Presented at REcon 2010
July 11, 2010, 1 p.m.
Before exploiting any system, it is necessary to have tools--debuggers, disassemblers, emulators, packet sniffers, and bus adapters--for the job. In low-power embedded systems, implementing the victim protocols is often more difficult than implementing an attack, as a researcher often finds himself to be the very first person to work on a given platform. This lecture concerns the rapid development of tools for exploiting and reversing embedded systems, centered around the concrete example of the GoodFET project. Examples include a voltage glitcher with nanosecond resolution, a radio driver that operates through a hardware debugger, and all the components necessary for reading, writing, debugging, sniffing, and injecting battery-powered devices. The author will bring tools and targets to the conference for those that are interested in trying these techniques out first-hand.
Travis Goodspeed is a neighborly engineer of Tennessee-shaped, electronic belt buckles from Southern Appalachia. He hacks 8-bit and 16-bit embedded systems, particularly those used in ZigBee and the Smart Grid. He started the GoodFET, an open source programmer and debugger for MSP430, AVR, PIC, Chipcon, ARM7, SPI Flash, and other chips. It also packet sniffs ZigBee and ANT radio packets when so inclined.