Introduction to Hardware Hacking and Reverse Engineering

Learn how to attack and threat-model embedded and IoT devices in this hands-on hardware hacking training.

Training as low as


with one of our subscriptions



Have you ever looked at a phyiscal device and wondered what was possible? How does it work? Why is it secure? What does information flowing between components look like using a logic analyzer? And most importantly, can we hack it?

This course introduces you into the world of hardware hacking: From understanding how 'smart' devices work over dumping a flash-chip from a device up to manipulating and backdooring the firmware of a router.

The training is all hands on: Participants will be provided a link where they can obtain a hardware kit including a logic analyzer, a multitool for flash dumping and serial work, a multimeter and a target device.

What you will learn

  • Creating a threat model of an embedded device
  • Finding & using debugging capabilities (Serial consoles, JTAG)
  • Dumping memory devices & ICs
  • Analyzing & extracting firmware dumps
  • Analyzing in-device busses

Who this training is for

  • Security engineers getting into IoT & embedded security
  • Developers who want to understand hardware threat models
  • Everyone who is curious about securing the internet of things

Day 1: The basics

Day 1 is a crash-course into the wold of embedded device hacking:

  • Embedded electronics introduction

    • How is a device built
    • What electrical components are in a device
    • How to reverse engineer a device architecture
    • Identifying potential targets
  • Basic firmware analysis

    • From binary blob to extracted filesystem
    • Identifying encrypted & unencrypted firmware
    • Finding vulnerabilities and backdoors using static analysis
    • Backdooring firmware
  • Measuring: The multimeter

    • Measure voltages to confirm targets
    • Testing conductivity to identify test pins
  • Measuring: Logic Analyzer

    • Logic signals
    • Basic signal analysis
    • Identifying unknown signals
    • Probing on real devices
    • Embedded protocols (SPI, I2C, UART, etc)

Day 2: Hacking devices

  • Storage components

    • Identifying storage components
    • Dumping flash
    • Modifying flash
    • Backdooring a device
  • Finding UART & JTAG on a device

    • Finding serial console using a logic analyzer
    • Accessing bootloaders
    • Bypassing a locked u-boot
    • Modifying kernal commandlines to get root
    • Tricking bootloaders

Class requirements

  • Basic understanding of threat modeling
  • Basic understanding of reverse engineering
What you need to bring

A computer running VMware Workstation or VMware Fusion for running our VM, at least 30GB of free disk space.

We can only officially support Windows and Mac OS X, if you use Linux please make sure USB forwarding etc. works well into the VM.

Training by Thomas Roth

Thomas is best known for his attacks on embedded devices. His research focuses on mobile and embedded systems with published research on TrustZone, payment terminals, and embedded security.

Feedback by @davidxTerror

14 May 2020

This was a great training! Thomas was a great instructor and went through everything step by step in the course. The hardware came on time, so there was never a worry of being left out in the class. I would recommend this class to anyone interested in going into hardware hacking and reverse engineering.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.
All of our courses are also available as private trainings.
Courses are offered multiple times in different timezones.