This is the code repository for Practical Hardware Pentesting, published by Packt.
Practical Hardware Pentesting, published by Packt
Hardware pentesting involves leveraging hardware interfaces and communication channels to find vulnerabilities in a device. Practical Hardware Pentesting will help you to plan attacks, hack your embedded devices, and secure the hardware infrastructure.
This book covers the following exciting features:
- Perform an embedded system test and identify security critical functionalities
- Locate critical security components and buses and learn how to attack them Discover how to dump and modify stored information
- Understand and exploit the relationship between the firmware and hardware
- Identify and attack the security functions supported by the functional blocks of the device
- Develop an attack lab to support advanced device analysis and attacks
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter02.
The code will look like the following:
[xxx.xx] usb xxx: New USB device found, idVendor=04d8,
idProduct=fc92, bcdDevice= 1.00
[xxx.xx] usb xxx: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
Following is what you need for this book: This book is for security professionals and researchers who want to get started with hardware security assessment but don’t know where to start. Electrical engineers who want to understand how their devices can be attacked and how to protect against these attacks will also find this book useful.
With the following software and hardware list you can run all code files present in the book (Chapter 1-14).
Chapter | Software required | OS required |
---|---|---|
5-12 | Linux | Any *NIX platform |
5,6,11,12 | Bluepill board(STM32F103) | Any *NIX platform |
11,12 | Ghidra 9.2+ | Any *NIX platform |
5 | GCC 9+ | Any *NIX platform |
5,10,12 | OpenOCD 9+ | Any *NIX platform |
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. Click here to download it.
Click on the following link to see the Code in Action:
Jean-Georges Valle is a hardware penetration tester based in Belgium. His background was in software security, with hardware being a hobby, and he then started to look into the security aspects of hardware. He has spent the last decade testing various systems, from industrial logic controllers to city-scale IoT, and from media distribution to power metering. He has learned to attack embedded systems and to leverage them against cloudscale infrastructure. He is the lead hardware technical expert in an offensive security team of a big four company.
Jean-Georges holds a master's degree in information security and focuses on security at the point of intersection with hardware and software, hardware and software interaction, exploit development in embedded systems, and open source hardware.