Here at Hackaday, we routinely cover fantastically informative articles on various areas of hardware hacking, and we even have our own university with courses that go into topics one by one. I’ve had my own share of material that I’ve learned theory and practical aspects from over the years I’ve been hacking – as it stands, for over thirteen years. When such material was not available on any particular topic, I would go through hundreds of forum pages to find details on a specific topic, or spend hours wrestling with an intricacies that everyone else considered obvious.
Today I want to highlight one of the most complete introductions to hardware hacking I’ve seen so far – from overarching principles to technical details, spanning all levels of complexity, uniting theory and practice. This is The Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. In four hundred pages you will find as complete an introduction to hardware subversion as there is. Neither nuance is considered self-evident; instead, this book works to fill in any gaps you may have, finding words to explain all relevant concepts at levels from high to low.
Aside from the general hardware hacking principles and examples, this book focuses on the areas of fault injection and force analysis—underrated areas of hardware security that you’ll want to learn, given that these two practices give you superpowers when it comes to taking control of hardware. It makes sense, since these areas are the focus of [Colin]its and [Jasper]their research and they are able to give you something you wouldn’t learn anywhere else. You’d do well with a ChipWhisperer in hand if you wanted to repeat some of the things this book shows, but it’s not a requirement. For starters, the book’s hardware hacking theory is something you’d benefit from anyway.
Having a solid theoretical basis for hardware hacking helps a lot. Don’t get me wrong, you’ll do pretty well reading our articles and learning from examples of other hackers’ work – but there are going to be structural gaps when it comes to how hacks relate to each other and what else is out there.
Traditionally, such gaps would be that universities and education courses take a lot of information, structure it and then provide that structure into which you can sort all further knowledge. Unfortunately, we know that even if you can find a professor, it is not a requirement that their lectures is engaging – or up-to-date with modern times. This book spends a hundred pages creating a structure for you, a categorized bookshelf to sort your books in. To get a complete picture of hardware and never run out of ways to approach it, it helps if you understand your device the same way a hardware security understands it, and both of our authors worked tirelessly to convey their mental frameworks to you, with plenty of examples.
Whether it’s going through Intel CPU die shots and pointing out different areas, showing protocol signal traces to demystify what’s really going on with a signal, or explaining the potential hidden in various PCB features you might encounter on the board you’re tackling, you’ll get a get a glimpse into the mind of an expert as you walk through the examples they give you. It also doesn’t shy away from topics like cryptography – something a hacker might not know they can use and might be forced to treat as a black box. In fact, it is arguably one of the most important topics such a book can touch on – and go there it does. Before you start extracting RSA keys, go through the RSA calculations involved in cryptographic signatures – while some understanding of algebra is beneficial, it’s not necessary, and you can always supplement with something like the RSA calculator we recently covered.
No doubt you’ll want examples, because that’s how we learn best. With these advanced techniques in hand, they take the Trezor One crypto wallet, a device sold online today, and bypass the security measures by extracting the private keys stored on the wallet. The focus on power analysis and glitching pays off here – in fact, almost literally. This demonstration is advanced and heavy enough that it deserves its own chapter, and even if you don’t follow the steps as you go through it, the attack ties the concepts you’ve seen together and helps you make the connections between what you’ve read and what you will do when you need to extract secrets from your own device.
The authors make sure to keep the theory well connected to real-world hardware as the book progresses. As a training area for the Trezor wallet trial, you will be taught how to solder a FET to the underside of a Raspberry Pi 3B+ PCB to bug the CPU power rail and try to make the CPU instructions skip. This tutorial assumes you have a ChipWhisperer, although only the Lite version will do, but if you want to get real results anyway without the precise timing that ChipWhisperer brings, you can use an ATMega328P and a piezoelectric generator from a BBQ lighter – something that gives you insight without tying the book’s value to a piece of extra hardware.
Then they go into power analysis – something you can often do with an oscilloscope, and introduce you to the basics. It’s a chapter I’m just skimming through myself still, with this book as informative as it is. However, I have high hopes for it, as power analysis is both a relatively non-invasive way of extracting information and also an attack vector that most hardware out there in the wild is susceptible to, making this part of the book a priority of mine when I’m faced with some free time in my schedule. In fact, about a third of this book is devoted to power analysis techniques, from simple to advanced, and goes through several test setups, with even an Arduino-based target to get your feet wet.
Of course, part of the hardware hacker’s power lies in the equipment, which is why it’s hard to write a book like this and not expect your reader to have a few specific tools. The authors are aware of this, which is why there is an entire chapter dedicated to equipping your own laboratory – with budgets from high to very low. Many of the tools you will be able to improvise or reuse, or will be able to use thanks to a friendly hacker area nearby. Of course, you will be able to do without at first, but when you run into a particular problem, it is useful to know that there is a tool for your exact need.
Since this book was published, we have seen Colin push the boundaries of side channel attacks once again. Just last year he gave a Remoticon talk on EM injection failures, giving us an accessible method of doing it without any fancy hardware requirements. These side-channel attacks are an advancing field that chips will remain vulnerable to for the foreseeable future, and this book will help you use these methods as you unlock your own
For newcomers, such a promising field is a great introduction to getting hardware, as many other attack surfaces we’ve known for years today are well protected and often won’t work as well in the wild. For professionals, you will undoubtedly find a few blind spots in your knowledge that you would do well to eliminate. We don’t have the technology to upload information to our brains – yet; as it stands, books are the closest we can get to that, and The Hardware Hacking Handbook is a respectable attempt to teach you what hardware hackers like [Jasper] and [Colin] know.