Also, keep track of what private keys for certificates are kept, and what they look like they are used for. For example, some systems require authenticated access to some private subnet for hosted services, with access being restricted to any devce that has a particular certificate - if you now have said certificate, you have open access to these 'restricted' systems.

 ${\bf NB}$  - Recording the locations for these will be useful in later testing, too, so keep note!

## **BASH Scripts**

When an embedded device is loaded, chances are everything is managed/up-dated/configured by BASH scripts. As such, knowing where scripts are, and where they get their parameters from is really important. This is how many RCE's are found in embedded systems.

#### Binary files

Knowing the location of important binaries is very useful in later testing. Keep track of what binary files are where. Also, if a binary file does something specific but is not named properly, note stuff like that down. You will forget, and will get frustrated trying to remember later!

[Cover static analysis of MIPS/ARM binaries - IDA?]

## 8.3 Correlating with UART

Having access to a UART interface to some SoC will greatly increase the chances of you making full sense of the way a system works, and increase thereby the likelihood you will make significant advances in determining the vulnerabilities on the attack surface of the device.

When checking the actual locations of files, it can be handy to use the UART interface to make sure that files are indeed where they are in the initial firmware. Often, files are copied and then manipulated - in our example above, the /var/romfile.cfg file is soft symlinked from /etc/romfile.cfg. This can take hours to decipher looking at the firmware dump itself, but is abundantly clear when you have access to the UART terminal.

The UART will also tell you what devices are where - mappings such as /dev/ttyS0 is a common mapping for the serial port. Using echo to send some data to that location should reflect back to you. Once confirmed this can be used when finding RCE vulnerabilities (covered in the next chapter).

# Chapter 9

# Putting It All Together

## 9.1 Background

Now that we have explore the two main basic techniques of accessing UART and dumping firmware over SPI, as well as covering how to analyse firmware and what to look for, we should make plain how this low-level access can inform your pentesting.

I will assume general knowledge, familiarity, and experience with the following types of testing:

- Infrastructure testing nmap/nessus scanning, and running basic exploits through MSF as a baseline
- Wi-Fi testing DEAUTH attacks to get handshakes, understanding of WEP/WPA/WPA2, and more recent attacks like Pixie-Dust
- Web Application testing familiarity with XSS, CSRF, LFI, RCE, SQLi, and the OWASP Top 10 in general
- Mobile Application testing Testing web API's (XML/SOAP/JSON) and assessing mobile devices

The reasons for all of these testing methodologies being relevant comes from the vast attack surface presented by embedded devices in a modern world. Many of these were alluded to in the first chapter of Part II, so we will assume that this has been understood for this more practical chapter.

## 9.2 Hardware Specific Vulnerabilities

Here follows a list of common vulnerabilities that affect only the hardware:

- 1. UART Access yes, this should actually be restricted. Many SoC's support the limiting of this service, and it should not be possible to get a route debug shell from accessing the UART on boot.
- 2. Unsigned firmware images or SecureBoot disabled on ARM SoC's

## 9.3 Pentesting Embedded Devices - Technical Overview and Attack Models

## 9.3.1 Web Application

This is perhaps the most fruitful of all the testing areas, so I will mention it first. The first two vulnerability classes are so numerate, that they have their own sections.

## Remote Command Exec (RCE)

RCE is a high risk, high probability vulnerability on embedded systems, owing to the fact that the main way that performance overheads are mitigated is by the implementation of BASH scripting to perform almost every function on the device. It is not unknown for entire '.asp' websites on embedded systems to be nothing more than renamed BASH scripts that get run on access by the webserver, passing parameters in as you would any other script.

Given the prevelance of this *modus operandi*, it should be tested for exhaustively. Here is a good procedure to gain familiarity with RCE's in embedded systems; Determine whether any user input ends up in any BASH scripts we identified earlier. Common ones include DNS settings, DynDNS settings, NTP timeserver settings, etc. Use the UART connection to test wheter a submitted payload has reached the script unencoded. Once this has been confirmed, different payloads can be created.

It is handy to bear in mind the following RCE payloads that do not use spaces (lines 2,3): (We assume that the UART terminal is mapped to /dev/ttys0)

```
"; echo 'test' > /dev/ttyS0;
";echo$IFS'test'>/dev/ttyS0
";{echo,'test'}>/dev/ttyS0;
```

**NB** - when testing with \$IFS, beware when trying certain commands or using pipes. Sometimes you need to add an escape at the end - e.g.

```
||nslookup$IFSqoogle.com
```

would need to be

||nslookup\$IFS\google.com

on some systems.

## Cross Site Requist Forgery (CSRF)

CSRF tokens are generated by many embedded platforms, but are almost never checked. The general appearance is that developers of embedded management web-apps appreciate the need for a fix, but fail to understand fully the nature of the vulnerability. Given that most devices will sit on the same local IP address (usually in the 192.168.0.0/16 range) and users almost never change this base address, CSRF has a wide ranging capability. The ability to CSRF a setting/configuration by embedding a javascript payload that talks to the management application has been found to permit the following actions to be performed by payloads loaded over the internet:

- RCE through the local browser
- Setting malicious DNS servers
- Deactivating protection mechanisms (built-in AV and firewalls)
- Uploaded malicious firmware files
- Loading a known stored XSS that then fires to disclose information back to the attacker

 $(\mathbf{NB}$  - this is by no means an exhaustive list, and is included for illustrative purposes.)

Example code to use for testing a payload's effectiveness can be found in the [Appendix I am yet to write].

## OWASP Top 10

Taking excerpts of the most significant issues, the following should be kept in mind when pentesting:

#### Authentication Control and Management

Perhaps the third most common issue on embedded systems, Authentication is often handled in a very lax manner. Things to watch out for include:

Weak Password Policies or client-side only password strength enforcement

- Passwords not required to be changed after first login to mangement panel
- Access to management screens without authentication (by forced browsing, for example)
- Platform Authentication Bypass if the system has NTLM or Basic Auth implemented, could this can be bypassed, e.g. by having a valid cookie present
- Predicatable Cookies/Tokens often, to save on processing and I assume large crypto libraries, hashing is always weak, random numbers generally aren't that random, and so cookies are predominantly time-based and very predictable.

#### **SQLi**

Sadly, not much of a thing on embedded devices. Although some do use an sqlite implementation for data storage (very, very few), it is generally not much of an issue owing to a Database server causing significant performance and space overheads that are unnecessary.

It is thereby not something to be overly concerned about if it is not found - a static analysis of the firmware will show you that there probably is no database service to be talking to in any case. **NB** - this does not preclude it being present on externally hosted services!!

#### Insecure Direct Object Reference (IDOR)

This type of issue is also generally not found on embedded systems, however, their cloud-based counterparts for externally hosted services are often vulnerable, opening up access to other customers' devices in the worst cases.

#### 9.3.2 Infrastructure Vulnerabilities

When pentesting any network service presented on the external WAN or internal LAN/Wi-Fi interfaces there are a number of things you are looking for. Here is how low-level access and firmware analysis can help when assessing this attack surface:

1. Analysis of the bootlog (from UART) will yield precise service versions that nmap/nessus can miss.

- 2. Analysis of configuration files will yield default passwords or required keys to access and test running services.
- 3. Analysis of the firmware can determine what SSL Certificates are in play and how they operate (are the private keys universal?).
- 4. If testing a VOIP service, the VOIP secrets should be analysed to see if they are generic/universal.
- 5. If testing a UPnP service, this should be assessed to see if unauthorized access can be granted through some other (web based) vulnerability (they have been known to be CSRF-able).
- 6. When testing any serivce, if you successfully generate an exception, then the stack trace has been known to be dumped to serial (in the spirit of debugging). As such, this can be useful for trying/fuzzing payloads to binary or other services on open ports.

## 9.3.3 Wi-Fi and Wireless testing

Here, we focus on primarily CPE's (home routers or switches with Wi-fi capability), but these can apply more generally to any Wi-Fi interface.

- 1. Uploading Firmware over Wi-Fi this should not be possible. Else the attacker who cracks the password and comes back can set a malicious firmware without ever getting physical access to the device.
- 2. It should not be possible to determine the default Wi-Fi password or WPS pin by sniffing for publically available information (such as the default SSID or MAC address)
- 3. It should not be possible to bruteforce WPS pins nor trigger a pairing without physical access to the device.
- 4. Attacks that are more recent, such as the Pixie-Dust attack I mentioned earlier, should be guarded against, as well. This is unlikely in many cases, owing to the lack of updating base software in the firmware.

## 9.3.4 Mobile App/Cloud Integration

We assume for this testing that there is a tie-in mobile app, or management mobile app that may also have some 'cloud'-based connectivity.

- 1. Many apps permit management of the device itself and the credentials to allow this access should not be pushed to adb logcat. This should be checked during standard operation.
- 2. The cloud-based service should be checked for all the usual problems, with special attention paid to username enumeration and bruteforcing such a compromise can lead to actual compromise of real devices.
- 3. If the cloud-based platform or mobile application permits the 'adding' of devices, it should be confirmed that no Insecure Direct Object References (IDOR) vulnreabilities could be used to add devices arbitrarily.
- 4. Tying into RCE vulnerabilities, if any are identified locally, then these should be tested to see if they can be chained with a CSRF or over the app API itself to trigger such a vulnerability over the internet.

## 9.3.5 Denial of Service (DoS)

This can be brought about in a myriad of ways, and it is very hard to give general guidance. However, the following examples have been found in the wild:

- Bad Error Handling
- Unexpectedly large parameters on web headers (such as User-Agent or Referer)
- Incorrect Basic Auth headers where the header is invalid Base64 has crashed a device completely
- TR069 Port on external interface DoS through fuzzing.

In more general terms, it should be assessed wherever some level of instability of processing is found in the system.

## 9.3.6 Additional Testing Points

## Bluetooth/BLE

Many BLE chips have custom debug stacks that are now well known, and tend to run their own firmware. As such, it should be seen if the devices can be connected to without any keys, or with default/universal keys. They should be segregated from the rest of the device's functionality, and this should be confirmed (it shouldn't be possible to cause a system-level exception from the BLE data being sent to the SoC).

# Part III

## **Advanced Testing Topics**

## Ideas include:

- running firmware files in virtual machines (qemu)
- JTAG/SWD in practice
- Glitching (might not do this requires a chip whisperer or custom FPGA programming which may be beyond the scope of this text)
- Reverse Engineering bootloaders
- worked example of bit-banging a protocol CC2541 custom dbg??

# Appendix A

## **GDB** Cheatsheet

Here is a GDB Cheatsheet of useful command/ways to do things in GDB:

| Command                           | Description                                    |
|-----------------------------------|------------------------------------------------|
|                                   |                                                |
| info <var> or i <var></var></var> | print some information                         |
| i b                               | Get info about breakpoints                     |
| ir                                | dipslay all registers and their values         |
| i proc map                        | display the process map information for the    |
|                                   | code being analysed                            |
| break label                       | break on function label, e.g. break main       |
| break *0x1000                     | break on 0x1000                                |
| delete 2                          | delete breakpoint 2                            |
| set \$r0=5                        | set the value of register \$r0 to 5            |
| stepi or si                       | step forward one instr.                        |
| nexti or ni                       | step forward one instr., and STEP OVER any     |
|                                   | calls                                          |
| stepi 5                           | Step forward 5 instr.                          |
| nexti 5                           | step forward 5 instr., stepping over any calls |
| continue or c or cont             | continue on with the process                   |
| fg                                | as in BASH, foregrounds the process (push to   |
|                                   | background with c&)                            |
| bt                                | 'backtrace' - show the call stack. NB-useful   |
|                                   | when analysing exceptions                      |
| run arg1 arg2                     | execute the debug target (from cli) with arg1  |
|                                   | and arg2 as arguments.                         |
| print system                      | print the system symbol table data (stored     |
|                                   | as the system variable in GDB) NB - very       |
|                                   | handy for ROP exploring.                       |

| p system                       | Shorthand for print system                                                                                                        |
|--------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| p *(array-var)@20              | print 20 bytes of array-var                                                                                                       |
| x 0x1000                       | short for 'eXamine', examine 0x1000 in this                                                                                       |
|                                | case                                                                                                                              |
| x/nfu 0xADDR                   | Starting from 0xADDR, examine the;                                                                                                |
|                                | 1. (N)umber of bytes, in a specified                                                                                              |
|                                | 2. (F)ormat (any of x/d/u/o/t/a/c/f/s from C's print formatting, with additional i for instructions - defaults to he(x)adecimal), |
|                                | 3. Specified (U)nit size (any of (b)yte, (h)alfword, (w)ord, or (g)iant/double words)                                             |
|                                | e.g. x/4dw \$ps is 'examine address in \$ps,<br>and print 4 words as signed integer values'<br>[Yeah, that one's a mouthful]      |
| x/10i \$pc                     | disassemble the next 10 instructions from the                                                                                     |
|                                | addr value in PC                                                                                                                  |
| x/s 0x1000                     | display the string at memory addr. 0x1000                                                                                         |
| x/10xb 0x1000                  | display 10 bytes, as hex, starting at addr                                                                                        |
|                                | 0x1000                                                                                                                            |
| x/10xw \$sp                    | Show the 10 32bit words, in hex, starting at                                                                                      |
|                                | \$sp                                                                                                                              |
| set *(int*)0x6000 = 42         | Set an int (32bits) at addr 0x6000 to 42                                                                                          |
| disp <expression></expression> | do ¡expression¿ each time a breakpoint is hit,                                                                                    |
|                                | e.g. disp x/10i \$pc                                                                                                              |
| dissassemble (label)           | dissassemble the function with the label specified, e.g. disassemble main will dissassemble main.                                 |
| disassemble 0x1000             | disassemble from 0x1000 to 0x2000 (replace                                                                                        |
| 0x2000                         | with addresses in the program)                                                                                                    |
| set print pretty on            | set print formatting of C structures on (use off to turn off)                                                                     |
| set logging file               | set logging to go to /path/to/file from                                                                                           |
| /path/to/file                  | your session                                                                                                                      |
| set arm force-mode             | Set the arm forced instruction mode (ar-                                                                                          |
| arm/thumb/auto                 | m/thumb/auto) - overrides the symbol table                                                                                        |

| show arm force-mode | Show the current force instruction mode |
|---------------------|-----------------------------------------|
|---------------------|-----------------------------------------|

## **Useful Commands**

I also find these commands useful when debugging (on linux/posix like environments):

| Command           | Descr.                                             |
|-------------------|----------------------------------------------------|
|                   |                                                    |
| gdb file          | Debug file in gdb (You never know, I might forget) |
| gdb a.out 789     | attach GDB to a .out running as process 789        |
| gdb a.out core    | open core dump for a.out in GDB                    |
| cat               | get address space layout for 789                   |
| /proc/789/maps    |                                                    |
| echo 0            | turn off the pesky ASLR                            |
| >/proc/sys/kernel | /randomize_va_space                                |
| execstack -s foo  | Disable XN for foo                                 |
| ulimit -c         | turn core dumps on / turn core dumps off           |
| unlimited /       |                                                    |
| ulimit -c 0       |                                                    |

# Glossary

This will be a basic glossary of commonly looked-up terms.

- **BGA** Ball Grid Array. The IC package where blobs (balls) of solder underneath the IC are used to bond it to the PCB contacts.
- **CPE** Consumer Premises Equipment. Often, routers, but can also be IPTV boxes, DECT phones with base units, etc. Anything supplied by some service provider and left in a consumer's home.
- **PCB** a Printed Circuit Board. The thing with all the components on. Can be multilayered, or simply double-sided. Power and signals are communicated via traces on the PCB that link up components.
- **SMC** Surface Mount Components the little tiny components that sit atop/underneath a PCB, and you daren't put down in case they get blown away by a flea's fart.
- **SOIC** Small Outline Integrated Circuit. A very common IC Package you will see on many consumer electronics.

**Solder Mask** - The part of a PCB that's coloured (green/black/red/whatever). This actively resists solder being put on it, driving it through surface tension to stick to the copper contacts and components instead.