"Hardware Hacking" is all the rage. Early last year (2011) we at DontStuffBeansUpYourNose.com debuted a talk entitled "Hardware Hacking for Software People" (see: http://bit.ly/pGAGlO). The talk was a collection of experiences and simple techniques we as laymen had discovered/used over the years to perform very simple hardware penetration testing. We covered a range of topics from hardware eavesdropping and bus tapping to simple integrated circuit interfacing and debugging. The popularity of the talk, paper/slides, and video was surprising. People were really hungry for this stuff.
Although that talk did conclude with demonstration of a real-world bug in a home cable modem, it did not dive into the gritty details of exploitation on embedded processors. Late last year (2011) we developed and privately delivered 5 day courses that taught Advanced software exploitation on ARM microprocessors (used in iPhones, appliances, iPads, Androids, Blackberries, et al.) We opened that course to the public for CanSecWest 2012 and Blackhat 2012 (see http://bit.ly/wKHKsG) The response to that too has been very surprising.
The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation course that we are giving at Blackhat 2012. We discuss reliably defeating XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux (in embedded applications and mobile devices). We will also demonstrate these techniques and discuss how we were able to discover them using several ARM hardware development platforms that we custom built (see: http://bit.ly/zaKZYH ). We will also share some anecdotal "hardware hacking" experiences we had exploiting similar bugs on embedded devices running on other platforms (see: http://bit.ly/pGAGlO)
Stephen A. Ridley is a security researcher with more than 10 years of experience in software development, software security, and reverse engineering. He currently serves as Director of Information Security for a financial services firm. Before this, Mr. Ridley served as Senior Researcher at Matasano. Prior to that:Senior Security Architect at McAfee where he helped build the McAfee Security Architecture research group. Before that, he was a founding member of ManTech International's Security and Mission Assurance (SMA) group where he did vulnerability research and reverse engineering in support the U.S. defense and intelligence communities. He has spoken about reverse engineering and software security on every continent except Australia and Antartica (BlackHat, ReCon, Summercon, EuSecWest, Syscan and others). Mr. Ridley currently lives in Manhattan and frequently guest lectures at New York area universities such as NYU and Rensselaer Polytechnic Institute.
Stephen Lawler is the Founder and President of a small computer software and security consulting firm. Mr. Lawler has been actively working in information security for over 7 years, primarily in reverse engineering, malware analysis, and exploit development. While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies. Prior to this, as a founding member of ManTech International's Security and Mission Assurance (SMA) division he discovered numerous "0-day" vulnerabilities in COTS software and pioneered several exploitation techniques that have only been recently published. Prior to his work at ManTech, Stephen Lawler was the lead developer for the AWESIM sonar simulator as part of the US Navy SMMTT program. Stephen is also the technical editor of the book "Practical Malware Analysis" published by No Starch Press.