You're reading from Practical Hardware Pentesting A guide to attacking embedded systems and protecting them against the most common hardware attacks

Product type Paperback

Published in Apr 2021

Publisher Packt

ISBN-13 9781789619133

Length 382 pages

Edition 1st Edition

Tools

Embedded Systems

Concepts

Embedded Systems

Author (1):

Jean-Georges Valle

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: Getting to Know the Hardware

2. Chapter 1: Setting Up Your Pentesting Lab and Ensuring Lab Safety FREE CHAPTER

3. Chapter 2: Understanding Your Target

4. Chapter 3: Identifying the Components of Your Target

5. Chapter 4: Approaching and Planning the Test

6. Section 2: Attacking the Hardware

7. Chapter 5: Our Main Attack Platform

8. Chapter 6: Sniffing and Attacking the Most Common Protocols

9. Chapter 7: Extracting and Manipulating Onboard Storage

10. Chapter 8: Attacking Wi-Fi, Bluetooth, and BLE

11. Chapter 9: Software-Defined Radio Attacks

12. Section 3: Attacking the Software

13. Chapter 10: Accessing the Debug Interfaces

14. Chapter 11: Static Reverse Engineering and Analysis

15. Chapter 12: Dynamic Reverse Engineering

16. Chapter 13: Scoring and Reporting Your Vulnerabilities

17. Chapter 14: Wrapping It Up – Mitigations and Good Practices

18. Assessments

19. Other Books You May Enjoy

The component pantry

You will need a component pantry—by that, I mean that you will need at least an assortment of common resistors, capacitors, transistors, and voltage regulators always at hand. More often than not, you will find yourself in need of a jellybean component and will actually gain a lot of time by just having it available.

The pantry itself

Buy some of those drawer cabinets commonly sold to people that are making jewelry or doing any other hobby involving a lot of small pieces. Buy enough of them so that you can sort easily the (quite large) number of parts you will end up storing. Start by buying two to three of them; that will cover you for a few years. They are not really expensive and are really worth it.

I would advise labeling the drawers as quickly as possible and finding an organization system that suits you. For example, I have a column for through-hole resistors; another for surface mount; some drawers for capacitors; some for coils; and a column dedicated to silicon (diodes, transistors, voltage regulators, electrically erasable programmable read-only memory (EEPROM) , and others)

I also have a lot of custom shelves made out of cheap medium-density fiberboard (MDF) planks and brackets just screwed in the wall. There, I keep labeled boxes with development kits, instruments, a lot of electronic waste for cannibalization, instruments I rarely use, and others.

The stock

To start, I would advise keeping the following in stock:

A collection of common resistors (buy some cheap E12 resistor kit on eBay) in through-hole (THT) and surface mount (SMT— a lot in 0805 and a few in 0402).
A (small) collection of chemical and ceramic capacitor in common values (a few in the picofarad range: 0.1µ, 10µ, 47µ mainly, and a few big ones for power decoupling). For the packages, same thing as the resistors: a mix of through-hole and surface mount.
A few power (1N4004) and signal (1N4118) diodes. A few Zener diodes for common voltage levels won't hurt (5, 3.3, 2.5, 1.8, 1.2). Zener diodes are designed to let current flow at a given voltage level, allowing you to protect circuitry against voltage spikes or to use them as a crude voltage conversion.
At least a dozen fixed voltage regulators for the common voltages (5, 3.3, 2.5, 1.8, 1.2) and a few beefy adjustable ones (LM317 in a TO-220 package is very, very useful).
Some standard transistors (both Field Effect Transistors (FETs) and Bipolar Junction Transistors (BJT), again in a mix).
A few salvaged power supplies that can provide you with 24, 12, and 5 V (the powerful USB chargers that come with modern phones will give out a nice stable 5 V with decent amperage, are plentiful). Power supplies are very common e-waste and you can usually score a dozen for a small bill in any flea market... keeping them useful and out of the waste pile is both good for your wallet and the planet.

To keep my stock filled and enrich it, my strategy is to always order 10-15% more than I need in projects, just to cover the usage and not to have to follow individual component use (1 minute of your time is worth more money that the few fractions of cent a resistor costs).

Now, you should really play around with the components in your stock, learn about them, and make a few classical circuits to learn how they work and what they are actually doing, since keeping things you don't know how to use just for the sake of hoarding wouldn't make much sense, would it?

Now that we have looked at our instruments and components, let's have a look at a possible evolution path for your lab.