Hardware Security Resources
Here are some whitepapers and blogpapers that should help you get started/learn more about hardware security. I’ve divided the page into divisions for easier viewing.
I’ll keep adding to the list when I remember any other sites/papers that I refer to. Please let me know of any mistakes/suggestions down in the comments!
Blogs/Websites
Whitepapers/Required reading
General hardware reverse engineering/ attacks
Joe Grand’s talk on Tools of the Hardware Hacking Trade
Craig Heffner’s blogpost on identifying and using serial ports
Reverse engineering a DTV converter
Joe Grand: Current state of hardware hacking
LayerOne talk on hardware reverse engineering [Check the other parts too]
HW RE course at Rensselaer Polytechnic Institute. Course Material
A collection of posts by CyberGibbons on wireless burglar alarms[CyberGibbons]
Hardware hacking for software people – Stephen Ridley
Using Shikra for UART/JTAG debugging
Breaking a Fingerprint protected HD
Breaking a Fingerprint protected USB
Bluetooth Low Energy
Bluetooth: With Low Energy Comes Low Security
Bypassing Passkey Authentication in Bluetooth Low Energy
NIST document on Bluetooth security
Understanding BLE advertisement packets
Understanding BLE advertising packets
Reverse engineering a BLE bulb
Bluetooth 2.0/3.0
NIST document on bluetooth security
Security Weaknesses in Bluetooth
Sniffing Bluetooth using Ubertooth by Dominic Spill
Side channel attacks
Side Channel Attacks [Good intro to SCA]
Improved Higher-Order Side-Channel Attacks with FPGA Experiments
Power Analysis for Cheapskates – Colin O’Flynn
Video for the above talk: https://www.youtube.com/watch?v=i27NiVuWmhE
ChipWhisperer documentation/ Good info on SCA
Glitching/Fault Injection
Intro to Fault Injection attacks
Writeup of how the PS3 hypervisor was attacked using glitching
Low Cost Attacks on Tamper Resistant Devices
The Sorcerer’s Apprentice Guide to Fault Attacks
Fault attacks on secure chips: from glitch to flash
Practical Analysis of Embedded Microcontrollers against Clock Glitching Attacks
Practical Attacks against the MSP430 BSL
Fault injection attacks and defences
Security Failures in Secure Devices
Firmware analysis
DLINK DIR980L Firmware reversal
Reversing DLINK WPS PIN algorithm
RFID/NFC
RFID Security: Attacks, Countermeasures and Challenges
Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones
RF Hackery
Good writeup on RF security in general
KillerBee Zigbee attack framework
Penetration of ZigBee-based wireless sensor networks
Ghost-in-the-Wireless: Energy Depletion Attack on ZigBee
Decoding Train Announcement Boards
Deciphering mystery signals from a helicopter
Decoding radio controlled bus stop displays
OpenSesame attack on garage door openers
Hacking a Lego Car using HackRF
GSM/UMTS
GSM sniffing [CCC talk by Karsten Nohl]
A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications
Privacy through Pseudonymity in Mobile Telephony Systems
Location leaks on the GSM air interface
Automotive security
Charlie Miller/Chris Valasek comprehensive paper on automotive security
Good writeup on CAN bus packets
Hacking into a Vehicle CAN bus (Toyothack and SocketCAN)
Books to read:
Hacking the XBox by Andrew “bunnie” Huang
http://www.amazon.com/Introduction-Hardware-Security-Mohammad-Tehranipoor/dp/1441980792
http://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X/ [Good section on hardware hacking]