Hardware Security Resources

Here are some whitepapers and blogpapers that should help you get started/learn more about hardware security. I’ve divided the page into divisions for easier viewing.

I’ll keep adding to the list when I remember any other sites/papers that I refer to. Please let me know of any mistakes/suggestions down in the comments!

Blogs/Websites

/dev/ttys0 blog 

cybergibbons

IOActive

Natashenka’s blog

Travis Goodspeed’s blog

Michael Ossman’s blog

Hackaday

Bunnie Huang’s blog

Adafruit

Sparkfun Blog

Lacklustre Blog

Dangerous Prototypes

Adam Laurie’s blog

SRLabs

Xipiter

Chip Whisperer Documentation

Spritesmod blog

Whitepapers/Required reading

General hardware reverse engineering/ attacks

Intro to hardware hacking

Reversing a vacuum cleaner

Joe Grand’s talk on Tools of the Hardware Hacking Trade

Craig Heffner’s blogpost on identifying and using serial ports

Reverse engineering a DTV converter

Reverse engineering a router

Joe Grand: Current state of hardware hacking

LayerOne talk on hardware reverse engineering [Check the other parts too]

HW RE course at Rensselaer Polytechnic Institute. Course Material

A collection of posts by CyberGibbons on wireless burglar alarms [CyberGibbons]

Reverse Engineering a Furby

Recon talk on hardware RE

Hardware hacking for software people – Stephen Ridley

Using Shikra for UART/JTAG debugging

Reversing a home controller

Breaking a Fingerprint protected HD

Breaking a Fingerprint protected USB

Hijacking Drones

Bluetooth Low Energy

Bluetooth: With Low Energy Comes Low Security

Bypassing Passkey Authentication in Bluetooth Low Energy

NIST document on Bluetooth security

Outsmarting Bluetooth Smart

How Smart is Bluetooth Smart

Understanding BLE advertisement packets

Understanding BLE advertising packets

Introduction to BLE

Reverse engineering a BLE bulb

Bluetooth 2.0/3.0

NIST document on bluetooth security

Security in Bluetooth

Bluetooth threats (old ones)

Security Weaknesses in Bluetooth

Sniffing Bluetooth using Ubertooth by Dominic Spill

Side channel attacks

Side Channel Attacks [Good intro to SCA]

Improved Higher-Order Side-Channel Attacks with FPGA Experiments

Power Analysis for Cheapskates – Colin O’Flynn

Video for the above talk: https://www.youtube.com/watch?v=i27NiVuWmhE

ChipWhisperer documentation/ Good info on SCA

Glitching/Fault Injection

Intro to Fault Injection attacks

Writeup of how the PS3 hypervisor was attacked using glitching

Low Cost Attacks on Tamper Resistant Devices

The Sorcerer’s Apprentice Guide to Fault Attacks

Clock glitching tutorial

Vcc glitching

Fault attacks on secure chips: from glitch to flash

Glitching for noobs

Practical Analysis of Embedded Microcontrollers against Clock Glitching Attacks

Practical Attacks against the MSP430 BSL

Fault injection attacks and defences

Security Failures in Secure Devices

Firmware analysis

Firmware Analysis Writeup

Belkin WPS PIN reversing

DLINK DIR980L Firmware reversal

DLINK security failures

Reversing DLINK WPS PIN algorithm

RFID/NFC

New Attacks against RFID

RFID Security: Attacks, Countermeasures and Challenges

Attacks on RFID Protocols

NFC Attack Surface

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

RF Hackery

Good writeup on RF security in general

SDR attacks on smart homes

KillerBee Zigbee attack framework

Exploiting ZigBee

Penetration of ZigBee-based wireless sensor networks

Ghost-in-the-Wireless: Energy Depletion Attack on ZigBee

Decoding Train Announcement Boards

Deciphering mystery signals from a helicopter

Decoding radio controlled bus stop displays

OpenSesame attack on garage door openers

Remotely trigger doorbells

SDR tutorials by Mike Ossman

Hacking a Lego Car using HackRF

GSM/UMTS

Attacking SMS

GSM sniffing [CCC talk by Karsten Nohl]

A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications

UMTS MITM

Privacy through Pseudonymity in Mobile Telephony Systems

Location leaks on the GSM air interface

Decrypting GSM phone calls

Rooting SIM cards

Automotive security

Charlie Miller/Chris Valasek comprehensive paper on automotive security

Good writeup on CAN bus packets

Hacking into a Vehicle CAN bus (Toyothack and SocketCAN)

Books to read:

Hacking the XBox by Andrew “bunnie” Huang

http://www.amazon.com/Introduction-Hardware-Security-Mohammad-Tehranipoor/dp/1441980792

http://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X/ [Good section on hardware hacking]

People to follow on twitter

Mike Ryan

Felix Domke

CyberGibbons

Jay Beale

Justin Searle

SpritesMods

Samy Kamkar

Charlie Miller

Dangerous Prototypes

Joe Grand

/dev/ttys0

Oona Räisänen

at1as

Travis Goodspeed

Michael Ossmann

Chris Valasek

Xipiter

Stephen Ridley

2 thoughts on “Hardware Security Resources”

Leave a Reply to Cybergibbons Cancel reply

Your email address will not be published. Required fields are marked *