Hardware hacking 101: There is plenty of room at the bottom

A1 | Wed 23 Jan | 3:50 p.m.–4:35 p.m.


Presented by

  • Federico Lucifredi
    @0xf2
    http://f2.svbtle.com

    Product Management Director for Ceph Storage at Red Hat, formerly the Ubuntu Server PM at Canonical, and the Linux "Systems Management Czar" at SUSE. A co-author of O'Reilly's popular "AWS System Administration" title, and a graduate of Harvard University, Federico maintains the man(1) suite, the primary documentation-delivery tool under Linux and macOS. A frequent speaker at user group and conference events, notably the Linux Foundation's Open Source Summit, SCALE, the OpenStack Summit, LinuxWorld, and the O'Reilly Open Source Convention, he is a recognized expert in computing performance issues, and authors the "Performance Tuning Dojo" column on system tuning for Admin Magazine.

Abstract

This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we? In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects. I will review the hardware, its capabilities, how to breach its security, and how to enable it with top-class network configuration at boot-up, on nearly any network. I will then show how to build and install additional software and customize the device, using shell script and Perl, for workloads that fit its minute size and low power requirements. Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures. We close the session with a review of similar exploits against hard drive controllers. There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects. Use your newfound knowledge for good, with great power comes great responsibility!