Introduction to Hardware and Embedded Forensics

Blog Series

• Part 1: Introduction to Hardware and Embedded Forensics
• Part 2: UART Intro. and Sniffing UART with a Logic Analyzer
• Part 3: Home Automation Hub Forensics
• Part 4: TBD

Introduction to Hardware and Embedded Forensics

I started thinking about cell phones and how people acquire data from them. I read about hacking pin codes with electronic devices, rooting methods and their shelf life/practicality, chip off, JTAG, etc.

What? JTAG and chip off...? After a bit of time on Google I sent a Tweet on April 19th, 2015 asking, "JTAG opinions: RIFF, Smart-Clip2, Octoplus, or Sigma Box? Looking to "play" around a bit"? I got a few replies. I didn't know much about what they tweeted back to me. Below is what has happened since that tweet...

That's when I realized I had a knowledge gap. I don't know much about hardware and/or electronics and if I ever needed to do something with either one of those forensically I would need to ask for some help. But I also like new hobbies and learning new things so this is where my road begins.

So to learn more about hardware, hardware "hacking", and other techniques used to acquire forensic data off hardware devices (outside of desktop/laptop computers) I have decided to start poking around with some different consumer electronics. Specifically home automation. At least initially to get my feet wet, but more so because my cell phone is hundreds of dollars and it has some super small electronics on it. I figured I would start with something a bit bigger. So I hit up Amazon and ordered a few different home automation hubs to take a look at. I'm less interested in the "hacking" part, but if I find something interesting along the way I will write about it as well.

First things first. I need to buy some equipment before I get started.

My Shopping List

• Shikra - This will allow me to speak with various low(er) level data interfaces such as; JTAG, SPI, I2C, UART, and GPIO.
• JTAGulator - This will allow me to brute force the PIN configuration for UART and JTAG interfaces so we can the use something like Shikra (or the JTAGulator) to talk with those.
• Saleae Logic 8 - This is a logic analyzer and will allow us to more or less perform a "Wireshark"capture on various data interfaces so we can see what's being passed around the wire. It does this with the software, which has protocol analyzers that will decode the various protocols (SPI, I2C, serial, JTAG, etc.)
• J-Link EDU Debugger - This is the same as the J-Link Base, but I am not using it for commercial purposes so you save some money.
• DSLogic Pro Kit - Logic Analyzer
• Tekpower TP1803D Linear Digital Variable DC Power Supply
• Triplett 1101-B Compact Digital Multimeter
• Ultra-Efficient Desk Clamp-Mount 56 SMD LED Spring-Arm Magnifying Lamp
• Kendal 2 IN 1 SMD Rework Soldering STATION 852D++
• Olympia Tools 88-670 iWork 15-Piece Smart Phone Repair Tool Kit
• Klein Tools 32525 32-Piece Tamperproof Bit Set
• SMARTScope by LabNation
• Make: Electronics (Learning by Discovery)
• Hot Glue Gun
• Fishing lure tackle boxes - Keep all my stuff nice and neat so my wife doesn't kill me.
• Various Jumper wires, solder kits, bread board, parts, etc.
• Some random stuff here and there.

Things I already had

• Raspberry Pi 2 Model B
• Caldigit Thunderbolt Docking Station 2 - I ran out of USB ports...

Here is where I get to justify my purchases. It is about 50% of a graduate class and I will learn a hell of a lot more than I would there so I consider it justified. However, I couldn't stomach adding all of it up so you will need to do that on your own. Go home or go big I guess..

References

Below is a list of sites, links, videos, courses, books, etc. that I am finding useful or are on my to-do list. This will continue to grow as I add more and more sites. Feel free to send me links. Some of these are way above my head, but I keep them around for references more than anything. Maybe they wont be for others.

I suggest reading/watching the "free" stuff first before you start buying a bunch of books and what not. Do as I say, not as I did. :)

Protocol References

UART:

• How does the UART work? - https://www.youtube.com/watch?v=FQpbIvhY7es
• Serial Port Complete 2nd Ed: http://www.amazon.com/dp/193144806X (Also referenced in Books section)
• https://en.wikipedia.org/wiki/Universal_asynchronous_receiver/transmitter

SPI:

• https://learn.sparkfun.com/tutorials/serial-peripheral-interface-spi
• Serial Port Complete 2nd Ed: http://www.amazon.com/dp/193144806X (Also referenced in Books section)
• https://en.wikipedia.org/wiki/Serial_Peripheral_Interface_Bus (See references section as well)

I2C:

• http://www.8051projects.net/wiki/I2C_TWI_Tutorial
• https://en.wikipedia.org/wiki/I²C (See references section as well)

JTAG:

• https://en.wikipedia.org/wiki/Joint_Test_Action_Group (See references section as well)

SMBus:

• https://en.wikipedia.org/wiki/System_Management_Bus

Wikipedia

It's not the articles themselves. It's the references that contain the gold.

Hardware RE/Hacking Sites

• https://www.exploitee.rs
• forum.xda-developers.com
• http://www.devttys0.com

Reference Books (Google goes a long way here)

• Hacking the Xbox (Free) - http://www.nostarch.com/xboxfree
• Serial Port Complete 2nd Ed: http://www.amazon.com/dp/193144806X
• USB Complete: The Developer's Guide 5th Ed: http://www.amazon.com/USB-Complete-Developers-Guide-Guides/dp/1931448280

Educational Courses

• https://www.coursera.org/course/introtoelectronics
• https://www.coursera.org/course/hardwaresec
• https://www.newbiehack.com

Tools

• Jtagulator - http://www.grandideastudio.com/wp-content/uploads/jtagulator_slides.pdf
• Jtagulator - https://www.youtube.com/watch?v=GgMOBhmEJXA
• Jtagulator Part 1 - Discovering Debug Interfaces with the JTAGulator https://www.youtube.com/watch?v=4StBmkAsCr4
• Jtagulator Part 2 - Discovering Debug Interfaces with the JTAGulator https://www.youtube.com/watch?v=xi5jSN7NCi4

Overview Presentations/Videos/Blogs/Websites (in no order)

• http://www.slideshare.net/balgan/hardware-hacking-101
• http://www.slideshare.net/mattb/hardware-hacking-for-fun-and-profit-1049183
• http://www.slideshare.net/guest3bd2a12/advanced-hardware-hacking-techniques-presentation
• http://www.slideshare.net/Sudar/open-hack-2011hardwarehacks
• http://www.slideshare.net/fusionmkx/hackers-and-painters-hardware-hacking-101-10th-oct-2014
• http://www.slideshare.net/watsonsteve/arduino-forensics
• http://www.slideshare.net/watsonsteve/wearable-device-forensics
• http://www.devttys0.com/2012/10/jailbreaking-the-neotv
• http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug
• https://www.newbiehack.com

ELF Binary Reversing

• http://www.hackercurriculum.org/elf
• http://althing.cs.dartmouth.edu/local/reverse-talk.pdf
• http://www.linuxsa.org.au/meetings/reveng-0.2.pdf
• https://raw.githubusercontent.com/corkami/pics/master/ELF101.png

Summary

So yeah, that's the "kit" I have and will be playing with. I'm not really sure where this "series" of blog posts are going to go, or even if i'll get anywhere. I really know nothing about hardware/electronics so i'm more or less putting this out to the public as a means to keep me on task and hopefully learn something along the way. I can already see some C coding in my future. At the very least I will keep notes and make a good record of where people can go to at least get started if they are also interested.