personas:brolin:proyectos:hardwarehacking:icreverseeng
Diferencias
Muestra las diferencias entre dos versiones de la página.
| Próxima revisión | Revisión previa | ||
| personas:brolin:proyectos:hardwarehacking:icreverseeng [2021/03/21 20:04] – creado brolin | personas:brolin:proyectos:hardwarehacking:icreverseeng [2021/03/21 20:06] (actual) – brolin | ||
|---|---|---|---|
| Línea 1: | Línea 1: | ||
| - | ====== | + | ====== |
| https:// | https:// | ||
| - | COURSE DESCRIPTION: | + | === COURSE DESCRIPTION: |
| Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, | Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, | ||
| Línea 12: | Línea 13: | ||
| This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction. | This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction. | ||
| + | === Details: === | ||
| - | Details: | ||
| Texplained IC Reverse-Engineering & Code Dump training is built to give a complete understanding of Integrated Circuits while analyzing the different means of extracting embedded firmware and data from Secure Devices.The different chapters are organized so as to let the attendees discover each new topic in a progressive manner that reflects the Reverse-Engineering specific mindset. This way, attendees will be able to derive their own workflows and methods while working on their own projects after the training session. | Texplained IC Reverse-Engineering & Code Dump training is built to give a complete understanding of Integrated Circuits while analyzing the different means of extracting embedded firmware and data from Secure Devices.The different chapters are organized so as to let the attendees discover each new topic in a progressive manner that reflects the Reverse-Engineering specific mindset. This way, attendees will be able to derive their own workflows and methods while working on their own projects after the training session. | ||
| Línea 21: | Línea 22: | ||
| - | Topics covered during the course: | ||
| - | Integrated Circuits Structure | ||
| - | Transistors, | ||
| - | Digital logic and Memories | ||
| - | Failure Analysis and Reverse-Engineering Methods | ||
| - | Embedded Firmware and Secret Data Dump: ROM & Flash Dump | ||
| - | Analytical and Invasive ROM Dump | ||
| - | Linear Code Extraction Based Methods | ||
| - | Automating the Entire Process | ||
| - | How to use the RE and code extraction results | ||
| - | KEY LEARNING OBJECTIVES: | + | === Topics covered during the course: === |
| + | |||
| + | * **Integrated Circuits Structure** | ||
| + | * **Transistors, | ||
| + | * **Digital logic and Memories** | ||
| + | * **Failure Analysis and Reverse-Engineering Methods** | ||
| + | * **Embedded Firmware and Secret Data Dump: ROM & Flash Dump** | ||
| + | * **Analytical and Invasive ROM Dump** | ||
| + | * **Linear Code Extraction Based Methods** | ||
| + | * **Automating the Entire Process** | ||
| + | * **How to use the RE and code extraction results** | ||
| + | === KEY LEARNING OBJECTIVES: | ||
| When it comes to encrypted devices, one may want to gather embedded evidence while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate. | When it comes to encrypted devices, one may want to gather embedded evidence while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate. | ||
| The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully: | The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully: | ||
| - | Recover ICs internal architectures | + | * **Recover ICs internal architectures** |
| - | Evaluate the efficiency of existing countermeasures | + | * **Evaluate the efficiency of existing countermeasures** |
| - | Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations | + | * **Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations** |
| The Students will be shown how such information can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes. | The Students will be shown how such information can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes. | ||
| + | === Concretely, students who complete this course will: === | ||
| - | Concretely, students who complete this course will: | + | * **Find out how to perform low-level hardware reverse engineering** |
| - | Find out how to perform low-level hardware reverse engineering | + | * **Develop analysis strategies for the target devices and apply these strategies to recover their embedded data.** |
| - | Develop analysis strategies for the target devices and apply these strategies to recover their embedded data. | + | === WHO SHOULD ATTEND? === |
| - | WHO SHOULD ATTEND? | + | * **Digital police investigators** |
| - | Digital police investigators | + | * **Forensic investigators in law-enforcement agencies** |
| - | Forensic investigators in law-enforcement agencies | + | * **Government Services** |
| - | Government Services | + | * **Pen Testers who want to assess the security of the embedded code, allowing for a complete hardware + Software evaluation** |
| - | Pen Testers who want to assess the security of the embedded code, allowing for a complete hardware + Software evaluation | + | * **Digital ICs designers & test engineers** |
| - | Digital ICs designers & test engineers | + | * **Engineers involved in securing hardware platforms against attacks** |
| - | Engineers involved in securing hardware platforms against attacks | + | * **Researchers who want to understand the nature of many hardware investigation methods** |
| - | Researchers who want to understand the nature of many hardware investigation methods | + | * **Team leaders involved in IC security and exploration as well as device security** |
| - | Team leaders involved in IC security and exploration as well as device security | + | * **Hardware hackers who want to become familiar with methods on ICs** |
| - | Hardware hackers who want to become familiar with methods on ICs | + | * **Parties involved in hardware reverse-engineering and Vulnerability analysis.** |
| - | Parties involved in hardware reverse-engineering and Vulnerability analysis. | + | === PREREQUISITES: |
| - | PREREQUISITES: | ||
| The training is derived from Texplained « IC RE & Attacks 101 » which means that there are overall no prerequisites. The instructor’s goal is to convert attendees to operational Integrated Circuit Reverse-Engineers no matter their original skills and expertise. | The training is derived from Texplained « IC RE & Attacks 101 » which means that there are overall no prerequisites. The instructor’s goal is to convert attendees to operational Integrated Circuit Reverse-Engineers no matter their original skills and expertise. | ||
| Línea 66: | Línea 69: | ||
| Attendees should be familiar with python scripting. If that is not the case, they will still be able to attend and work on the algorithmic parts while the instructor will help on the « language part. | Attendees should be familiar with python scripting. If that is not the case, they will still be able to attend and work on the algorithmic parts while the instructor will help on the « language part. | ||
| + | === Minimum software to install: === | ||
| - | Minimum software to install: | ||
| Students will be provided assignments on paper as well as the training material as a .pdf file. For working on the examples and handling the image processing steps, Fiji (ImageJ) and Photoshop will be needed. Executables for Windows and Macs will be given if not already installed on their laptop. | Students will be provided assignments on paper as well as the training material as a .pdf file. For working on the examples and handling the image processing steps, Fiji (ImageJ) and Photoshop will be needed. Executables for Windows and Macs will be given if not already installed on their laptop. | ||
| + | |||
| + | === ABOUT THE TRAINER: === | ||
| + | |||
| + | **Oliver THOMAS** studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits. Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs. The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting. During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis. He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower-complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the creator of ChipJuice, a software toolchain that efficiently operates the recovery of hardware designs, independently from their technology node, architecture. | ||
| + | |||
| - | ABOUT THE TRAINER: | ||
| - | Oliver THOMAS studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits. Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs. The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting. During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis. He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower-complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the creator of ChipJuice, a software toolchain that efficiently operates the recovery of hardware designs, independently from their technology node, architecture. | ||
personas/brolin/proyectos/hardwarehacking/icreverseeng.1616357041.txt.gz · Última modificación: por brolin