 Thank you for your attention so far and we're back to the hardware track with now a panel with our generous contributors to this track. So we have been garnered from yellow flag security, a heavy vehicle hackers and say truck hacker. So I'll say it truck hacker. We also have Eric Evan chick. If you were in the catac pro talk earlier, well, you know, he's also a car hacker. And we also have my colleague, which is like me is not much of a car person. We're more of a IoT privacy people. Also, it works a digital day and is very interested in anything that has to do with intrusion testing. I'll keep those presentations short. If there's anything you'd like to say about yourself before we start, go right ahead. Any anecdotes between all of you. Who's a fan of whom though I think we're not going to do a reality show type. But I'm fairly sure we have a few contact pro supporters in the chat. So before we start the way this works for those who are at their first Q&A, you can go into Slido ask your questions and I'll moderate them. You can vote for questions you're curious about. And maybe I'll listen to the popular vote. Maybe I'll be a dictator. Who knows, you got to participate to find out. So the first question I'd like to ask everyone is so one notable exception about most of you are not came didn't come from hardware. You came from curiosity came from tinkering. They're interested in the whole picture of systems probably but how do you go from that to tinkering with Arduino maybe or you know, tell me where you started. To working on the real hardware stuff. So you could all jump in. At the same time, it's going to be chaos. There is no difference between like, small hardware and big hardware is like you just pick it pick it and look at it. It means if it's speak to a network and it is real hardware and deserve investigation, as long as it is connected gathering data, sending data, I do pick it. Yeah, I think my recommendation there would be just to build something anything like, especially like stuff so accessible nowadays with development boards or even the badge that you already have that you can write code for. Just to start playing with that and you know seeing how it works and know how do I get data out of this or hey it's got a accelerometer how do I read the data in from that. Because I think that's just how you'll learn how one of those interfaces work is and what's the learn ones hey the accelerometers I squared C. Now you know about I squared C and you'll run across a lot of other I squared C stuff but also once you get to look at spy or can or whatever other hardware interface. It'll have similar concepts and so once you start looking at that it's it becomes easier and easier after you do the first one. Yep, no dissenting opinion here, same thing you know hardware is hardware, especially you're trying to break something. Get some tools, crack something open have a look. Definitely universal protocols get a logic analyzer. Once you have a logic analyzer and you find those traces you're going to find lots of interesting data and learn about it you see learn about SPI. It's not different, you could just go do it. That's a good tangent. What would be like the top three things that somebody should have in there. I am just getting started kit. I think it's spreadsheet by Dimitri, you know spaz off that I linked and like it's it's already sorted by things that are tears for what your budget is and rather than like retread that I'm going to say just go to that spreadsheet. The only one I'll say you probably absolutely need is a multimeter because it's it's just like the on the most base tool of electrical engineering. I'm going to say don't cheap out on like spend a little extra on if you want to use the thing because the cheap ones are real cheap you can get you know for 50 or 80 bucks you can get like an okay one. You don't have to go with the fancy fluke models but I, I'd invest a bit in that if you want to get into it just because it's such a ubiquitous tool. Yeah, I agree multimeter is the very first tool that I've got. People who have zero access to tools and you know don't want to put pressure on the global shipping system at the moment. Some people might be looking into getting some time at their local accurate space. If your local accurate space allows this right now. So it's a come aga sorry about your neck. Ask how much is your local hacker space help you in doing hardware hacking. I know I'm actually so yeah part of a local accurate space the same and it's like we have we do have electronic workbench so we brought tools there and hopefully the pandemic went up and so we'll be able to get there again. So it helps like I know they do also do the same for cars. So it's like co-op garage when you can run time and work on your car and community sort of place. So it much it is much less expensive for everybody involved. So the black the accurate space definitely helps in that. Yeah it's a group called open barrages that aims to do that sort of hacker spaces for cars I guess they're the other one I've been to is in Seattle but it's quite a nice little garage they have there where you can people can bring cars work on them and they have all the tools. No hacker space here. Sorry. I'm jealous of those. Well, next time we're in person. Give you a tour. Awesome. So one that's a voted at the moment so I'll go with a voted no no going to have my own proclivities go on top of this. Any badge idea that's not been done that you'd love to see done then has an idea. I think it's all been done. I mean that's a rough thing to say. I feel like at this point the badges are basically art and so it's like yeah what art hasn't been done. I don't know right you can keep you can do it in any other different ways. This is I put this on because it's my favorite badge. It's the queer con 2016 badge and I think it's real pretty. It does some cool stuff but it's also just nice and pretty. That's a really good way to put it there are so more art please because I want to own it. Do you have any favorite badges on your end. The brain one. Yeah the brain is right up there. The battery is on the reverse side in my case. Usually the battery will be on the side, but I moved up the battery because I needed to access the SPI Nord flash. So I had to reverse the battery. Speaking of badges so someone asks I got a badge this year. Good job. If you want a badge Northside has a shot shot Northside that I oh sorry I'm done with the yes. So I got a badge this year. No idea what to do. Where should I start and so expert advice on where to start no no hints if you have some insider information. We're very serious about the non CTF badge. I'd say I made a workshop and the code actually work on this badge the Northside 2021 badge and I had no clue. Well, at the time when I chose the MCU the microcontroller. I didn't know that Northside badge team will chose choose the same one. So I knew just a few days ago that these are the same chip. I was lucky. Yeah. I'm going to do the youtuber thing where no okay. Where would you and I'll expand this question you know any piece of hardware what's your method when you say like okay I want I want to figure out this thing. What do I do the JTAG first what would you do. Start block diagram, you know, start drawing what you see and you can figure out how it connects by looking at the traces or by using the multimeter that both of these smart gentlemen said you know. And once you connect the labels so to do that block diagram so you get a picture. Michael you said read the labels what do you do when you have like mystery chip like this one is pretty good you know what it is but most of the time when you look at customer electronics it's been blasted out into oblivion send it out. Yeah, I have this particular problem. So I'm still looking for a proper method. So I'm having a microcontroller that I want to study. It's from Qualcomm. And it's linked to like for G cell madam and seems to be out there on some sort of non disclosure agreements I can't find documentation. So this nut is much harder to crack. The others. Yeah, you don't always go where you can look at the FCC database and just wig it. It's hard without data sheets right because you, you have to guess what some pins are and often then you're looking at other chips and trying to figure out well, you know what could these do and based on where they can actually be. Also, sometimes there's search engines that are not Google and that focus mostly on other countries that tend to have that maybe aren't supposed to be public. Yeah, use your use all the search engines at your disposal. Sometimes you luck out and, you know, by do you have something that Google doesn't. Nice. Did you try Yandex? Yeah, you can have some luck with that as well. Yeah, the NDA hearts are an interesting one. Even when you're doing this work, you know, professionally for companies that make devices using these chips, it can be a challenge because they don't necessarily have the permission to give you the access to that data sheet. So sometimes you have to go through these sort of multi-party agreement things and then you don't want to sign away too much of your right to do security research on either so it becomes a bit of a balancing act. It can be tough. The good news is that, you know, a lot of stuff, at the end of the day, those people who make the chips want to sell chips and they sell less of them if there's NDAs involved because it's just a longer process. So there seems to still be the majority of stuff will have available documentation. Yeah, that's what I noticed. It's like it's just a minority of chip, but yeah, a lot of them are still interesting. I had to look at a Wild Act that was specifically a chip that goes into the key fob remote for cars that allows you to unlock the car and start the car. And yes, that was under NDA and you were not getting that data sheet. So yeah, that's the type of thing where good luck you're going to have to try to figure it out because they aren't giving it to you. Yeah, I guess so. I'm curious how you balance this out. And because I learned something in Corey Doctorow's keynote about how car manufacturers that shifted the goalposts by saying, well, fine, we're going, you want to regulate what's going on the wire and make it a bit more accessible. We'll just shift to a wireless network. How do you how do you balance your research and then you'll stumble upon these things and you have to contextualize them in a security assessment. But like, what do you do when you find things that just look plain? I'll say like we're playing off like for, you know, forgotten interfaces or interfaces that That happens a lot. And I think it's maybe people are getting better and testing more of this, but you know, an automotive used to find stuff enabled that is not supposed to be able to production just all the time. There's been vulnerabilities on vehicles due to that like over and over and over and it's actually a really hard problem in, you know, in that product lifecycle because you have to, you know, you're designing something and you need access to design it. And then at some point you got to turn off certain functionalities and ideally you're also verifying that turned off. But then you also have to manage that whole process and make sure that, you know, you actually have this production versus debug from where the right one is getting loaded and preferably that only the right one could ever be loaded using things like security. But it's, you know, it's not unfortunately it's not that simple to do all those pieces right. Yeah, that stuff does that by and I mean in security testing you find them and you report them and sometimes they all we know that's there and we're not worried about it. And then you maybe try to exploit it in a way that shows that it really shouldn't be there or in other cases. I got some where we just set one cam frame something happened that definitely shouldn't have we showed that to the client they went oh no we got to fix that. So it really depends. So this one, I'm sure you've heard that question before, but what's the one book you'd recommend about like hardware, it's going to say electronics, let's just have hardware as a whole. That one's pretty easy it's hacking the Xbox. Learn off the internet basically. I don't remember one specific book, but it's like stack overflow blogs specification from manufacturer. It's like anything but I don't I actually didn't read a single book that I can remember only websites. I'm just kind of hoping that Eric's going to pull up the electronics, but I don't know if that's the one because that would be mine. I mean in terms of books. Yeah, the electronics is sort of the often called the best book about electronics and I would agree with that assessment having read most of it and all of it. It is an introduction to things that people doing security might not be as interested in right like it's a lot of the theory of how transistors work and how you use them and things of that nature that are not necessarily going to be how you get a shell on embedded Linux system right that's that's way far down, but if you're looking for the low level stuff that's great and then as Malcolm Day said the you know the internet's a great resource for the technical things as well. Hacking the Xbox is an excellent introduction to like what is hardware hacking it was the first book I read about it it's great. Another one from bunny. Well, my camera hates this. The hardware hacker published by no starch, which is just a bunch of his blog posts, and it's just a bunch of cool stuff. And I don't remember. Sorry. I don't remember. The employer doesn't like that either but there's also a car hackers handbook which is in cars, which is available for free as an ebook online if you Google it. I'd recommend that one just if you're into cars. I would recommend proof of concept or get the fuck out Bible. Big collection of art. Oh, and if you dig books those books are so like fricking satisfying and everything. The thing I like about people who do hardware is the same thing I like about these books is it shows us somebody care. And with where you immediately know I did this person care when they designed this, or did they give absolutely zero. Anyway, another another question and so that kind of ties into that. So creating a new piece of technology and you know this is going to Eric is going to all of you because what you've shown us with that proof concept. I think it also ties into it. So creating something that's useful can sometimes feel like super overwhelming. How do you get started on like fixing problems with hardware or, you know, finding cool stuff with hardware doesn't need to be like saving society but could be like exploring the world around you or. Yeah, I'll say pandemic helps. Here we're not stuck in our labs no no no. Yeah, I think in some cases, there's a lot to be said about making something that's just like incrementally better than something else that maybe has been done. You know, like, Joe Fitzpatrick came out with a tiger type. I don't know how to pronounce exactly it's his like, you know, USB to serial device and it supports a bunch of different serial interfaces. And you know that's been done to death you can buy those from a to fruit or did you key or wherever and there's a bunch of them out there. But he specifically wanted one that was USB C and a certain form factor and all this and you know it was documented well and so on and so forth. And so sometimes it's not about, you know, some breakthrough like hey this is some brand new technology and to be frank the contact thing isn't there's a ton of can bus tools out there. And sometimes just about hey like let's take this and put it in a specific package or specific pinouts or whatever the the clones of contact that a lot of people have found useful I know like, there are a few large tech companies that are using one of the clones of it for doing testing of like, rather large systems believe it or not. And they just chose one because the guy who designed it. He was originally trying to build something for hydroponics and aquaponics setups. And so his design used screw terminals where you put a just a bare wire in and screw it down. And they wanted that instead of the connector so they bought his right. So sometimes it's just this like, you know, little changes that make it more like better for a specific purpose is more important than hey I'm going to design something totally new. Because it is hard to find something that's totally new and then done it's going to change the world or whatever incremental improvements are often the way to go. And I'm curious what's your like most satisfying project that each of one like the one thing that you built. It doesn't need to be like we said earlier it can be art right. What's the thing you built you were like, nailed it. It's when I was like 16 years old. So back in the day, I build was always running out of battery. So I've built myself a power supply that will bring 120 volt alternative to 12 volt and variable voltage DC. That is the hardest thing. It's like that took the longest and back in that time. I didn't have the internet. So I had like the municipal library. So I got to go there back and forth to know how to do it. So it took forever but that was the most satisfying the power supply. That's nice. I'm going to need to talk to you because I know a lot of people do like in voting or they'll do like for self-sufficiency. But they buy kids that are pre-made and they don't know the math behind it. And I'm thinking for a 10 year old that was like a lot of math to figure out. Yeah, but it's like we learn like the whole thing and I had a friend and we make contests like the one who can produce like the most electrical current at 12 volt. Wow. And we are like a big electromagnet and it has to be able to lift weight. So that's how we tested the hard things. That is super cool. I'm thinking there's you know very patient parents and very, you know, one of the weirdest science teachers involved in the background. Ben, what would be yours? You know, I like kind of the ugly stuff this past summer. I managed to transmit some signals to a heavy vehicle just with one flying lead and a capacitor and a bunch of bit banging. To me that was just awesome. I like just goofy hacks like that it worked really sounds. I like it minimal is pretty excellent. Yep. Eric. Yeah, this one is I think one of my favorite like ugly hacks. I know it's just a fun story. So years back I was working on a prototype vehicle that was based on some GM stuff that they had given us. And we had what's called a break booster. So this was an electric vehicle. We had this thing called a break booster that it's basically a vacuum pump. The engine in your car acts as a vacuum pump has vacuum pump in it. The your brakes use that to do power breaks. We didn't have that in the engine. There was no engine. So we needed a break booster, which is the electric pump. Problem is that the GM break booster that we had from them was designed for different cars that had an engine. It was only designed to provide a bit of vacuum only sometimes. So we had to figure out what messages that we can send it to make it be on all the time. And through a bunch of kind of reverse engineering of how the thing what signals it was listening to to determine what was going on. We were actually able to convince it the engine was turning on and off every 10 seconds, which would keep it on at all times. And that actually somehow worked. So we turned this into one that ran the higher duty cycle. And yeah, that was, that was a dumb hack that somehow worked out. But, you know, just making do with the parts that we had. Yeah, that's hope everything outside of specification definition. Yeah, I would say on the public roads, it was for a test track and all that stuff. Yeah, it was an interesting one definitely not as engineered. Speaking of engineering, I have a question on security tooling and so this, I believe inches on Eric's presentation about rust tooling, but I want you all to chime in. Do you think like within there's there's go there's Python, which do you think has the most like the the brightest future ahead of it and the embedded tooling world and is one of these confined to the embedded tooling world. It's like, I use Python and see mostly, and even like assembly language. Yeah, I think rust has some interesting. It's very new, but it has some interesting things that could come out of it. So, first out there is stuff like what I ended up being able to do with the cross platform compatibility like that is something that's very hard to do with seed, just mostly for legacy reasons, and that rust has addressed pretty well. That's awesome. There's also quite a bit of effort going into making rust run on microcontrollers, which actually does work nowadays. So that's really neat because actually going to talk back at black hat in 2019 I think about writing applications in rust for arm trust zone. And that's a case where, you know, you have this potentially very security sensitive application, you want to make sure it's got memory safety and that's something rust can more or less guarantee for you as long as you don't use the unsafe keyword. And because of that, it is very interesting for those types of applications so it may actually target some embedded stuff. And then there's also some tooling around it. So recently it's probe RS, which is actually a implementation for debug tool or tool so it runs on your PC and connects to JTAG or SWD for debugging. So there's a lot of interesting tooling coming up in that but I think, you know, they all have their place like Python is great for writing scripts and really quickly iterate and really quickly build something out. Rust is an interesting language for building more of the heavyweight software stuff that needs to last longer live longer to be frank. And obviously C is never going to go away. That's just how most will write better software. So that's everything you're saying Eric and plus there's some cool work going into bringing rust written drivers and Linux kernel that have a pretty big impact on the higher end embedded systems that also aren't going to go away. Definitely rest for securing your things and breaking your. A quick closing question. I'm sure your talks today and your workshops have inspired people who inspires you the most in the art world at the moment. I mean, I think go first I think my friend rare inspires me with his house. Yeah, I would say Travis good speed. He wrote a lot of article I read. It's like going around like firmware readout protection and bad stuff like that. Yeah, I agree with both of those. Yeah, to add I guess, as already mentioned buddy Wang has done something really like, if you just look at all the stuff that he's done is just a bunch of awesome stuff in the space. And Joe grand being another person who kind of did a lot of the stuff that made her acting a thing worth looking at his stuff. Most recently he has a GPS that will always bring you to pizza. And then more recently actually, colonel Flynn, Thomas Roth and some other people who are doing well sort of stuff fault injection is a big part of what they're doing so that is you may have seen on Twitter, the air tag hacking. That was an interesting collaborative effort where Colin found like all the pinouts and stuff and then he went to bed and then Thomas ended up looking at all the glitching the microcontroller using some known exploits to break the firmware protection on it and dumped it. And then some other people are doing the reverse engineering of that firmware so that I think that's been pretty neat one to watch. If you haven't seen that yet just go. Google through air tag hacking and you'll probably find some some of this friends on Twitter and there's a great video from Thomas about how we dumped the firmware off of it. Yeah, and to see this happening almost live on Twitter it happened so fast I was, you know, of course this was going to happen but but the scale and the speed and the quality of the work which is like, fine. Cool. Well, thank you so much. I'm not seeing any other questions but if you have any closing remarks that you'd like to make on our points about hardware or, you know, get people in league and try hacking stuff. I open the port to you. Yeah, I will say start with routers. It's like the one the cheap one this they sell like in store. They are often easy. They do have serial port. Sometimes they do have JTAG they know they have no flash chip you can easily read. That's a good easy point of entry routers. I entirely agree. You're bringing me back to like the beginnings of is soft bill and all that. Yeah. Thank you so much. I think we're going to sit tight. Some of you guys are going to be where it's going to soon be CTF. So for anyone who's joining us for the CTF. Be sure to hydrate and, you know, get get those those hacking calories in because you're in for a treat this year. Thank you, everyone. I hope we see you in person next year. I'm extremely excited. Some more hardware stuff into north sex. So thank you so much. Thanks a lot.