2024-11-09 –, Hochschule München - R0.007
IoT devices often lack robust security, making them prime targets for attackers. This workshop offers participants hands-on experience in accessing and analyzing the firmware of a real-world IoT device. Working in small groups, participants will be provided with real-world devices and the necessary hardware to dump the firmware from flash memory chips and analyze other open communication interfaces. Using Ghidra, participants will reverse engineer the firmware to uncover potential vulnerabilities. Additionally, the workshop will cover common vulnerabilities in WiFi and Bluetooth Low Energy communication.
Covered Topics
Bus Communication
- UART Overview
- Hands-On: Getting access to the UART Communication
Firmware Analysis
- Overview of different Flash Memory types
- Hands-On: Dumping the firmware of a NOR Flash
Reversing the Firmware Dump
- Brief Introduction to ARM assembly
- Reversing with Ghidra
- Struct Creation in Ghidra
- Intro to Ghidra Scripting
- Using the Ghidra Emulator
- Dealing with cases where Ghidra gets it wrong
Exploiting Communication Protocols
- TLS Security for WiFi communication (Demo: Certmitm)
- BLE Communication Sniffing (Demo: Sniffle)
Target Device: Real world Device (e.g. smart camera, doorbell, ...)
Hacking Tool: Arduino or ESP32
IoT Security, Firmware Dumping, Embedded Devices
Daniel Schwendner is a DevOps Engineer with a strong passion for Cyber Security. With a background in mobile application security and hardware security, he participates in bug bounty hunting and shares his security knowledge online.
