Here on Hackaday, we routinely cover wonderful informative writeups on different areas of hardware hacking, and we even have our own university with courses that delve into topics one by one. I’ve had my own fair share of materials I’ve learned theory and practical aspects from over the years I’ve been hacking – as it stands, for over thirteen years. When such materials weren’t available on any particular topic, I’d go through hundreds of forum pages trawling for details on a specific topic, or spend hours fighting with an intricacy that everyone else considered obvious.
Today, I’d like to highlight one of the most complete introductions to hardware hacking I’ve seen so far – from overall principles to technical details, spanning all levels of complexity, uniting theory and practice. This is The Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. Across four hundred pages, you will find as complete of an introduction to subverting hardware as there is. None of the nuances are considered to be self-evident; instead, this book works to fill any gaps you might have, finding words to explain every relevant concept on levels from high to low.
Apart from the overall hardware hacking principles and examples, this book focuses on the areas of fault injection and power analysis – underappreciated areas of hardware security that you’d stand to learn, given that these two practices give you superpowers when it comes to taking control of hardware. It makes sense, since these areas are the focus of [Colin]’s and [Jasper]’s research, and they’re able to provide you something you wouldn’t learn elsewhere. You’d do well with a ChipWhisperer in hand if you wanted to repeat some of the things this book shows, but it’s not a requirement. For a start, the book’s theory of hardware hacking is something you would benefit from either way.
GIVING YOU A SOLID FRAMEWORK…
Having a solid theoretical basis for hardware hacking helps a lot. Don’t get me wrong, you’ll do pretty well reading our articles and learning from examples of your fellow hackers’ work – but there are going to be structural gaps when it comes to how hacks relate to each other and what else is out there.
Traditionally, such gaps would be by universities and educational courses, taking a lot of information, structuring it and then gifting that structure for you to sort all further knowledge into. Sadly, we know that even if you can find a professor, it’s not a requirement that their lectures are engaging – or up to date with modern times. This book spends a hundred pages creating a structure for you, a categorized bookshelf to sort your books into. In order to have a complete picture of hardware and never run out of ways to approach it, it helps if you understand your device in the same way that a hardware security understand s it, and both of our authors worked tirelessly to convey their mental frameworks to you, with plentiful examples.
Whether it’s going through Intel CPU die shots and pointing out different areas, showing protocol signal traces to demystify what really happens with a signal, or explaining the potential hidden in different PCB features you might encounter on the board you’re tackling, you get a glimpse into an expert’s mind as you go through the examples they provide you with. It doesn’t shy away from topics like cryptography, either – something that a hacker might not know they could use, and might be compelled to treat as a black box. In fact, it’s arguably one of the most important topics such a book could go into – and go there, it does. Before you start RSA key extraction, they go through RSA calculations involved in cryptographic signatures – while some understanding of algebra is beneficial, it’s not required, and you can always supplement with something like the RSA calculator we covered recently.
…AND TEACHING YOU HOW TO APPLY IT
Without a doubt, you’ll want examples, as that’s how we learn best. With these advanced techniques in hand, they take the Trezor One cryptowallet, a device sold online today, and bypass its security measures, extracting the private keys stored on the wallet. The focus on power analysis and glitching pays off handsomely here – in fact, almost literally. This demonstration is advanced and heavy enough that it deserves its own chapter, and even if you don’t follow the steps as you go through it, the attack ties the concepts you’ve seen together, helping you make the links between what you’ve read and what you will do when you need to extract secrets out of your own device.
The authors make sure to keep the theory firmly coupled to real-world hardware as the book progresses. As training grounds for the Trezor wallet foray, you’ll be taught you how to solder a FET to the underside of a Raspberry Pi 3B+ PCB in order to glitch the CPU power rail and try making the CPU skip instructions. This exercise assumes you have a ChipWhisperer, though just the Lite version will do, but if you want to get real results anyway without the precise timing that the ChipWhisperer brings, you can use an ATMega328P and a piezoelectric generator from a BBQ lighter – giving you insights without tying the book’s value to a piece of extra hardware.
Then, they go into power analysis – something that you can often do with an oscilloscope, and present you with the basics. It’s a chapter that I’m only going through myself still, with this book being as information-dense as it is. However, I have high hopes for it, as power analysis is simultaneously a relatively non-invasive way to extract information and also an attack vector that most of hardware out there in the wild is susceptible to, making this part of the book a priority of mine when facing a bit of free time in my schedule. In fact, about a third of this book is devoted to power analysis techniques, from simple to advanced, and goes through multiple test setups, with even an Arduino-based target to get your feet wet.
Of course, part of hardware hacker’s power is in the equipment, which is why it’s hard to write a book like that and not expect your reader to have a few specific tools. The authors are mindful of that, which is why there’s an entire chapter going into equipping your own lab – on budgets from high to very low. A lot of the tools, you’ll be able to makeshift or repurpose, or will be able to use thanks to a friendly nearby hackerspace. Of course, most of them, you’ll get by without in the beginning, but when you encounter a particular problem, it’s helpful to know that there’s a tool for your exact need.
SIDE CHANNEL ATTACKS WILL ONLY GET BETTER
Since this book’s release, we’ve seen Colin advance the frontier of side channel attacks once more. Just last year, he’s given a Remoticon talk about EM injection glitching, and provided us with an accessible method on doing that without any fancy hardware requirements. These side channel attacks are an advancing field that chips will remain vulnerable to in the foreseeable future, and this book will get you up to speed on applying these methods when unlocking your own
For newcomers, such a promising field of study is a great intro to getting hardware, as many other attack surfaces we’ve known for years are nowadays well-protected and often won’t work as well in the wild. For professionals, you’ll undoubtedly find a few blind spots in your knowledge that you’d do good eliminating. We don’t have technology for uploading information into our brain – yet; as it stands, books are the closest we can get to that, and The Hardware Hacking Handbook is a respectable attempt to teach you what hardware hackers like [Jasper] and [Colin] know.
A German version of the book would be great
Sorry to be that guy, but if you really want to do electronics or almost any science-related stuff you will need to learn some english. Technical english is not the one from Shakespeare and stuff like this, it is actually not too hard to learn enough english to at least understand some things from datasheets and technical books. I couldn’t read any Shakespeare stuff, but for technical stuff my comprehension is fine. And if needed there is always an internet connection to some dictionary somewhere.
Heh, and going the other way, a chemical engineer pretty much had to have some working German up until the late 1950s, as most of the major research and documentation tended to be German. There are still a few niches where it’s occasionally difficult to make progress on a project if you can’t piece together enough German to read the relevant papers. Many of the more arcane papers were never translated, especially ones that ended up superseded by improved methods.
A few years ago, a relative had to dig into a few hundred pounds of dusty microfiche for details on optimizing a particular synthetic lubricant process, related to Fischer-Tropsch. It’s just barely unrelated enough to modern interests that nobody followed up on it in recent decades, so all the extant details are in German only. Apparently, after a few hours of skimming, any sudden exposure to English seemed quite brain-bending…
It turned out to be moderately easy to informally learn enough technical German to get the task done. According to one of my relative’s coworkers, going the other way is much harder. English is much more adaptable and multi-paradigmatic, which makes for long-term evolutionary success. But in exchange, learning English requires internalizing the paradigms of several widely different language families, as modified by centuries of adaptation. This doesn’t make it impossible, or even all that hard. It does mean that it’s not as easily picked up in passing.
I was peripherally involved in an ESL program for a few years (they kept frying classroom camera packs and we needed to make that stop happening), and discussion with their linguists and ESL teaching staff tended to support this hypothesis.
“English is much more adaptable and multi-paradigmatic, which makes for long-term evolutionary success.”
People and their consistent abuse of Darwin and evolutionary theory…
English is not widespread because it is easy, adaptable, organic or any other thing people assign to it, which is incorrect.
English is so widespread due to its colonial past, many countries having it as official language, being the business language (also due to old time colonial past and strong business connections).
It is not because of the language itself. English is “easy” because people today are exposed to it everywhere all the time. German is simpler logically and from pronuciation much more logical.
The major “disadvantage” of German are the longer words and terms, which at the same time is its advantage: you can guess the meaning of new unknown words quite often. It also leads to another mode of thinking and insights you don’t get in other languages.
Take any reasonably complex phrase, and English isn’t as simple anymore, either.
In general, being multilingual is an advantage, because of how it gives different perspectives, different inspirations, mindsets, and cultural background.