Presented at
DEF CON 33 (2025),
Aug. 10, 2025, 9 a.m.
(240 minutes).
EMMC is a common flash memory format for more complex embedded devices and the Ball Grid Array (BGA) is a popular format for EMMC modules. BGA modules can be intimidating to hardware hackers since the pins are not exposed and are instead underneath the chip. This workshop will demonstrate and allow you to practice removing EMMC modules from an inexpensive circuit board using flux and a hot air station. The module will contain a Linux operating system and a Raspberry Pi. Workshop participants will learn how to image the removed EMMC. Mount and change the Linux filesystem in order to backdoor the image and gain access, and then learn how to copy the image to a new EMMC. Participants will then learn how to attach the module to a BGA carrier board with hot air.
A basic understanding of soldering is all that is required to be successful in this workshop. An understanding of the Linux filesystem is also helpful, but not required. We will have step by step instructions and will also have a small prize for the participant who comes up with and demonstrates the most clever Linux backdoor on their Raspberry Pi.
At the end of this workshop, participants will have an understanding of:
How to remove, clean and image BGA modules
Basics of offline Linux filesystem hacking
How to image and reattach BGA EMMC modules
Presenters:
-
Patrick "Gigstorm" Kiley
- Principal Red-Team Consultant at Mandiant/Google
Patricck is a Principal Red Team Consultant at Mandiant with over 20 years of information security experience working with both US Govt and private sector employers. Patrick has spoken at DEF CON, BlackHat, Bsides and RSA. Patrick can usually be found in the Car Hacking or Aerospace village where he volunteered for several years. His passion is embedded systems security and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
Similar Presentations: