Hardware hacking 101: There is plenty of room at the bottom

A1 | Wed 23 Jan | 3:50 p.m.–4:35 p.m.


Presented by

  • Federico Lucifredi
    @0xf2
    http://f2.svbtle.com

    Federico Lucifredi is the Product Management Director for Ceph Storage at Red Hat and a co-author of O'Reilly's "Peccary Book" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University's graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java. He is a frequent speaker at user group and conference events, notably the Linux Foundation's Open Source Summit, the O'Reilly Open Source Convention, The OpenStack Summit, LinuxWorld, and the leading SCALE and LCA Community conferences. Federico is a recognized expert in computing performance issues and consults with Standard and Poor's clients in Free and Open Source Software technical and strategic issues. He participated in the FSF’s GPL v3 drafting process in the large corporation panel, and maintained the man suite, the primary documentation-delivery tool under Linux. Federico is a graduate of Boston College and Harvard University, and holds an ACE from MIT's Sloan School. His writing has been published on Linux Journal and Linux Magazine, and he pens the recurring "Performance Tuning Dojo" column for Admin Magazine and writes for O'Reilly Media on topics ranging from Cloud Computing to Open Hardware.

Abstract

This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we? In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects. I will review the hardware, its capabilities, how to breach its security, and how to enable it with top-class network configuration at boot-up, on nearly any network. I will then show how to build and install additional software and customize the device, using shell script and Perl, for workloads that fit its minute size and low power requirements. Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures. We close the session with a review of similar exploits against hard drive controllers. There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects. Use your newfound knowledge for good, with great power comes great responsibility!