.d-none.d-md-block.col-md.col-12.gbi-891754768-tW22Dxsq1UkiLpbxtQbsNN:before { opacity: 1; background-image: url('/static/a01eaa9ef5cc1f6853b3be39ca75ccb6/2f1b1/typing-code.jpg'); }

Hardware Hacking with FPGAs

Learn how to instrument hardware from python and attack and analyze other hardware targets using Xilinx 7-series FPGAs.

Training starting at

$1,800.00

with one of our subscriptions

Language

English

Remote hardware is available for this course if you cannot obtain the optional hardware. Please contact our chat at least 72 hours before the beginning of the course to reserve your remote hardware.

This course is ideally suited for both hardware engineers who wish to better understand potential security issues that may exist in hardware implementations and software security engineers who may lack experience in analyzing hardware and embedded systems. The training teaches participants a unique hybrid hardware/software workflow that is extremely effective for identifying security issues in hardware, embedded devices, automotive and IoT (Internet of Things). Students will be familiarized with the concepts of hardware analysis and have a first-hand chance to build and instrument the analysis of hardware targets using FPGAs.

Students will implement complex algorithms in a modern high-level scripting language (python) while implementing all low-level timing critical components in hardware (Verilog HDL). This training will also cover how these techniques can be utilized for applications ranging from black box reverse-engineering of undocumented protocols to validating an overall hardware design. This training also offers a unique opportunity for students to work with real-world test and measurement equipment. Additionally, the training covers the minimal amount of electrical engineering required for instrumenting targets in practice.

As such there are no specific prerequisites for this course beyond a basic programming background. Students will be provided sufficient background and templates for the python scripting language to successfully complete the assignments. All the aspects of hardware design (FPGA development, RTL design, Verilog HDL as well as simulation and functional verification) will be covered in the course. Each day will feature one CTF (capture the flag) style assignment that will take approximately the entire day for students to solve. Each assignment will cover one common flaw that can be found in real-world hardware implementations.

Students should bring a notebook capable of running VMware Fusion, VMware Workstation or the free VMware Player.

Topics

Common hardware vulnerabilities
embedded device security
IoT security
test and measurement equipment (oscilloscopes, logic analyzers)
JTAG, FPGA implementations
HDL development
core generation
debugging
soft cores
glitching
fuzzing
Man-in-The-Middle (MITM) of protocols
protocol injection
hardware acceleration
cloud FPGA platforms

Theory and Introduction

Theory/Basics
- Recommended literature
- Machine-To-Machine Communication
- Logic 101
Combinatorics
- Sequential & combinatorial logic
- Finite State machines (FSM)
- Logical functions & arithmetic computation
- Logic optimization
Verilog 101
- UART FSM
- HDL equivalent for FSM
- Testing and verification of RX/TX
Hardware Logic Implementation
- Electronics 101
- ASICs, TTL-Logic
- FPGAs, CPLDs
- Hard vs. Soft Macros
- I/O, Tristates
FPGA/ASIC Development Workflow
- Behavioral simulation
- Synthesis
- Place and Route
- Timing simulation
Gotchas
- Design constraints
- Optimization
- Best practices
- Safety and electronics

After the introduction to FPGAs, the design workflow and the tooling, students will get the opportunity to solve practical CTF style assignmnets. Each assignment takes approximately 4-6 hours to complete.

Assignment 1: FPGA Bring-Up

At the end of Day 1 students will have an opportunity to program create a design that utilizes the state machines written throughout the day. Subsequently students will load their bitstreams onto an FGPA and verify that they work. This assignment ensures that students have fully the process of simulation, synthesis and have fully understood the workflow with the FPGA tools.

Assignment 2: Basic Glitching

The goal of this assignment is to teach students that the security of the target platform can be compromised by manipulating the operating state of the target. The target is realized as a system requiring that a valid pin be entered on a pin pad for access. Students will have to identify ways in which the operating state of the device can be determined and change it accordingly.

Identify and analyze the communications protocol. Design a hardware implementation capable of brute forcing the system PIN. Identify valid triggers for the operating state of the system. Modify the hardware implementation to be able to cope with a penalty for 3 consecutive invalid PIN entries. Cope with a penalty flag hardware flag being set in Non Volatile Memory (NVM)

Assignment 3: Timing Analysis

The goal of this assignment is to familiarize students with the advantages of utilizing programmable logic platforms for their predictable timing behavior. Students must implement a hardware implementation capable of sending the target platform a password and measuring the response time.

Identify and analyze the communications protocol. Design a hardware implementation capable of sending a password and measuring the response time. Perform adaptive timing analysis against the target platform. Perform adaptive timing analysis against an optimized implementation.

Assignment 4: Bootloader Security Bypass

As seen on the blog (Part 1, Part 2, Part 3).

This assignment is designed to familiarize students with the workflow necessary for analyzing hardware targets in practice. Students will need to extract the bootloader from the device, analyze its contents, identify vulnerable instructions and glitch these instructions bypassing the protection mechanisms of the platform.

Extract the bootloader from a standard ARM microcontroller. Analyze the bootloader and identify vulnerabilities. Implement a programmable logic design capable of glitching a protected target. Glitch a protected target and extract the firmware.

Class Requirements

Participants should have some familiarity with scripting languages, i.e. Python. This course is suitable for people that are new to hardware security and electronics. All the theory and concepts related to electronics, HDL and debugging will be explained during course.

Optional Hardware Requirements

These hardware requirements are entirely optional. You can either purchase the hardware and run it locally or request remote hardware access and the hardware will be provided to you remotely. You can request a remote development environment as well if you are unable to run virtual machines.

You will need a Digilent Arty Z7 FPGA development board.
- Stock of board is limited due to the ongoing chip shortage, use Octopart to search multiple resellers. The board is sometimes also available on Amazon, Ebay and Aliexpress.
A working laptop capable of running virtual machines.
- 4GB RAM required, at a minimum.
- Approximately 60 GB free space for the Virtual Machine

Training by Dmitry Nedospasov

Dmitry is a hardware hacker, hardware design engineer, security researcher, speaker, and reverse-engineerer. Dmitry did his PhD in the field of IC security and PUFs.

Feedback by

Dan

24 June 2020

Advanced Security Training was great for me and my team. It’s rare to see a training that, within a few days, teaches the practical techniques to actually hack common devices AND the background concepts to understand what you're doing and why it works. The virtual format seemed like it might be a hurdle but I found myself enjoying the added flexibility more than the in-person variant thanks to the careful preparation of the training team.

Feedback by @red5heep

19 May 2020

I took the "Introduction to FPGA" training as a newbie in the field. Dmitry started from the basics, bringing me to a level to allow me to experiment by myself: the training touched all the most important concepts and gave a lot of practical tips and tricks: funny and challenging at the same time. The "2-days" format was perfect for me: it gave me a great overview and now it's up to me to deep dive into the technology.

Feedback by

Subu

21 May 2020

The streaming format was flawless. The chat was effective. Dmitry is adaptive to the needs of the students and spent an inordinate amount of time till the basic concepts of Verilog were drilled in with many, many exercises. This was never mentioned in the class description but something that will prove more useful than anything else.

Feedback by

Subu

07 June 2020

Dmitry's enthusiasm for the subject matter is boundless. He makes sure that the concept is first drilled in and explains everything in detail. He doesn't treat any question as stupid. I particularly liked that he wrote all the code from scratch, live -- instead of just dumping some power point slides and just reading through them. The live online format was exceedingly smooth and access to complete recordings of the sessions is an added bonus.

Feedback by

Anonymous

03 June 2021

This course started from basic to use FPGA to glitch the chips. I was looking to join this type of training for long time. Highly recommended

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.

All-Access Subscription - Trainings. Solved.

All of our courses are also available as private trainings.

Private Training Quote

Courses are offered multiple times in different timezones.

Notify Me