Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Download as PPTX, PDF1 like1,147 views
The document is a guide to hacking and understanding hardware, emphasizing hands-on learning and exploration. It covers the evolution of hardware, basic cryptography, and the importance of understanding systems for effective design and innovation. The author encourages readers to experiment and learn from both successes and failures while maintaining a safety-conscious approach.
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
- 1. HARDWARE Mark Wong 10th October 2014 hacking101 www.omgbazinga.com
- 2. DISCLAIMER While the following has been conscientiously researched. Neither the organizers nor the author will accept any liability if you render your device inoperable as a result of these instructions. Proceed at your own risk. DO attempt these experiments, tests, trials, or any activity in this presentation at home, work, or anywhere else for that matter. Have fun, gain more experience and knowledge, be safe and use common sense!
- 3. WHAT WE DO
- 4. WHAT WE DO
- 6. 233 MHz Pentium w/ MMX
- 11. So the learning journey begins…
- 12. 1997 Evolution of my Rigs SMOOTHER GAMES 1999 2002 2004 2006 2008 2009 2012 Coming soon 2015 Pursuit of No $?
- 13. How does hardware affect me? HARDWARE ROCKS
- 15. iB Secure Device token UNLOCKS YOUR MONEH
- 16. Coin Cell Battery Epoxied resin IC die “Chip-on-board”, ‘glob-top’ Button contacts Infineon BC857BL3 PNP transistor Assorted SMD resistors Test / programming pads Manufacturer information silkscreen 32.768kHz Ceramic Crystal Oscillator LCD junction pads
- 17. Technical Specifications • Weight: 14 grams • Dimensions: 9.8 x 25.9 x 62.7mm • Display: 8-characters LCD • Keypad: one-button • Real-time clock to provide time value to DIGIPASS algorithm • Supported crypto algorithm: DES, 3DES and AES, DIGIPASS time and event based • OATH event (HOTP) or time (TOTP) • Battery: non-replaceable, lifetime expectancy 7 years https://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx
- 18. What have we learnt? OATH - Initiative for Open AuTHentication HOTP: An HMAC-Based One-Time Password Algorithm (RFC 4226) Supports: TOTP -Time-Based One- Time Password Algorithm (RFC 6238) Standards set by: Internet Engineering Task Force (IETF) Then HOTP(K,C) is mathematically defined by: HOTP(K,C) = Truncate(HMAC(K,C)) & 0x7FFFFFFF K is a secret key, C is a counter key For HOTP to be useful for an individual as a system input, result must be converted into a HOTP value, (6–8 digits number) where HOTP-Value = HOTP(K,C) mod 10d, d is the desired number of digits http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm http://www.sourcemediaconferences.com/CTST09/PDF09/D/Tuesday/BajajSiddharth.pdf http://www.globaleventspanama.com/clab2010/files/conf_donald_malloy.pdf
- 19. Somebody already hacked it! https://http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank%27s-security-token/#.VCIywxbgzgU
- 21. What can I do with what I’ve learnt? The “stuff” Who makes it? How did they do it? Learn everything about it, try it. Learn about cryptography Learn about low-cost manufacturing or electronic packages Make your own crypto-key generator Be happy having learnt something http://www.empf.org/empfasis/dec04/improve1204.htm http://www.digikey.com/catalog/en/partgroup/avr-cryptocontroller/32031 http://www.maximintegrated.com/en/products/digital/microcontrollers/MAXQ1010.html
- 23. How do I Start?
- 24. Tools of the trade Screwdriver. Multi-meter. Pliers. Cutters.
- 25. What the heck hack is inside IT?
- 26. HOW DOES A CAR WORK? HOW DOES YOUR EZ-LINK WORK?
- 27. If you don't know how things work, how can you design interfaces with dreams to change the world? How do you improve something if you don't know how it works?
- 28. Build. Fail. Rebuild. Results. Outcome. Find out How? Why? System design / Adoption Hardware Lifecycle Summary 3-stage Block diagram
- 30. Teardowns!!!
- 32. BOM (Bill of Materials), Datasheets
- 36. • ultra-small (2mm x 2mm) – WOW! • Tri-axial • Measurement of accelerations in 3 perpendicular axes • Senses tilt, motion, shock and vibration - Low power consumption of 130 μA – NICE!
- 37. Don’t be afraid to blow things up
- 38. Online Resources Complexity & Ability Time
- 39. 3-stage Block diagram Controller / Process / Decision Measurement / Input Outcome
- 40. Input •Keyboard • Sensor • Touch screen Process • Processor •Microcontroller • Signal conditioning •Analog-to-digital Converter •Application software / firmware Output • LEDs • Screen •Sound Design your system
- 43. The good ‘Ol days
- 45. Apollo Guidance Computer (AGC), 1966 16-bit, 55Watts <1MIPS, 4K RAM, 32K ROM, 8 GPIO 1.024 Mhz 31 kilograms $15 Million Arduino UNO platform, 2009 8-bit Atmel atmega ATmega328 20MIPS, 2K RAM, 32K ROM, 14 GPIO 16Mhz 27 grams $20
- 46. Hardware platforms change all the time. The key is quick adoption.
- 47. Diodes Boring. Not Fun. http://startingelectronics.com/beginners/components/LED/ http://dangerousprototypes.com/docs/Basic_Light_Emitting_Diode_guide
- 48. What does it • ONE WAY VALVE • PLUS (+) and MINUS (-) • Makes pretty lights do?
- 52. What are you gonna make?
- 54. Learning Curve Complexity & Ability I kick-ass Valley of despair – “who’s dumb idea is this” Can’t live without! Time Increase in skills Associative stage Autonomous stage GOD-LIKE Trial & Error Cognitive stage ‘I suck’ threshold
Editor's Notes
- #13: Riva TNT 128 S3 Virge (1995) S3 Savage Voodoo 3D Geforce 256 Geforce 2 (2000) Geforce 3 Ti ATI Radeon 4-series Geforce 6600GT, 6800 Geforce 8800GTX (2008) Geforce 9800GT (2009) Geforce GTX 280 (2010) Geforce GTX 560 (2011) Geforce GTX 980 (2014)
- #16: Q: What is hardware hacking and why should I care about it? A: Your secure software is only as secure as the hardware it is running on. Imagine implementing all your crypto correctly, but a tiny little port or backdoor, or a post-it shows the password.
- #17: chip-on-board. The die is glued to the PCB and wires are bonded from it to pads
- #18: chip-on-board. The die is glued to the PCB and wires are bonded from it to pads
- #22: chip-on-board. The die is glued to the PCB and wires are bonded from it to pads
- #23: Q: What is hardware hacking and why should I care about it? A: Your secure software is only as secure as the hardware it is running on. Imagine implementing all your crypto correctly, but a tiny little port or backdoor, or a post-it shows the password.
- #28: How many here have a driving license? So when I was young, I found out that I could control the tv. Nobody could give me a satisfactory answer on how a radio works Everything you need to know. Is available here. We now live in an era of instant information, this one example of how quickly technology is moving and how we must adapt to keep ourselves relevant in this industry.
- #33: Manufacturers rely on the information that is included in the bill of materials (BOM) to build a product. The bill of materials typically includes part names, part numbers, part revisions and the quantities required to build an assembly. Thorough BOMs can include more descriptive information too, for example, the unit of measure or procurement type. BOMs that have printed circuit board assemblies (PCBAs) contain a column for listing reference designators.
- #38: Step 1.
- #39: Turn screws. Void warranties. Open minds.
- #46: Every so often a piece of technology can become a lever that moves the world, just a little bit. The Arduino is one of those levers. It started off as a project to give artists access to embedded microprocessors for interaction design projects, but I think it’s going to end up in a museum, someday, as a building block of the future world. Arduino allows rapid, cheap, prototyping for embedded systems. It turns what used to be fairly tough hardware problems into much simpler software problems. And it’s become the poster child of the Maker Movement. The real power is the community.
- #54: Fail fast, learn quickly, succeed sooner By turning abstract concepts into visual forms for validation
- #55: By the high levels, it would be getting an equivalent of a mechanical / electrical and electronics diploma