Leveraging UART, SPI and JTAG for firmware extraction

Back to the list of Speakers and Sessions
This workshop aims to teach methods to obtain a firmware running on a IOT device by probing the circuit board. Accessing flash memory using common protocols such as UART, SPI and JTAG will be covered

The classic firmware update procedure was to download the latest version from the manufacturer then upload it to your device which allowed easy access for inspection. In today's IOT devices, firmware may update itself directly using HTTPS. This allows for timely security updates but removes the end user access to the binary.

Fortunately, there are ways to extract a firmware from the flash chip on a circuit board using common protocols. In this workshop, we will learn:

  • how to disassemble a device
  • locate UART, SPI and JTAG ports
  • use a programmer to connect to them
  • how to read and write NOR and NAND flash memory
Participants should bring:

10 kits will be provided at the workshop to experiment with, come early.

Each kit contains:

  • 1 TPLink AC1200
  • 1 Bus Pirate
  • 1 Soic 8 pins clip
  • 1 NSEC 2018 badge
  • cables and connectors

TPLink WDR3600 or WDR4300 (similar models with UART, SPI and JTAG interfaces available)Adapter c232hm-ddhsl-0 or bus pirate recommended. Other similar adapters will also work.Linux computer recommended although other operating systems may be used if the attendee know how to install and operate the suggested software or similar software on his favorite operating system.

Participants must know or have:
  • Basic knowledge in electrical engineering is assumed. Attendees would have to know the concepts of voltage, current and resistance.
  • Previous experience with serial ports would be helpful although not required
  • The workshop would be given using a Linux computer. A Linux laptop is then suggested although the software used in the workshop (or similar) should work on other operating systems.
  • Experience with a regular serial port (UART) would be helpful
"