Introduction to Hardware Hacking and Reverse Engineering

Learn how to attack and threat-model embedded and IoT devices in this hands-on hardware hacking training.

Training starting at


with one of our subscriptions



Have you ever looked at a phyiscal device and wondered what was possible? How does it work? Why is it secure? What does information flowing between components look like using a logic analyzer? And most importantly, can we hack it?

This course introduces you into the world of hardware hacking: From understanding how 'smart' devices work over dumping a flash-chip from a device up to manipulating and backdooring the firmware of a router.

The training is all hands on: Participants will be provided a link where they can obtain a hardware kit including a logic analyzer, a multitool for flash dumping and serial work, a multimeter and a target device.

What you will learn

  • Creating a threat model of an embedded device
  • Finding & using debugging capabilities (Serial consoles, JTAG)
  • Dumping memory devices & ICs
  • Analyzing & extracting firmware dumps
  • Analyzing in-device busses

Who this training is for

  • Security engineers getting into IoT & embedded security
  • Developers who want to understand hardware threat models
  • Everyone who is curious about securing the internet of things

Day 1: The basics

Day 1 is a crash-course into the wold of embedded device hacking:

  • Embedded electronics introduction

    • How is a device built
    • What electrical components are in a device
    • How to reverse engineer a device architecture
    • Identifying potential targets
  • Basic firmware analysis

    • From binary blob to extracted filesystem
    • Identifying encrypted & unencrypted firmware
    • Finding vulnerabilities and backdoors using static analysis
    • Backdooring firmware
  • Measuring: The multimeter

    • Measure voltages to confirm targets
    • Testing conductivity to identify test pins
  • Measuring: Logic Analyzer

    • Logic signals
    • Basic signal analysis
    • Identifying unknown signals
    • Probing on real devices
    • Embedded protocols (SPI, I2C, UART, etc)

Day 2: Hacking devices

  • Storage components

    • Identifying storage components
    • Dumping flash
    • Modifying flash
    • Backdooring a device
  • Finding UART & JTAG on a device

    • Finding serial console using a logic analyzer
    • Accessing bootloaders
    • Bypassing a locked u-boot
    • Modifying kernal commandlines to get root
    • Tricking bootloaders

Class requirements

  • Basic understanding of threat modeling
  • Basic understanding of reverse engineering
What you need to bring

A computer running VMware Workstation or VMware Fusion for running our VM, at least 30GB of free disk space.

We can only officially support Windows and Mac OS X, if you use Linux please make sure USB forwarding etc. works well into the VM.

Training by Thomas Roth

Thomas is best known for his attacks on embedded devices. His research focuses on mobile and embedded systems with published research on TrustZone, payment terminals, and embedded security.

Feedback by @davidxTerror

14 May 2020

This was a great training! Thomas was a great instructor and went through everything step by step in the course. The hardware came on time, so there was never a worry of being left out in the class. I would recommend this class to anyone interested in going into hardware hacking and reverse engineering.

Feedback by @toonswyzen

05 October 2020

I had little prior experience with hardware hacking and learned a lot in these two days. Thomas is an excellent trainer as he explains the material clearly and makes sure that every question is answered. I thoroughly enjoyed the course and would happily take another one in the future!

Feedback by

Sum Chuen

05 November 2020

I enjoyed a lot in this lesson, Thomas was using simple to explain the IoT reversing skills. Recommended :)

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.
All of our courses are also available as private trainings.
Courses are offered multiple times in different timezones.