The Place of the Technological Pentest in the Attack
Hardware analysis of embedded systemsis not a separate discipline, but a specific stage of kill chain. InTerms of MITRE ATT&C physical pentest of the equipmentseveral tactics:
• Reconnaissance -collection of information about the hardware platform (T1592.001,Hardware) and firmware (T1592.003, Firmware). Inspection Visual ofthe board, identification of chips by marking, determination of theprocessor architecture.
• Initial Access - physicalConnection to debugging interfaces (T1200, Hardware Additions).UART-console with root shell - classic of the genre.
• Collection - extractingdata from flash memory (T1005, Data from Local System). SPI-dump viaFlashrom.
• Credential Access - searchfor chord-made data in extracted firmware (T1552.001,Credentials In Files). Default accounts (T1078.001, Default Accounts)Come to firmware with frightening regularity.
• Persistence - modificationof system firmware (T1542.001, System Firemware) or firmware ofIndividual components (T1542.002, Component Firmware) for fixture.
Typical sequence: opening of the case→ visual inspection → search for debugging interfaces →connection to UART → collect shell download or log → SPIflash flash performance dam → image analysis →Vable search. If Sovet, JTAG for debuggingSecure Boot. Lime Interface its problem, and the choiceDeterioration on the goal.
Adjacent requirements: equipment andSoftware
Before you open the body, it is worthassemble a minimum set. Without it, you'll just scratch thePlastic.
Equipment:
Software (Linux - Kali, Ubuntu,Debian):
• •flashrom[/L]- reading/recordingSPI flash (active open-source project, regular releases)
• •[URL='htps://github.com/ReFirmlabs/binwalk']binwalk- analysisand unpacking of firmware images
• minicomor screen- terminalfor UART
• •OpenOCD- work with JTAG/SWD
• PulseView(sigork) -decoding of signals
• Ghidraor radare2-Repeat-Enineering binary binary
Minimum system requirements: 4 GB RAMfor basic work with flashrom and binwalk, 8+ GB if you plan toreverse large images in Ghidra. The processor is non-primilar -utilities work on any x86_64.
Visual check-up: recon on physicalLevel
The Physical Pentest of the EquipmentBes with visual inspection of the PCB. - By to VoidStarSec,the first thing to do with any embedded device is “visualteardown, during which all the components and the potentialattack-surface is identified.
What to Look for:
Memory chips. SPI flash is usually an8-output SOIC8 or WSON8 body. Winbond (W25Qxx), Macronix (MX25Lxx),GigaDevice (GD25Qxx) is a sign of flash memory with firmware.Datasheet will give a pedooting and a list of support commands.
Test sites and connectors. Rows of3-4 pads (GND, VCC, TX, RX) or unladen pants - with a highprobability of UART. If silkscreen contains inscriptions Tx, Rx, GND- you are lucky, as in the case of the VoidStarSec analysis, wherethe contact platforms were signed on the board. Onproduction versions, the marking is often removed - you have to lookfor a multimeter.
Traces of remote components. Emphysites mark R24, R47 - traces of the pull-up resistors of debuggingports. As WordPress Descriptions When the Marketing, “Fottenwhen inspecting serial ports or JTAG connectors, traces of resistorsRecused before production are visible.” Molding in placeresist 0 ohm or 10 kOm and checking - can revitalize the interface.In practice, this more often than the vendors will like.
The main processor. The SoC markingDedicas the architecture (ARM, MIPS, x86) and a set of tools forreverse. Part number + datasheet = debugging interfaces,cerun, boot scheme.
UART-interface for pent: from testCases to root shell
UART (Universal Asynchronous ReceiverTransmitter is the first interface to be checked on any embeddeddevice. Simple, do not expensive demand equipment and often givean over result: from the debugging log to a full- rootedshell.
Search and identification of UART onBoard
UART without aThe clock signal. The TX line at rest is at the level of a logicalunit (usually 3.3B). This is a key sign when a calling multimeter.
Search Algorithm:
1. Find candidates - groups of3-4 contact areas located nearby.
2. Measure the voltage of eachpee relative to GND when the device is on.
3. Pin with stable 3.3V (or 1.8V/ 5V - status on the logical level) - candidate for TX.
4. When the device is turned off,check the speed of voltage drop: slow down (several seconds) - VCC(due power condensers), rapid fall - GPIO line (TX or RX). Thisis a statement by the wrongabaud when analyzing the coolingport of the router, and it save really.
5. Pin with 0V, not connected toGND (verified by the call) - RX.
If TX is found, but there is notraffic - it is worth tightening the line through 10 kOhm to VCC. TheVoidStarSec study described a case when the TX line hung in LOW dueto the lack of pull-up. After a lift to 3.3V, traffic appeared on theoscilloscope: KEY_B Down. KEY_B Dn->Up. - a dedicatory conclusion.
Connecting and Defining Baud Rate
Connection - TX devices to RXAdapter, RX device to TX adapter, GND to GND. If the device isat 1.8In logic, and the 3.3B adapter is required, you need alevel shifter, otherwise you can burn the port. Don't ask me how Iknow.
Baud rate is determined by the widthof the minimum pulse on an occilloscope or logical a analyzer.Standard values: 9600, 19200, 38400, 57600, 115200. The Extreme Depreciationof IoT devices are 115200. Connection via minicom -D /dev/ttyUSB0 -b115200 or screen /dev/ttyUSBK 115200.
What do UART give with a hardwarepentest:
• U-Boot/Linux Lounger Logwith kernel versions, download, descriptions, configuration settings
• Root shell without apassword - more more than often than we will like
• Interactive consolebootloader (U-Boot CLI), which allows you to modify download, parameters read and record memory
• Debug withdrawal withplain-passwords and tokens
If the terminal has garbage - firstall, check the baud rate, then the level of logic, thencorrectness of the TX / RX connection (changeclines). In 80% ofCases, the problem is in one of these three.
SPI flash: full device firmware dump
SPI (Serial Peripreal Interface) is asynchronous protocol by which the processors with flashMemory. SPI flash dump gives a full flash plug: downloader, OSkernel, file system, configuration. In fact, all the contents of thedevice on the platter.
Data extraction via flashrom
flashrom - open-source utility forRead and writing SPI flash. Supports of chip models andMany programs.
Parameter -c clearly thechip model - it is useful when auto-detect does not do not do. The list ofsupported chips is available on the Flashrom website.
Bus contention and ways to bypass
If Flash give No EEPROM/flashDevice found - this is up to bus content. When in-cricusVCC not only to flash, but also to the processor. Theprocessor start and start to refer to the memorywith the programmer - two masters on the same tyre. SPI doesn'ta syrupt.
As VoidStarSec descriptions when workingwith SPI flash, an electro toothbrush: “If the VCC-pin isconnected to the CPU, we inadvertently power the process,the bus contention – SPI protocol not support mastertwo-devices on the same trem at the same time.
Decisions to increase complexity:
1. Keep the processor in reset.Find pin RESET on SoC, Submit LOW during the reading. Clean method -the processor do not start, flash is free.
2. Selling the chip. Hot air,~350°C. Completely removes the content problem. Cons - you needto bake back, and if it is anti-tamper, you can pick the device.
3. Passive interception through aAnalysis of the logic. Connect PulseView to SPI and record trafficWhen downloaded. SPI decoder will restore the data. Minus: if theprocessor not read all flash when downloading - the image isIncomplete. It is completely rotating a modified firmware in thisthe way.
In the analysis of the router,freeloaded with a similar problem: Bus Pirate could not rew the ChipSelect line at in-circuit reading Winbond W25Q16. After severalattempts with pull-down resistors - the hot air chip fell and removedthe dump is already off-circuit. Sometimes the soldering is themost reliable debagger.
JTAG-debugging: full control over theprocessor
JTAG is anally full interfacefor created PCB, but become the standard of debugging ofembedded processors. For a hardware pentest, JTAG debugging give themaximum access level: reading/memory, processor shutdown,step-by-step execution, bypass Secure Boot. If UART is a viewing ofthe keyhole, JTAG is the keys to all doors.
Search JTAG-interface on the Board
The standard JTAG Uses 4 lines: TDI,TDO, TMS, TCK (plus optional TRST). On production boards, we areFrequently signed. Methods of identification:
• Datasheet processor - ifthe SoC marking is read, the description of JTAG pins. Themost reliable way.
• JTAGulator is a hardwaretool for over-chopping of parameters of pins and determineJTAG Chain on IDCODE. Brutforcet all combinations - for along time, but works.
• SEC Xtractor -to the SEC Consult, our tool fteds JTAG brute-forcing and UARTscanning, support supports from 1.8 to 5.5V.
JTAG vs SWD: when to use what
SWD (Serial Wire Debug) is anAlternative debugging interface for ARM Cortex.
If the device on ARM Cortex - checkthe SWD first: less lines, it's easier to find. MIPS (many routes onQCA/Atheros/MediaTek chips) are only JTAG. Both protocols supportOpenOCD with J-Link, ST-Link or FTDI-based adapters.
Through JTAG/SWD + OpenOCD, you can:read flash direct processor bypassing the external SPI; to dam RAMat an a moment; bypass Secure Boot if JTAG is not fused;write a threadedware.
Firmware analysis:Reverse-engineering of the extracted image
After the Career DumpSPI, UART (XMODEM) or JTAG - bend the most interesting. The firststep is to define the structure through binwalk:
A typical picture for embedded Linux:two images of U-Boot (main and backup), kernel and SqueshFS this - isthe structure that rightbauds described when the router.Extraction of the file system: binwalk -e firmware.bin, then cd_firmware.bin.extracted/squasafs-root/.
What to Look for in Unpackaged Image:
• /etc/shawow, /etc/passwd-hashes or text passwords
• Configurations in/etc/config/- Wi-Fi passwords, API keys, SNMP community strings
• Scripts in /usr/bin/,/usr/sbin/- chord-plated personality events, debug backdoor accounts
• SSL certificates andprivate keys in /etc/sl/
• Binary web interface - forBackward in Ghidra for Command Point, Overflow of the Buffer
Default credentials (T1078.001,Default Accounts) and chord-made passwords in files (T1552.001,Credentials In Files) are the most spaced. Even when the webinterface requires a password change at the first login, firmwareoften retains service for decuggging. They are forgetting to"just in case" orly left.
When choose to which interface
Practical rule: start with UART(cheap, fast, often give the result), move on to the SPI (full)firmware dump), use JTA when you need real-time debugging orbypassing the mechanisms of the protective.
Limitations: where the hardwarepentest will not work
Hard pentest is not a silverbullet. Spectically when the description techniques will notgive results:
Fused JTAG. Production Devices forcibleDisconnect JTAG at the level of OTP fuses in the processor. Afterthe interface is physical incapacitated. Check - only antry to connect: if IDCODE do not res. and daisy-chain is notDetertain, determined probability fused. There's No Courses.
Encrypted firmware. If the image inthe SPI is encrypted (AES with a key in the OTP region of theprocessor), the dump is useless without a key. binwalk will show theentropy ~8.0 the image - a sign of encryption orcompression. For the difference - to look for magic bytes ofalgorithms (gzip, LZMA, LZ4).
Secure Boot with a chain of trust.Even if the firmware is retrieved and modified, Secure Boot willallow you to download the image without a valid digitalsignature. Bypass is free through an unclosed JTAG stop - theprocessor to the sign test. But if JTAG fused is avicious circle.
Chips without support in flashrom. Asthe Nozomi Networks Description by the Example of a Verkada D40with a HeYangTek HF2GQ4UAACAE chip if the chip is not available, thestandard toolkit is useless. The Resces Had to Use a Specializedprogramman BeeProg2C with an WSON adapter.
BGA-corps without test points. If theflash memory in the BGA is sold under the processor without theoutput test sites - physical access to SPI-lines is allDifficult. You need to either intercept signals at the level of thePCB-highway (microscope + soldering station), or look for alternativechannels - UART, update network.
Half of Production Devices Arewith open UART and unprotected SPI. This speaks not aboutthe technical complexity of protection, but about the priorities ofvendors. Close JTAG through face, remove debugging, encryptthe image - measure each is worth minimale. But time to marketwins, and the embedded security is perceived as exotic.
On Every Third IoT Audit, the Firstcritical find is not the XSS in the web panel and not a weak TLS, buta UART console with root access, which no one try to disable.Vendors claim Secure Boot in marketing materials - in fact, the fuseis not burned, JTAG is open, but in /etc/shadow setting root: withan empty hush.
Hardware pentest does not requireN-1day exploits or months of disparate. Multimeter, SOIC8-clips andReimulation of the Three Basic Protocols. Until the vendorsto treat debugging interfaces as a full-term attack on apar with network ports, the soldering iron will be one of theMost effective access tools. Try to open the router nearbytest environment and find UART - we argue, it is there.
