Hackfest 2024 - 16-bit Edition

Hardware Hacking for Everyone
10-12, 09:00–12:00 (America/New_York), Track 3 (205c)
Language: English

“I’m not a hardware person” is the number one sentence we get when telling people we have a hardware workshop on the menu! But guess what? This workshop is beginner friendly, with enough meat to satisfy the hungry experts.

If you are curious and are into CTF (capture the flag) events, this session might turn out to be a fun and insightful ride for you to learn something new. Let’s get hands on how hardware security works, or doesn’t, with flash memory and cryptographic coprocessors chips.


This workshop will use CTF challenges and electronic devices that will be provided to you for the duration of the session. Challenges are accessible through a console interface and don't require any special hardware devices.

All you need is a laptop, an USB C cable and the desire to learn and hack!

For those already advanced in that realm, we’ll go over a W25Q64JV and an ATECC608B using an ESP32, with some quirks and features that you can’t actually find easily online.

If you’re curious and just want to watch and learn, that’s fine too. We’ll go over concepts around content that was exclusively researched and developed for the CTF challenges.

By the end of this workshop, you should be able to understand how some electronic components work and what weaknesses can lead them to be hacked.

Come join us, you’ll see, hardware is really not that hard!

Outline

Introduction (15mins)
- What are ESP32 microcontrollers
- What is GPIO (and some protocol like SPI / I2C)
- What are flash memory and crypto devices used

Questions (15mins)

Hands-on start (30mins)
- Connecting to USB serial port
- Issuing command to the microcontroller

Break + Help (15mins)

Hands-on CTF Challenges

Serial Flash Memory (30mins)
+ Help and Solutions

Crypto authentication device (30mins)
+ Help and Solutions

Closing discussion (15mins)


Are you releasing a tool? – no

Jonathan is part of NorthSec as a CTF challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20+ years of experience in Information Technology and Security.