ATTEND IN-PERSON: Onsite in Abu Dhabi
ATTEND ONLINE: Virtual via Zoom and LMS
DATE: 22-23 November 2021
TIME: 09:00 to 17:00 GST/GMT+4
|22 November||Monday||09:00 to 17:00 GST/GMT+4||8 Hours|
|23 November||Tuesday||09:00 to 17:00 GST/GMT+4||8 Hours|
All trainees will be entitled to apply for a 30-day ChipJuice license by Texplained!
Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, etc) to fully-invasive methods requiring the use of equipments such as deprocessing tools, Scanning Electron Microscope, Focused Ion Beam, etc.
The latter class is known to be the most potent. On top of that, it also often brings sufficient knowledge about the target for the creation of easier-to-perform methods (non- and semi-invasive) to exploit weaknesses found in the embedded firmware and the hardware itself.
This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.
Students who complete this course will be familiar with all important classes of low-level hardware attacks (shield and hardware counter-measures bypass – ROM and Flash/EEPROM dump – bus passive and active probing – …) through real world examples covering the entire analysis workflow from the lab to the data analysis.
An introduction to non- and semi-invasive attacks will be given so as to be able to exploit the results of the IC RE and code dump results.
This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction.
When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate.
Key Learning Objectives
- Recover ICs internal architectures
- Evaluate the efficiency of existing countermeasures
- Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations
- Find out how to perform low-level hardware reverse engineering
- Develop analysis strategies for the target devices and apply these strategies to recover their embedded data
- Students will be shown how such informations can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes
Who Should Attend
- Digital police investigators
- Forensic investigators in law-enforcement agencies
- Government Services
- Pen Testers who want to assess the security of the embedded code, allowing for a complete hardware + Software evaluation
- Digital ICs designers & test engineers
- Engineers involved in securing hardware platforms against attacks
- Researchers who want to understand the nature of many hardware investigation methods
- Team leaders involved in IC security and exploration as well as device security
- Hardware hackers who want to become familiar with methods on ICs
- Parties involved in hardware reverse-engineering and Vulnerability analysis
What Students Say About This Training
“Yes, I would highly recommend this course to anyone with an interest in learning about IC reverse engineering.”
“RE of the logic cells was the most interesting, but general knowledge of what can be done on modern ICs was the most useful.”
“It’s hard to highlight one special thing, part or topic. The course as a whole was exceptionally interesting. If i’m pressed to pick one, i would say it was the reversing of standard cells from an SEM-image.”
Hardware / Software Requirements
- Students will be provided assignments on paper as well as the training material as a .pdf file.
- For working on the examples and handling the image processing steps, Fiji (ImageJ) and Photoshop will be needed.
- Executables for Windows and Macs will be given if not already installed on their laptop.
- For the trainings including a session with ChipJuice, the attendees will be informed of the required setup prior to the session
• Integrated Circuits Structure
• Transistors, CMOS logic and associated weaknesses
• Digital logic and Memories
• Failure Analysis and Reverse-Engineering Methods
• Embedded Firmware and Secret Data Dump: ROM & Flash Dump
> Analytical and Invasive ROM Dumps
> Linear Code Extraction Based Methods
• Automating the Entire Process
• How to use the RE and code extraction results
• Using scripting language to extract useful information
• Writing VHDL model to simulate part of the circuit
• Choosing the right types of attacks for a given study
• Non-, semi- and fully invasive attacks with a focus on the latter
• RE based attacks