Hacking Hardware with a $10 SD Card Reader

Presented at Black Hat USA 2017, July 26, 2017, 1:30 p.m. (50 minutes)

Dumping firmware from hardware, utilizing a non-eMMC flash storage device, can be a daunting task with expensive programmers required, 15+ wires to solder (or a pricey socket), and dumps that contain extra data to allow for error correction. With the growing widespread use of eMMC flash storage, the process can be simplified to 5 wires and a cheap SD card reader/writer allowing for direct access to the filesystem within flash in an interface similar to that of using an SD card.

In this presentation, we will be showing attendees how to identify eMMC flash storage chips, how to reverse engineer the in circuit pinouts, and how to dump or modify the data within. We will be showcasing the tips and tricks to properly reverse engineer hardware containing eMMC flash storage (without bricking) along with a clear explanation of the process from identification to programming. The presentation will then finish with a demonstration of the process along with a number of free SD to eMMC breakouts for attendees.

Presenters:

• Khoa Hoang / Maximus64 - Student,     as Khoa Hoang
  Khoa Hoang (@maximus64_) is an undergraduate student at the University of Central Florida. Khoa enjoys a hardware based approach in researching embedded devices and is a master of the soldering iron. Khoa has disclosed numerous vulnerabilities in various set-top boxes and other "smart" devices to multiple vendors. He is currently listed on various "Security Hall of Fame" pages for successful bug bounty submissions including AT&T, Samsung and Roku.
• CJ Heres / CJ_000 - Cyber & Information Security Researcher, Draper Laboratory   as CJ Heres
  CJ Heres (@cj_000) is a researcher in the Cyber and Information Security directorate at Draper Laboratory and also a member of Exploitee.rs. CJ has been involved in the release and responsible disclosure of vulnerabilities in a number of devices including TV's, media players, and refrigerators. CJ has presented at multiple DEF CON's and believes that a simple approach is often the most elegant solution.
• Amir Etemadieh / Zenofex - Senior Research Scientist, Cylance   as Amir Etemadieh
  Amir Etemadieh (@Zenofex) is a senior research scientist at Cylance. Amir founded the research group, Exploitee.rs, which has released exploits for over 45 devices including the Amazon FireTV, Roku Media Player, and the Google Chromecast. Amir is also a member of Austin Hackers and has spoken at a number of security conferences including DEF CON, B-Sides Austin, and InfoSec Southwest.

Links:

• https://www.blackhat.com/us-17/briefings/schedule/#hacking-hardware-with-a-10-sd-card-reader-6753
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Hacking Hardware with a $10 SD Card Reader.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Hacking Hardware with a $10 SD Card Reader.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Hacking Hardware with a $10 SD Card Reader.en.transcribed.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Hacking Hardware with a $10 SD Card Reader.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=6ofPbclXuZQ
• https://www.blackhat.com/docs/us-17/wednesday/us-17-Etemadieh-Hacking-Hardware-With-A-$10-SD-Card-Reader.pdf
• https://www.blackhat.com/docs/us-17/wednesday/us-17-Etemadieh-Hacking-Hardware-With-A-$10-SD-Card-Reader-wp.pdf

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Hardware Slashing, Smashing, and Reconstructing for Root access
• Black Hat Asia 2018 / eMMC & UFS: Security, Vulnerabilities, Rootkits
• 30C3 (2013) / The Exploration and Exploitation of an SD Memory Card: by xobs & bunnie