What do you get with Print?

Instant access to your digital eBook copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Key benefits

Explore various pentesting tools and techniques to secure your hardware infrastructure

Protect your hardware by finding potential entry points like glitches

Find the best practices for securely designing your products

Description

If you’re looking for hands-on introduction to pentesting that delivers, then Practical Hardware Pentesting is for you. This book will help you plan attacks, hack your embedded devices, and secure the hardware infrastructure. Throughout the book, you will see how a specific device works, explore the functional and security aspects, and learn how a system senses and communicates with the outside world. You’ll set up a lab from scratch and then gradually work towards an advanced hardware lab—but you’ll still be able to follow along with a basic setup. As you progress, you’ll get to grips with the global architecture of an embedded system and sniff on-board traffic, learn how to identify and formalize threats to the embedded system, and understand its relationship with its ecosystem. You’ll discover how to analyze your hardware and locate its possible system vulnerabilities before going on to explore firmware dumping, analysis, and exploitation. The reverse engineering chapter will get you thinking from an attacker point of view; you’ll understand how devices are attacked, how they are compromised, and how you can harden a device against the most common hardware attack vectors. By the end of this book, you will be well-versed with security best practices and understand how they can be implemented to secure your hardware.

Who is this book for?

If you’re a researcher or a security professional who wants a comprehensive introduction into hardware security assessment, then this book is for you. Electrical engineers who want to understand the vulnerabilities of their devices and design them with security in mind will also find this book useful. You won’t need any prior knowledge with hardware pentensting before you get started; everything you need is in the chapters.

What you will learn

Perform an embedded system test and identify security critical functionalities

Locate critical security components and buses and learn how to attack them Discover how to dump and modify stored information

Understand and exploit the relationship between the firmware and hardware

Identify and attack the security functions supported by the functional blocks of the device

Develop an attack lab to support advanced device analysis and attacks

What do you get with Print?

Instant access to your digital eBook copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

AI Assistant (beta) to help accelerate your learning

Frequently bought together

Mex$1128.99

Mex$1128.99

Mex$1128.99

Total Mex$ 3,386.97

Customer reviews

Rating distribution

4.8

(5 Ratings)

5 star 80%

4 star 20%

3 star 0%

2 star 0%

1 star 0%

Neeraj Apr 16, 2021

Writing the review after goning through the book in detail and also done a technical review while the book was being written. With my experience in the hadware pentest focus area, I believe this book is unique and one of it's kind for pentesters, professionals and students who are intrested in learnign and advancing their skills in the area of hardware security. Most of the market leaders/OEMs/Asset Owners are now asking for hardware pentest for their embedded/IoT products and this book covers great length and breadth of any hardware device such as thier architecture, protocols used, attack surface, pentest tools and techniques to be used, etc. The author has worked hard and given very detailed information around setting up the hardware pentesting lab and how to choose right pentest tools and attack techniques for vulnerability exploitation. This title also covers variety of practical aspects and use cases of real time hardware pentesting such as UART/JTAG exploitation, BLE/SDR exploitation, Static and Dynamic Reverse Engineering, etc. Overall the book justifies it's title "practical" with tons of practical scenarios, labs and exercises and definently recommend to folks interested in learning/advancing their hadrware security skills.

Amazon Verified review

Ryan S. Jun 28, 2021

Practical Hardware Pentesting is written very well for those getting started with hardware hacking. Jean-Georges Valle takes a good step by step approach to helping hackers get setup and experimenting with various aspects of hardware. Throughout the book are good suggestions for tools and approaches.

Amazon Verified review

Tiny Aug 29, 2022

Normally, I’m a strictly software guy, I know how the hardware works but don’t spend all that much time on it. However, “Practical Hardware Pentesting” Packt, by Jean-Georges Valle is a great reference and introduction to this complicated area. If once the cover comes off, you are lost, this will rebuild your basic references, tell you where to find additional information, and guide you all the way through reengineering a design for your home lab. The first section deals with setup and practical tips, the second suggests networking and interface techniques to break the hardware, and the final section links that to other tools to finish the exploitation. The first section provides a valuable refresher in what the various parts of the hardware do, if you were a little behind, and then building an appropriate setup to dive into solutions. Valle suggests all the appropriate tools, buying at different price ranges for the amateur beginner, and professional, and then suggests the pros and cons for different brands of devices. As a former intelligence professional for the Air Force, the sections on planning for the target were as good as gospel. If you haven’t done a lot of pentesting, knowing the basics of target exploitation goes a long way towards achieving a successful pen test. Almost as entertaining is the choice to use a Furby for the penetration test example subject. The middle section also is filled with gold in conducting a pen test. Each type of approach for networking, as well as the tools are covered in exhaustive detail. The code segments to drive the hardware, the interaction of the machinery, and the expected results appear at every step. The section covers how to find the memory, how to extract the memory and then the challenges associated with converting it to a usable format to find vulnerabilities. I love the references back to Wireshark, which I have used extensively with multiple tasks. He rounds this out by building on common networking interfaces and then expanding to cover Software Defined Radio interfaces. Finally, the last section covers the software interactions to hardware as well as building an effective report for your customer. Building a report seems small, but if you can’t communicate where the vulnerabilities are, what they effect, and potential fixes than you are leaving your customer in the dark. The sections on static versus dynamic analysis are invaluable from a security perspective as well as pen testing for discovering how the vulnerabilities are being executed, and their interaction with the overall system. If there was one area that was lacking, it was some of the build process for breadboarding. There are multiple diagrams and suggestions included, and architectural diagrams but my own skills in this area are lacking which probably made it more difficult for me. If I had spent a little more time with wiring and soldering tools, I probably would have been fine. Still, a chapter on the various breadboard approaches would have been useful for me. Overall, a truly excellent work. The reference sections are solid, the pen testing approaches valuable, and the whole book exceptional. Valle also recommends cheap practice by going to local flea markets and buying technological devices to crack. One of those last wishes for me would have been taking a class much earlier in my career just based on this approach to break into various devices. I’d recommend this for anyone either doing current pen testing, or hoping to break into that areas.

Amazon Verified review

Daniel May 11, 2021

The art of hardware hacking is about getting from hardware to software as quickly as possible. Unlike other aspects of computer security, such as software-based assessments, with hardware, you end up feeling overwhelmed with the sheer vastness of available components and implementations. This book takes the reader through setting up a lab that will not cost the earth and more importantly, introduces a methodology one can take to not be overwhelmed with the task at hand.Well recommended to anyone new to hardware hacking

Amazon Verified review

Cassadee Aug 30, 2021

Practical Hardware Pentesting by Jean-Georges Valle provides a thorough introduction to understanding and hacking common electronic devices and the associated protocols that run on those devices. Its target audience is mainly security researchers who want to learn how to get started with hardware security assessments, electrical engineers who create electronic devices, and hardware hobbyists. The book is divided into three sections: Getting to Know the Hardware, Attacking the Hardware, and Attacking the Software. You’ll get a hands-on approach to hardware hacking as you’ll use specific hardware devices to perform the lab exercises, even for three of the chapters in the software section.Section 1 includes a good overview of all of the tools one needs to set up their own pen testing lab. *Spoiler Alert* A lab is estimated to cost anywhere between <500€ for a beginner lab to ~8,000€ for a professional lab. Fortunately, to perform most of the exercises in the book, you won’t need a dedicated lab.Section 1 also gives a basic overview of all of the components that make up an embedded system and how to identify and analyze those components. The author uses a Furby as an example for identifying and diagramming system components. Note, for those who are on a budget, the Furbies I found listed on eBay and Amazon cost over $100 each. Lastly, Section 1 discusses how to approach a hardware pentest; it reviews the various types of pentests, the goals of a hardware pentest, and one test methodology.Section 2 is the heart of the book that delivers what I would expect from a book about hardware pentesting. This section begins with an overview to the STM32 bluepill board, which will be used in several exercises throughout the book. It also gives a brief review of the C programming language before delving into discussions of several common hardware chips, including the protocols that run on those chips, and the various logical and physical layers within those chips. While I think these discussions are a good primer into understanding any of these chips, the author assumes that the reader already has some knowledge of the common pieces that make up these chips, such as how a chip’s clock works, or how signals work on these devices. Regardless, there are many detailed walkthroughs on how to connect and hack these devices. There are also very good supplemental materials provided on the book’s GitHub repo and YouTube page that help guide the reader through completing the exercises. Section 2 also demonstrates how to sniff and attack wireless protocols such as bluetooth, WiFi, and radio signals. For the enthusiastic reader, there are even links provided that instruct on how to build your own radio.Section 3 teaches the reader how to perform static and dynamic reverse engineering on some of the chips that were used in previous exercises in the book. It also contains a nice introduction to Ghidra, and has several examples for reversing binaries found on embedded systems. This section concludes with how to rate vulnerabilities you found during a pentest and how to discuss and report those vulnerabilities to a client.I only gave this book a four star review instead of five because of the multiple Furby examples, where a more current or “cheaper” children’s toy could have been used. Furthermore, the preface of the book states you only need a Linux OS, a bluepill board (STM32F103), Ghidra 9.2+, GCC 9+, and OpenOCD 9+. However, this is not true as to follow along with the exercises in Chapters 6 through 12, you’ll need several chips, boards, and other peripherals. I spent a bit over $100 just to complete the exercises in Chapter 6 alone. The book does not provide much guidance on where to find some of these components either (beyond “auction,” or “second-hand” sites). I understand that they don’t want to give free advertising or endorsements for non-affiliated sites, but a few of these pieces were not easy to find (as Google, eBay, and Amazon searches were not always helpful) without talking to someone who had prior knowledge of where to purchase the components.In conclusion, I enjoyed this book and learned a lot from it. The exercises were interesting and informative and the author presented the material in a straightforward manner with even a small bit of humor scattered within the book. All of the software required to complete the exercises in the book is open source and free, which is much appreciated. Practical Hardware Pentesting is a great introduction to hardware hacking and reverse engineering, and also serves as a wonderful reference to these topics.

Amazon Verified review

FAQs

What is the delivery time and cost of print book?

Shipping Details

USA:

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.

Unfortunately, due to several restrictions, we are unable to ship to the following countries:

Afghanistan
American Samoa
Belarus
Brunei Darussalam
Central African Republic
The Democratic Republic of Congo
Eritrea
Guinea-bissau
Iran
Lebanon
Libiya Arab Jamahriya
Somalia
Sudan
Russian Federation
Syrian Arab Republic
Ukraine
Venezuela

What is custom duty/charge?

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order?

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges?

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.

How can I cancel my order?

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy?

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged?

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use?

You can pay with the following card types:

Visa Debit
Visa Credit
MasterCard
PayPal

What is the delivery time and cost of print books?

Shipping Details

USA:

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Unfortunately, due to several restrictions, we are unable to ship to the following countries:

Afghanistan
American Samoa
Belarus
Brunei Darussalam
Central African Republic
The Democratic Republic of Congo
Eritrea
Guinea-bissau
Iran
Lebanon
Libiya Arab Jamahriya
Somalia
Sudan
Russian Federation
Syrian Arab Republic
Ukraine
Venezuela

Practical Hardware Pentesting: A guide to attacking embedded systems and protecting them against the most common hardware attacks

What do you get with Print?