Practical Hardware Pentesting: A guide to attacking embedded systems and protecting them against the most common hardware attacks

Normally, I’m a strictly software guy, I know how the hardware works but don’t spend all that much time on it. However, “Practical Hardware Pentesting” Packt, by Jean-Georges Valle is a great reference and introduction to this complicated area. If once the cover comes off, you are lost, this will rebuild your basic references, tell you where to find additional information, and guide you all the way through reengineering a design for your home lab. The first section deals with setup and practical tips, the second suggests networking and interface techniques to break the hardware, and the final section links that to other tools to finish the exploitation. The first section provides a valuable refresher in what the various parts of the hardware do, if you were a little behind, and then building an appropriate setup to dive into solutions. Valle suggests all the appropriate tools, buying at different price ranges for the amateur beginner, and professional, and then suggests the pros and cons for different brands of devices. As a former intelligence professional for the Air Force, the sections on planning for the target were as good as gospel. If you haven’t done a lot of pentesting, knowing the basics of target exploitation goes a long way towards achieving a successful pen test. Almost as entertaining is the choice to use a Furby for the penetration test example subject. The middle section also is filled with gold in conducting a pen test. Each type of approach for networking, as well as the tools are covered in exhaustive detail. The code segments to drive the hardware, the interaction of the machinery, and the expected results appear at every step. The section covers how to find the memory, how to extract the memory and then the challenges associated with converting it to a usable format to find vulnerabilities. I love the references back to Wireshark, which I have used extensively with multiple tasks. He rounds this out by building on common networking interfaces and then expanding to cover Software Defined Radio interfaces. Finally, the last section covers the software interactions to hardware as well as building an effective report for your customer. Building a report seems small, but if you can’t communicate where the vulnerabilities are, what they effect, and potential fixes than you are leaving your customer in the dark. The sections on static versus dynamic analysis are invaluable from a security perspective as well as pen testing for discovering how the vulnerabilities are being executed, and their interaction with the overall system. If there was one area that was lacking, it was some of the build process for breadboarding. There are multiple diagrams and suggestions included, and architectural diagrams but my own skills in this area are lacking which probably made it more difficult for me. If I had spent a little more time with wiring and soldering tools, I probably would have been fine. Still, a chapter on the various breadboard approaches would have been useful for me. Overall, a truly excellent work. The reference sections are solid, the pen testing approaches valuable, and the whole book exceptional. Valle also recommends cheap practice by going to local flea markets and buying technological devices to crack. One of those last wishes for me would have been taking a class much earlier in my career just based on this approach to break into various devices. I’d recommend this for anyone either doing current pen testing, or hoping to break into that areas.

Practical Hardware Pentesting is written very well for those getting started with hardware hacking. Jean-Georges Valle takes a good step by step approach to helping hackers get setup and experimenting with various aspects of hardware. Throughout the book are good suggestions for tools and approaches.

Practical Hardware Pentesting by Jean-Georges Valle provides a thorough introduction to understanding and hacking common electronic devices and the associated protocols that run on those devices. Its target audience is mainly security researchers who want to learn how to get started with hardware security assessments, electrical engineers who create electronic devices, and hardware hobbyists. The book is divided into three sections: Getting to Know the Hardware, Attacking the Hardware, and Attacking the Software. You’ll get a hands-on approach to hardware hacking as you’ll use specific hardware devices to perform the lab exercises, even for three of the chapters in the software section.Section 1 includes a good overview of all of the tools one needs to set up their own pen testing lab. *Spoiler Alert* A lab is estimated to cost anywhere between <500€ for a beginner lab to ~8,000€ for a professional lab. Fortunately, to perform most of the exercises in the book, you won’t need a dedicated lab.Section 1 also gives a basic overview of all of the components that make up an embedded system and how to identify and analyze those components. The author uses a Furby as an example for identifying and diagramming system components. Note, for those who are on a budget, the Furbies I found listed on eBay and Amazon cost over $100 each. Lastly, Section 1 discusses how to approach a hardware pentest; it reviews the various types of pentests, the goals of a hardware pentest, and one test methodology.Section 2 is the heart of the book that delivers what I would expect from a book about hardware pentesting. This section begins with an overview to the STM32 bluepill board, which will be used in several exercises throughout the book. It also gives a brief review of the C programming language before delving into discussions of several common hardware chips, including the protocols that run on those chips, and the various logical and physical layers within those chips. While I think these discussions are a good primer into understanding any of these chips, the author assumes that the reader already has some knowledge of the common pieces that make up these chips, such as how a chip’s clock works, or how signals work on these devices. Regardless, there are many detailed walkthroughs on how to connect and hack these devices. There are also very good supplemental materials provided on the book’s GitHub repo and YouTube page that help guide the reader through completing the exercises. Section 2 also demonstrates how to sniff and attack wireless protocols such as bluetooth, WiFi, and radio signals. For the enthusiastic reader, there are even links provided that instruct on how to build your own radio.Section 3 teaches the reader how to perform static and dynamic reverse engineering on some of the chips that were used in previous exercises in the book. It also contains a nice introduction to Ghidra, and has several examples for reversing binaries found on embedded systems. This section concludes with how to rate vulnerabilities you found during a pentest and how to discuss and report those vulnerabilities to a client.I only gave this book a four star review instead of five because of the multiple Furby examples, where a more current or “cheaper” children’s toy could have been used. Furthermore, the preface of the book states you only need a Linux OS, a bluepill board (STM32F103), Ghidra 9.2+, GCC 9+, and OpenOCD 9+. However, this is not true as to follow along with the exercises in Chapters 6 through 12, you’ll need several chips, boards, and other peripherals. I spent a bit over $100 just to complete the exercises in Chapter 6 alone. The book does not provide much guidance on where to find some of these components either (beyond “auction,” or “second-hand” sites). I understand that they don’t want to give free advertising or endorsements for non-affiliated sites, but a few of these pieces were not easy to find (as Google, eBay, and Amazon searches were not always helpful) without talking to someone who had prior knowledge of where to purchase the components.In conclusion, I enjoyed this book and learned a lot from it. The exercises were interesting and informative and the author presented the material in a straightforward manner with even a small bit of humor scattered within the book. All of the software required to complete the exercises in the book is open source and free, which is much appreciated. Practical Hardware Pentesting is a great introduction to hardware hacking and reverse engineering, and also serves as a wonderful reference to these topics.

This book is a must have for anyone who wants to start dive into hardware pentesting. As a junior in that field, in my opinion , at this time, is the best one available.