 Many people see huge difference in hacking and using Metasploit or other automated exploitation tools. Still, these tools paved the way to quick and easy system analysis. Yesterday and today we have heard talks concerning software and hardware vulnerabilities. Hatsploit wants to make it easier to look and analyze those vulnerabilities with your devices. Sometimes it is just about having the right tool. Here now to present the right tool, Arjulian and Gwendole. Thank you. Thank you very much. Good evening everyone. You are a lot. That's an amazing surprise for us. So I'm a little stressed, of course. So let's get started. With this presentation of Arjulian, we intend to show you the goal behind the project, the goal we want to reach and how we are going to reach it. We will end the presentation with a live demo of the tool. We like to live dangerously. Before starting, quick introduction about this. I'm Gwendole Haudic. I'm a Panthester and a software developer among other things. Therefore, I'm in charge of the high-level, high-layer level parts of the Arjploit development, like the graphical interface. Of course, I do love hardware hacking and that's why I'm working on this project with Arjulian. I'm Julien Amona and an electronic engineer. I'm a software Panthester and hardware Panthester, of course. I'm a DIY enthusiast guy because it's not expensive and it works perfectly. For Arjploit projects, I'm a low-level developer and I create the board and develop all the code for microcontroller and VHDL for the FPGA module. You understand what FPGA is after. The Arjploit project is based on a simple fact that is the following. The gap between hardware and software security widened since the 2000s. I think we can't really argue with that because we read and hear a lot more about software stuff being broken and fixed every day rather than hardware itself. We think that it's because mainly the hardware is a way to get access to the software. The hardware is more a way to get access to the software. That's very important for what's going on right now. I'm sure you've read a lot about the Internet of Things until you get fed up with it. These things that we are talking about are hardware products, hardware stuff, going from the simple smart t-shirt to the smart thermometer that is going to regulate the temperature of critical devices. Don't ask me why you have to add the word smart before everything related to IoT things. Just to say that it's not only about computers anymore. The question we ask ourselves is security speaking is hardware the new software? We will have in our hands a lot of electronic products able to connect itself to a network and we need to assess their security. To assess the security of the software part, we have made a lot of progress. We have great products, we have great services, great tools. If you try to compare it to the hardware part, you can see that we have very few unimplemented solutions. We think that it comes from a lack of awareness from the designers. For the little example, one of our clients was wondering, reading the audit report of his product, oh, do you guys manage to get my firmware? The answer was really simple. We use the same way you use to put your firmware in. Yes, it's true. So, quick and dirty procedure for hardware hacking. Let's imagine you have a thing in front of you, an object, an electronic product, and you want the potential, sorry, data that can be stored in it. The first step, of course, is trying to open the product. Some designers try to protect this step by making the product really difficult to open. Of course, it's not the best solution because if someone really wants to open the product, he will be able to do it. He will not just be able to rebuild it and make it work again. Step number two, fingerprinting. When you have your product open, you will find a PCB, probably, with a lot of electronic components. You just have to read all the references over this component and to find the interesting one. This step is read the fucking data sheet step. When you have detected the interesting components, like memories or microcontrollers, you are going to use them. You have two ways to do that. You can unsolder the component and try to plug it on another PCB to work on it more easily. Or you can directly connect the tool you are using, you use to the component to perform an online analysis, so both ways. Then when you are connected to it, you try to perform read and write operations to access the data. When, of course, you have the data, you are going to reverse engineering the process to try to find vulnerabilities and to exploit them, of course. This is our purpose, our exploit purpose. It's to dump all the data. We want to do that. But beyond that, we want to make this step number four right here to be a child's play. We want to dump all the data, allowing someone that is just able to read a data sheet or to solder one or two wires to do that, to dump the data. The goal is to create a bridge between the hardware and the software. Most of the time, a software plan tester will know how to access the software, but when you have hardware, it's more complicated sometimes. So the goal today is just to present you a tool to create a bridge, to have a simple way to read the same data as a software plan tester have. I tell you before that my profile was more about software stuff. And a guy like me should be able, and no, I'm able to do it, to interact with electronic components without having to struggle with a lot of documentation and things like that and to know all you need to know about electronics to do that. So, oh, why? Why would you want to dump data? Okay, that's a bit of a silly question, but because, of course, you can find a lot of interesting information inside memories, inside microcontrollers. You can find passwords in clear text sometimes. It's the equivalent of the sticky note on the screen of the computer or under the cable, but for hardware. You can find file systems and firmware. And, yeah, maybe you're just a curious person and you just want to know how the electronic product you just buy works. It can be just that. And you should be able to do that. And so, how do you get access, how do you interact with an electronic component? You are going to use buses. So, here is a not exhaustive list of them. We can find the SPI, I2C, GTAG. So, you may be familiar with these buses. And so, the more buses are deployed can handle and the more we will be able to interact with electronic components. And this is our goal. So, you may wonder, okay, I know some tools that exist and they do the same. They're the same as Asploit. And some people ask us this question a lot of time. So, we just create a quick review of the existing tool. So, like Buzz Pirat or GTAGulator, GoodFet, our some tool, we are using them for our audits. But, because we use them, we know what are their limits. And we took inspiration from them for Asploit. So, you can see that, for example, we are the Asploit manage the parallel bus. So, the parallel memories. And we focus mainly on modularity. All the tools are based on microcontroller and we use FPGA that can be code with VHDL to improve modularity. If a new bus came out, it can work with Asploit. Okay. So, here is a little communication side. How do you interact with Asploit? How do you use the tool? We start first with the higher level, the GUI, so the graphical interface that is developed with Ruby programming language. So, the interface peak communicate with API. Asploit is connected to the computer with USB 2.0 communication. And then, Asploit use microcontroller as a bridge to communicate with FPGA and FPGA memory by using the SPI bus. And then, the FPGA, that's the big part. It's this component that is going to manage all the bus we can work with. And so, the FPGA with the compatible bus will be able to interact with the GPIOs of Asploit in order to communicate with a target. So, you can see a quick list of possible interactions like sniffing, reading, writing and executing custom commands. And what you want if you create a custom module in FPGA, you can send another one and you can interact or create something like, I don't know, what you want. If you know about VHL, you will be able to create your own Asploit module to work with a specific bus. Yeah, for custom protocol, for example, or something like that. Okay, the prototype making. So, we are a little company, so we use low-budget type solution. We just buy it for our first prototype. We just buy the PCB. And here you can see, yes, you're not dreaming. It's duct tape and PCB scrap to hold the board. It's the way we use to apply soldering past on the PCB. And for that, we use a stencil. And when you put the solder past through the hole, the solder past put on the top of the PCB, on the top of the board. And after, you need just to put your microcontroller or FPGA or 64 LED manually, for example. And you can create your own board like that. And this operation requires a lot of accuracy. Because the FPGA, for example, have like 64 pins. And they are really close to each other. No, 144. Okay, sorry for that. And so, step number two, you've placed your component with your little hands on the board, on the soldering past. You use this slightly modified oven to melt the soldering past. So it's a classic oven, of course. Slightly modified with an appliance that Julian developed. Yeah, it's not perfect. But it works. But for the last step, you need to open the door to showcase the temperature. He told you DIY, DIY. Yes, I'm DIY enthusiast. And so, okay, so reflow in. And this is the V0.1 Arthploid prototype. Okay, don't leave the room now. It's just only a prototype, okay? We called it the Green Goblin. So huge baby, as you can see. So we have the 64 GPIOs at the bottom. The FPGA in the center. And Christmas Day, okay? Day past and Julian improves the process. And so, we gain a budget. And with this budget, we were able to buy some more efficient tool. So the stencil, first photo to apply the soldering past. So no more duct tape anymore. So then you have the pick and place machine to just put your component on the soldering past. And trust me, when you have 64 LED's to place, it can be very useful. And we have the brand new reflow oven. I'm not sure you can cook pizza in this one. My boss didn't allow me to try. Yes, you can. If you're watching, please, for science. So for hardware, it works pretty much well. And it's the result. The final version of the board. So smaller, of course. We have 64 GPIOs, like I said, with LID for each of the pin. You can connect a target, working on the 3.3 or 5 volt. So we use a Cyclone 2 FPGA, a USB 2 communication, like I said. And you have protection against ESD discharge. It's important when you plug in and plug in. As you can see, it's not the size of a USB key, but you can hold it in 1-1. Okay, here, it's better. So it's pretty lightweight and fits in 1-1. Okay. So how do we organize the Earthploit? So with Earthploit, you can plug, wire your target to Earthploit. You will be able to manage a list of components that you have created. So you can search components, create them, share them. You have the commands part. For a specific component, you will have commands. And then the interact module, where you can find the list of the buses we can interact with it. For the graphical interface, I use the Qt, well-known Qt library with Ruby programming language. And I divide it in three parts. So you have the chip management to manage your components, your electronic components. Then you have the wiring helper to help you wire your target to Earthploit. And then you have the command manager to create commands, to edit them, classical. And it looks like this. So this is, for example, on the middle, the first window that opens when you launch Earthploit. You can see that we have a table with several components. So the current chip we are using is 24LC64. When you work on a specific chip, it will appear in the tree you can see on the left. You have several options, the wiring helper. You can edit your component, of course. Use it as a template to create another similar component. Delet, obviously. And under the manage option, you will have all the buses compatible with this component. So here it's the component to use the bus I2C, the I2C bus. And you can add specific settings that we ask for this bus. You can use the custom commands menu. You can import and export. The export is like the dump of the component. And on the right, it's the form to create a component. So we ask for the reference of the component. We ask for the voltage. We ask for the manufacturer, the type, the package. All the information required are... You can find them in the component data sheet. So nothing difficult. And the last part is the pin table. So we have like eight pins for this component. And we only use pin number five and number six. So we can see how they work on I2C. And we have the signal associated to this bus and to this pin. Okay, so the important part. It's the wiring helper. It's one of our favorite modules. It helps you connect your target to ArtSploit. And I'm colorblind. So I don't like to try to put the blue and the pink. So we work by using lead. So here is the data sheet representation of the component. When you have created it in ArtSploit, you can use the wiring helper module. And it gives you another representation of the component. And we can see that here we have the pin number five and six. And if you want to wire the SDA, for example, you just have to click on it. And when you click on the pin, it will automatically turn on the lead, the specific lead on the board. And so you know where to connect this pin to ArtSploit. Yes. For each pin you have an LED to show where you need to put the wire. I don't know if you use bus pirate or something like that. Sometimes it's very boring to find the good wire. And sometimes you have a big job. If you want to put a simple SDA for it to see, you need to put your wire on Mosey. And you don't know why. So it's not easy sometimes. We try to make this step really simple. Okay, I'm going to be quick on that because we are going to see that in the live demo. Yes, a word about the API. So you can use it freely, of course. If you don't want to use the graphical interface, of course, you are not obliged to. You can create your own if you want and use the API with your own program. So it's really open, well documented. So don't hesitate. Okay, so what's already available for ArtSploit? We can work with parallel buses. We have the helping wiring. You can work with I2C memory, I2C bus. SPI, we are compatible with SWD for GTAG. And you can use 64 GPIOs for your convenience to do some bidmonging, for example. So that's what we have for the moment. And what we want for the future, it's, for example, the component and command sharing platform. For software, we can find a website with a lot of exploit, for example. And you can download them and use them in tools like Metasploit. And I want the same for ArtSploit. That say you can download a component with his commands and integrate it to your ArtSploit. You will have UART module, the parallel communication but with multiplexed memory. I2C sniffing, SPI sniffing. We want to add wireless communication too for a training platform. Metasploit integration, of course. So just launch the ArtSploit module on Metasploit and you will be able to use ArtSploit. So we are working on that. The GTAG pinout finder, the one wire, the CAN bus, et cetera, the list goes on. And now because a live demo is better than a speech, we are going to show you a concrete case by using ArtSploit. So let's imagine we have a door that uses an electronic lock system. So you have a pin code to enter, A, B, C, D, four letters. If the combination is right, the LED turns on and if the combination is wrong, of course the door stays closed. So what can we do? We open it and we find that. Okay. So we can see there is four buttons, A, B, C, D. And then the fingerprinting step. So we can see that we have one SPI memory, two I2C memories and one microcontroller. Okay. Online offline analysis. Are we going to unsolder the component or just to plug wires directly on it? Your choice. And that's the scenario. We open ArtSploit. We create the component. We connect the component to ArtSploit. We enter the component settings, of course. And then we dump the content firmware, the content of the memories. And we will see what we can do with that. Okay. So first we are going to work with the I2C bus. Yes. No, that's not her at all. No, of course. Okay. So we launch ArtSploit. So the first step is fingerprint, of course. And trust me, on the board you have a memory. We start with I2C and in fingerprint we find, we found two memories. So when you know the I2C protocol, you need to know you have addresses, et cetera. So with I2C, just click on the memory and you can use a function to scan the bus. And after that we have a list with all available addresses. So it's very interesting because we just, to click or something like that, you have information on how many memories are available. Of course you can see with your eyes on the board, but you need to go on the data sheet, et cetera, to find the good address. Because the address for I2C is hard and you need to put some wire with pull-down or pull-up for the guy who knows that. So it's easy to click. So for the demo, we set the seating to A2 and A3 because the sensitive data is in this memory. Trust me. And if you want to dump all the contents, you need to read the data sheet to know all the size of the memories, where I need to read, et cetera, et cetera, write the pointer. It's too complicated. Not the case anymore. Just double-click on export. And choose, yes, we can use the same. Replace it. So this is a dump. Just click. Full export. And it's finished. So just click on the file. Of course I use BLAST on a Linux. Maybe you use another tool, it's not a problem for that. And now you can read all the contents. For the demo, it's empty. But if you... Oh, what's that? Of course. Snap. So it's true. In the real life, when I use some... It can happen. You can find some sensitive data like that. It's true. So here, of course, it's just for the demo. And you can use it to open the door. We can try now. And the goal after is, for example, to change it and try again if you can change the password. We do that online. Let's try to change the password. So the first step is just to check if this password is a good password. So ACDB. Okay. Can we please have... Like the... Okay. So to be sure. A... No, no, no. Oh, it's not... Oh, that's all right. So let's start again. No, it's still not. Where is the board? Yeah. It's not easy. So password ACDB. ACDB. So, of course, we will... Wow. Of course, this demo is easy. But now we change the password and try again. So don't forget, you can remove the password and do some sort of denial of services, for example. If I put a short difference or ACDB, it's not possible to type this password. You create a DDoS, sort of DDoS. It's not the goal today. So to change the password, you can dump all the content, change with your preferred software, and you can put all the data inside the memory after. But you need to re-array the content, et cetera, et cetera. So maybe we can just create a custom command to read the memory, for example, in your hardware hacking stuff. Or you can just change for share. When you create a custom command, you can just change the data. So, of course, we create a lot of command for demo or something like that. So today we can change the password with, I don't know, BBCC. So just so you know what a command looks like. So it's a command. It's just a name, a description, and a list of bytes that you can see in this array. And all the commands of the components is in the data sheet, so I won't belong on that. And we want to change the password. So when the command is created, you just have to execute it. Okay, we see that we are... You receive ACK, because you need to see you can receive ACK, so it seems to be... Okay. Let's try to dump the content again. Yes, to be sure. To be sure we change the password, we read again and check if the password changed. Okay, replace full export. Okay. Yes, that's the beginning. Okay, so we can see that the password is changed. We can test it. So the next step is to try if the password is right. So for that we go again on the board and BBCC. So BBCC. It's okay, yeah. Okay, of course. So the goal is just few commands or few click. You can create your own command. When you do some hardware hacking, you need to create a custom command most of the time. And it's very boring to recreate. You can create your own script. It's true, but here it's just few click. And I know all the people like a command line, but sometimes just two click, it's cool. I think. Okay. I think it's okay for it to see memories. So we can do a demo with SPI protocol. When you do some hardware hacking stuff, you need to know about it to see, and you need to know about SPI, of course. So the next step, we will close all to be sure no problem. Okay. I will plug another wire, so I don't know if it works the first time because I just put... But I think it's okay. The first step is the same. You check the wire, wire ring to be sure all is okay. No ear. Sorry. Yeah. It's the same. Of course, when you have two wire, it's easy to plug the wire. We have five wire. It's not complicated. It's not easy, but it's not complicated. So to be sure, we just check if all is done. If you put... I don't know if you see. Here we want to connect the CS pin to Earthploit, so we click on it, and here you can see that we have to plug the CS pin on the first pin. The first pin of Earthploit. Then you just have to repeat this operation for the three other pins, and it will be okay. It will be good. Just check my ISO because I'm not sure. Okay. Okay. All is seems to be okay. Okay. So now let's continue with... So the SPI... We have exactly the same commands. So let's try export. Okay. SPI replace export. You can see that Earthploit is processing behind. Okay. It tells you when it's over. Oh, another password. Yeah. At the beginning of the file this time. So we can try if you want to be sure, but before we can change, it's the same thing. We assure you that it works. So you can show just the command. I think it's interesting for SPI. Just if you have a flash or something like that, you need to send a write enable. And for that, just... That's a specification of the component. You have to enable the writing before being able to write, of course. So first we enable. Okay. Okay. The command is enabled. Now you can write on the memory. Six is the byte to enable the writing. Yes. You have this information on the data sheet. And then we change the password. Okay. We see that we send 66. It's the B letter. The equivalent exact smell of the B letter. And to be sure, we read the game. Dump again. The same things. Okay. Dump over. Okay. So perfect. I can see SPI. And yeah. It's the same thing. You can try the password. Of course, it's the same. And you can try your custom if you want to read, I don't know, 66 byte at 10 address 10, et cetera, et cetera. You can create your own command. It's very easy if you need to use it a lot of time. So it's very good for that. Okay. The next tape. We have a microcontroller. So we may be able to dump the firmware of the lock, of the electronic lock. Do people know SWD protocol or not? It's okay for all. Okay. It's like a G tag. But for arm processor. Okay. And with the custom protocol. Very well documented. So for the G tag, the SWD, you don't need to create the component in a exploit. You just have a simple menu right here. And you have four options that is detect, export, import, and erase. So first we want to detect if the wiring is okay. And to do that, we just click on detect. So behind, we upload the SWD firmware inside the FPGA. Then we execute the detect command. And we can see that while we have some information. Yes. For the moment, it's just the beginning of SWD module for our exploit. So for the moment, you have all the information of the target. And after that, you can map very easy to dump all the content. If you read the data sheet, you can read for this ship. You need just to use this address with this size. But the size, you can read the size of the flash directly inside the microcontroller. Yes. So it's automatic tool because SWD protocol send good information to read all the content, all the flash. So it's perfect. If you plug, just detect to be sure all the wire is done. And after, just import or export, like a dump. Let's try the dump, for example. So same as usual, you select a file. Lockfirmware.bin. OK. So exploit is processing. OK. And OK. Here we have the electronic lock firmware. Of course, without readout protection for the experts. And if you read the content with readout protection, you read only zero or FF. It depends on the microcontroller. So most of the time, you can read the firmware like that. But with not easy tool like OpenOCD or something like that, it's a very good tool. And we need to have a framework with all tools inside the same. And it's for that we can exploit like that. We want to all in one tool to click for SPI, to click for E2C, to click for SWD. I'm expert on hardware hacking. And I need to not to lose my time, just to create a bridge between the hardware and the software. So now with few minutes, it's possible to read all the content. So now I can focus on reverse engineering. OK. It's for that we create. We use this tool all the day. So we have a string at the bottom, of course, for serial communication or something like that. You can read all the content here. You can inject backdoor or something like that if you want to reput firmware after. We have some checksum control sometime, but it's not security. So it's not a problem for that. So now we erase all the content of the firmware and we read again. And we just put again the firmware to demonstrate. It's very easy to dump and to write again on the side or on the target with just a few click. So we erase the content of... Are you sure? Yeah, I'm sure. Let's do that. OK. It's over. So now if you try to enter the password of the electronic lock, of course, it will not work. Yes. We can... Oh, yeah. Yeah. If you can switch just... Yeah. If I... Now, if I put on some button... No more light. No more light. Of course, firmware I erase. And now let's just import the firmware again. So... Change maybe the firmware to keep... Change the name. Oh, OK. Yes. You can take it. OK. So Asploit is writing the firmware right now. OK. OK. OK. Let's try to see if... OK. Now, when I put the button, we have a live again. OK. So it's perfect. It doesn't work with just one button, one file, and two seconds. OK. So, of course, you... Yeah. Thank you. You can have a lot of fun. Here is... Yeah. Well-known router, Linksys router. Linksys use, for example... So you fingerprint, you open it. You fingerprint. Memory that is using the parallel bus. And so it's always the same thing. We unsolder it and we resolder it on our own PCB. Or you can use a custom board. Yes, because very fine pitch and very close. Most of the time it's not easy to just put a wire. And if you can't create your own PCB, you can use this kind of device. So I'm a DIY enthusiast and so I'm an electronic engineer. It's not complicated for me to create the custom board. But sometimes for obese or just to check, or I don't know, you can just use a socket without solder... Yeah. Without solder. Yeah. And now you understand why we have 64 GDIOs. Because of course parallel bus needs a lot of GPIOs. And if you want to put this wire, you can use R-Sploit for each wire. And it's very interesting when you need to put about 64 bits. So we were able to dump the content. It's the same process that we have seen before. So I think it was the open WRT firmware. Yeah. So we are not going to remake the process, but it's exactly the same. With the SquashFS, et cetera. Today it's not the reverse engineering talk. So it's for that we don't explain. It's not directly the firmware, of course. It's SquashFS, originally. It's a five system. So then you will have to remount it, but it's not the R-Sploit task for that. Yeah. It's an open firmware, so it's not very interesting to dump. It was mainly for testing the parallel bus. Just for demo. Okay. I think we are over. And of course, if you want to learn more about our project and to follow us, you can go on the website. And if you have questions... Any questions? Yes. Thank you. Yes. Thank you again for that very interesting talk. The demo gods were with us. Lots of live demo time. So are there questions in the audience? Yes. I see one over there. Please come to the microphone. Yeah. Just 64 bits of input, but can you also apply an external clock and actually have the input latch for example parallel bus and actually latch it into the FPGA using this external clock where you can get the maximum clock rate? For parallel, we are in asynchronous mode. So it's not necessary to plug the clock. But if you want, you can just create a custom firmware and you can use the clock of your system. But you need to send the clock so you can generate the clock by FPGA. To be more simple, it's just asynchronous and just generate address and it's worked perfectly. What's the maximum clock rate you can sample on? Sorry? The maximum clock rate to sample it from the clock domain from the FPGA. You don't have a sample, but it's not a sample. It's just a latency and we have about seven nanos gone. Okay. So please leave the room quietly if you really have to leave now. Otherwise, think about staying for a few more minutes. I guess there are some more interesting questions. I heard there's a question from the internet. Yeah. Hi, I'm over here. Thank you. Can you say something about the difference between hardsploit and maybe a common FPGA development kit like a cyclones data kit with an expansion board? You have the same FPGA. So, of course, if you put my firmware inside, it's worked with the same behavior, of course. But don't forget, you need to program your FPGA. So for that, you can use a blaster, for example, or external tool. So here, we use microcontroller to program external memory, to program the bitstream, et cetera, et cetera. So we are creating a big bridge between FPGA and graphical interfaces. So, in fact, you have graphical interfaces, API in Ruby, communication with microcontroller, and microcontroller communicates with custom internal protocol with FPGA. And inside the FPGA, yes, you have two modules. We have hardsploit core and to create some communication with microcontroller, et cetera. And now, we have a module. So if you need SPI, you just create SPI state machine and you can fill 5.4, first in, first out memory. And it's okay for you. After that, hardsploit core does the process data and all this for you. So, in fact, you have an array data, an array on Ruby, and you have 5.4 on the VHDL. And you can do what you want. So, it's true, you can use the demo board, but you need to program, et cetera, et cetera. You will not have the full process, of course. Okay, then next question over to the side. Two questions first. I looked at the side but I didn't see any schematic source codes, whatever. You will release them? For the moment... We are talking about it. We are not sure for the moment, but we are talking about it. For the moment, graphical interfaces is open. If you don't use it, it's not important for you. But you can use APA. Of course, APA is open. And now, you can use very little line, to interact with SPI. For example, just create an aspect object, and the next line is dump. So, today, you can use aspect like that. Just two lines of Ruby code. For the schematic, for the moment, it's not open hardware. But maybe change... We are not sure about that. Okay, second question. Such a project lives by a community. Because you probably cannot go and implement all kind of protocols. Yes, of course. The goal of R-Sploit is to create a database like MetaSploit. You see, we have only five. It's not true. We have more than like. It's just for the demo. But we have a problem. Because if you are an expert, it's not complicated for you to create a command and a target. And another purple can use it just like that, with two click, of course. But in the real life, it's just two click, because you need to create. And the next step is to create a community to create a command. But it's not enough. It's true. We need to create another module. And it's for that, we try to change the schematic, to IOP answer your question for the community. We will rely a lot on the community to share their components. They have created all their commands. So someone that don't know how to interact with a specific component, he may find the component online, download it and add it to his Asploit, and he will have nothing to do with just clicking. At the beginning, Asploit is for internal purpose. And now I think you are here. So it seems to be interesting by Asploit. So maybe we can change this. It's still in development, of course. And we are thinking the way to adopt. Yes, because we use Asploit all day. So I think we can increase the capability of Asploit with you. Okay, then next question, again another question from the internet. The internet has no sound. Can you think of known limitations to Asploit? So will there be any components or protocols that will never be supported? Or can never be supported? The limit is the same answer. It's a seven nanosecond latency. And after that, you can create what you want. Not exactly. You have a problem with internal memory of Cyclone 2. So it's complicated to answer your question because the goal of Asploit is to create a framework and versatility framework. And of course, the limit is only seven nanosecond latency because we work 150 MHz. And for the bus we want to do that we are not limited by the FPGA. So just with this limitation, just seven nanosecond. Yes. Okay, thanks. Then next question from in here. I think the time-consuming thing will be getting the datasheet and modeling the chip. And I think it's a great idea to have a sharing platform for this. Yes. Intermediate step. How far are you? What is your internal database that you have right now that you, when you get it right now to the market from the first step without having the sharing platform? Okay. What we give in the database when someone gets a product, that's what you... Yes. Well, the component we have worked on, I think. And the one you can... We are going to give a component for each bus so that in command, so that people can take an example on this component to adapt to their own component if they are not using the same. And don't forget, for example, the button Full Dump, Full Export, et cetera, it's automatic. And you need just to specify the size of your memory and all is automatic. So if you want to dump 64 kilo memories or 32, et cetera, it's the same. Just change the size. And the size is on the title of your datasheet. So for example, for SPI or E2C, it's a problem to have a custom memory, a custom command because you don't need. Okay. So maybe it would be a good idea to have an inherit command to take the chips you already have and just change them and have another one. Yes. You can use the existing component as a template to create another one. Okay. I think we have time for two more questions, perhaps. Please. Will you be able to do detection of JTAG and serial if you don't know which points on the board? Yes. It's for that. So for JTAG or SWD, most of the time you have on the top of the board, SWD and TMS, et cetera, et cetera. So it's true in this example. We know the card, so it's easy. It starts at the beginning of SWD. It's for that. It's not very clear for SWD. But in fact, we have only two wire and you can read the data sheet and you can find a clock of SWD and just use a multimeter to find the pin on the board. And for Asploit, we have the buses next week to use with helping wiring. The question was, how do you connect the SWD to Asploit or to the target? No, I was just wondering whether you have the same functionality as JTAGulator has now. You connect it to lots of points and it will attempt to identify which points are JTAG or serial. I'm not sure. So say you have a board with no labels and you're trying to find where is the serial interface or which are the JTAG pins. And JTAGulator will try to... Yes, it's not a brute force for the moment. Yes, I understand. For the moment, you need to put in the right wire. If not, it doesn't work, of course. But it's FPGA and you can create an algorithm to brute force like JTAGulator. If you go on Asploit.io, for the next step is the first step. You're trying to implement this functionality so you won't be able to connect the wire and just launch the detection. So it's on its way. And you can replace JTAGulator with this tool. But it's not the goal of Asploit. It's just to have a framework because we love this tool. It's the beginning of hardware hacking. But we want to put all the good tools inside the same community. You can use it easy. Thanks. Thanks again for the questions. The speakers will perhaps be outside in a minute for further questions. But I think we can all give you a warm applause. Thank you for your talk.