Recon 2011

Nathan Fain
Day Sunday - 2011-07-10
Room Grand Salon
Start time 14:00
Duration 01:00
ID 109
Event type Lecture
Track Main

Ghetto Tools for Embedded Analysis

Automated JTAG/serial scanning, building your own FLASH programmer, re-documenting IC's.

Using arduino based scanning tools the techniques shown for hacking embedded devices should be accessible to anyone with basic programming skills. This talk will explain the workflow and toolkit to make analysis of nearly any device more accessible.

Every layer of design in a device, from logic to software, requires a means for debugging. These are often hard to remove due to their proximity to the metal layer of development and even when removed they leave physical and visual clues. These assist in redocumenting debug interfaces to ultimately modify running code or physical memory. This talk will describe open source tools, arduino based, that are easy to adapt to your target to find debug interfaces or dump memory. Some might laugh at the use of Arduino but the speaker believes strongly that the field of embedded security needs more participants to innovate. His intention is to make the barrier to entry lower and believes anyone with basic programming skills should be able to adapt these tools for their own targets. Also described are techniques for documenting footprints and interfaces on chips where no documentation is available. Participants are welcome to bring their own target that we can work on together during the conference.


  • The human abstraction layers of embedded development - the secrets they reveal
  • The workflow for embedded analysis
  • Documentation and Visual Examination of PCB - debug headers, pins, vias, traces and general layout decisions
  • Scanning vias/pads/pins for serial and JTAG
  • Desolder FLASH and building your own custom memory dumper
  • Re-documenting unknown chips and footprints