On modern IoT and embedded devices, low-level phsyical attacks are some of the most effective attacks against these platforms because they lack countermeasures. Increasingly, the tool of choice for performing such attacks are Field Programmable Gate arrays (FPGAs). In particular FPGAs make it possible to do things that are not possible wuth test and measurement equipment or devices such as microcontrollers. FPGAs offer full flexibility in implementing low level interfaces to hardware targets.
Students who take this course, will recieve a discount code that can be applied to the "Hardware Hacking and Instrumentation with FPGAs" course.
The course is ideally suited for both hardware engineers and software engineers who wish to better undrestand FPGAs and their uses and who have little or no experience working with FPGAs. This training utilizes low-cost Lattice FPGAs that support an Open-Source workflow and drastically reduce compilation times. As a result, these platforms can be easily used to build specialized USB devices to sniff, analyze and process other protocols in real time. Students will be familiarized with the concepts of hardware analysis and have a first-hand chance to build and instrument the analysis of hardware targets using FPGAs.
As such there are no specific prerequisites for this course beyond a basic programming background. Students will be provided sufficient background and templates for the python scripting language to successfully complete the assignments. All the aspects of hardware design (FPGA development, RTL design, Verilog HDL as well as simulation and functional verification) will be covered in the course. Each day will feature one CTF (capture the flag) style assignment that will take approximately the entire day for students to solve. Each assignment will cover one common flaw that can be found in real-world hardware implementations.
Students should bring a notebook capable of running VMware Fusion, VMware Workstation or the free VMware Player.
- FPGA Bring-up
- Combinatorial and Sequential Logic
- Lattice Open Source Tool Chain
- JTAG, FPGA Implementations
- HDL Development
- Core Generation
- Serial Protocols
- Logic Simulation
- Debugging Logic on the FPGA
- Recommended literature
- Machine-To-Machine Communication
- Logic 101
- Sequential & combinatorial logic
- Finite State machines (FSM)
- Logical functions & arithmetic computation
- Logic optimization
Hardware Logic Implementation
- Electronics 101
- ASICs, TTL-Logic
- FPGAs, CPLDs
- Hard vs. Soft Macros
FPGA/ASIC Development Workflow
- Behavioral simulation
- Place and Route
- Timing simulation
- Design constraints
- Best practices
- Safety and electronics
In addition to the theory, the first day focuses on the basics of logic design, Verilog and FPGAs. Students will have the opportunity to apply much of the thoery in practice by implementing small hands-on assingments to highlight aspects of working with FPGAs.
- Students will compile a basic project for the FPGA.
- Students will implement a loop back for the integrated FTDI interface.
- Next, students will define additional I/O and physically attach a jumper to loop back the communications.
- Finally, students will implement some combinatorial logic to turn on an LED when two buttons are pressed.
- Compute the default clock frequency of the FPGA.
- Calculate how many cycles of delay are required to toggle the LED at a certain frequency (i.e. every second)
- Implement a counter to toggle the LED and run the design.
- Calculate a new delay value if the logic were to run at a higher clock rate.
- Calculate the clock frequency factor necessary for the board to run at this frequency.
- Instantiate a
PLLto run the FPGA at a higher frequency than what is provided by the board.
- Test the sequential logic from Assignment 2.
UART TXin Verilog
- Implement a UART TX on the board that always sends ASCII A's (
UART TXin Verilog
UART RXin Verilog
Day 2 will focus on Real World applications for FPGAs. First students will bring up a full UART tranciever on the FPGA to be able to communicated from the host PC to the FPGA and back. This will also highlight limitations that such interfaces can have, namely the need to buffer the data. Next students will implement a protocol decode capable of decoding the propreitary SDQ protocol used in Apple devices.
- Insantiate a UART RX to decode data from the host PC
- Toggle an LED whenever ASCII A is recieved (
- Insantiate a UART TX to send the decoded data back to the host PC
- Try sending a data buffer over to the board using python3
- Every second byte will get lost
- Implement a
FIFOto buffer the data.
- Build a protocol convertor capable of sniffing the iPhone lightning interface
- Build an
- Build an
- Implement biderectional
UART <> FIFO <> SDQcommunications
- Handle the high-level communications in
After the introduction to FPGAs, the design workflow and the tooling, students will get the opportunity to solve practical CTF style assignmnets. Each assignment takes approximately 4-6 hours to complete.
Participants should have some familiarity with scripting languages, i.e. Python. This course is suitable for people that are new to hardware security and electronics. All the theory and concepts related to electronics, HDL and debugging will be explained during course.
A notebook capable of running a VMware image.
VMware Player, VMware Workstation, VMware Fusion or Virtualbox.
Please ensure that your virtualization solution supports USB in the Virtual Machine.