Advanced Embedded System Hacking

Instructors:  Matt Domanic & Caleb Davis
Dates:  June 23 to 26 2025
Capacity:   15 Seats

This training provides an in-depth, hands-on approach to reverse engineering embedded systems, covering firmware analysis, hardware debugging, and PCB reverse engineering. Participants will extract, analyze, and modify firmware using advanced techniques in Ghidra while learning to decode proprietary communication protocols with logic analyzers. The course also explores hardware-focused attacks, including live data exfiltration via debugging interfaces such as SPI, JTAG, and SWD, as well as chip depopulation and deadbugging methods for accessing embedded storage. Additionally, participants will reverse-engineer PCBs to map critical components, identify attack vectors, and reconstruct undocumented hardware designs.

Objectives

• Develop the ability to systematically analyze embedded devices through visual inspection, identifying critical components, communication protocols, and potential attack surfaces. Learn to strategically craft attack vectors based on observed hardware features and interfaces.
• Utilize logic analyzer tools to decode embedded communication protocols. Leverage both manual techniques and automated post-decoding methods to reconstruct proprietary protocols and extract meaningful insights.
• Perform chip depopulation and deadbugging techniques to access embedded storage. Conduct live data exfiltration on powered systems via hardware debugging protocols such as SPI, JTAG, and SWD, targeting both volatile and non-volatile memory.
• Use Ghidra with advanced plugins to perform in-depth reverse engineering of bare-metal firmware. Analyze various storage formats, firmware structures, and obfuscation techniques while developing skills in patching, modifying, and redeploying firmware for controlled exploitation.
• Develop an intermediate understanding of embedded security mechanisms, including encryption, disabled debug interfaces, and side-channel defenses. Additionally, a cursory understanding of electrical engineering-based attack vectors, such as fault injection, glitching, and electromagnetic analysis, to assess potential vulnerabilities in embedded systems.

Class Outline

Participants will begin with a hardware-focused approach to reverse engineering, learning how to visually inspect and document embedded devices to identify key components, debug interfaces, and potential vulnerabilities. PCB reverse engineering techniques will be covered in depth, including tracing connections, extracting board schematics, and reconstructing circuit functionality to facilitate firmware and hardware attacks.

Next, the training will focus on firmware extraction and analysis, guiding participants through various data exfiltration techniques such as direct memory access via debugging protocols, chip-off methods, and live system interaction. Using Ghidra and its specialized plugins, participants will reverse-engineer firmware to analyze structures, locate security mechanisms, and develop controlled modifications for further exploitation.

The course will conclude with an exploration of embedded security mechanisms and attack vectors, including encryption, disabled debugging interfaces, and hardware-based exploits such as glitching and fault injection. By the end, participants will have a comprehensive skill set for reverse engineering both hardware and firmware, enabling them to analyze, assess, and manipulate embedded systems effectively.

Prerequisites

Participants should have a foundational understanding of embedded electronics. Experience with firmware analysis, vulnerability research, or low-level system debugging is recommended. Familiarity with common tools and techniques for hardware interface probing, binary analysis, and debugging embedded systems will be helpful. While prior hands-on experience with firmware extraction and debugging is beneficial, a general understanding of these concepts is sufficient to follow the material.

Hardware Requirements

• Logic Analyzer (Saleae, DSLogic, HiLetgo)
• Generic Universal Programmer (T56, T48, DataMan, FlashcatUSB, Xeltek)
• Universal Debugger (Segger, JTAGulator)

Software Requirements

• STM32CubeIDE
• Ghidra (svd-loader / typeLoader)
• Logic Analysis Software (Logic2)
• Universal Debugger Software (Segger Tools)
• Universal Programmer Software (XGPro)

Who Should Take This Course

The training is designed for intermediate to experienced hardware hackers, developers, or cybersecurity professionals who want to expand their knowledge.

Who Would Not Be A Good FIt For This Course

Professionals with zero to little hacking or development experience.

Bio

Matt Domanic is a Senior Consultant with SolaSec. He served for five years as a Detective specializing in digital forensics, where he handled complex investigations involving digital evidence. Over the past 8 years, he has focused on developing best practices for forensic analysis across emerging technologies, including drones, IoT, medical devices, vehicles, embedded systems, and damaged hardware. His work also includes extensive experience in reverse engineering hardware and embedded devices, identifying security vulnerabilities and exploits on a wide variety of devices.

Caleb Davis is a founding member of the Cybersecurity organization, SolaSec. Caleb operates out of the Dallas/Fort Worth area and has a degree in Electrical Engineering from the University of Texas at Tyler. He is an inventor/patent holder and has a background in embedded hardware/software development. He leads a team of experts that regularly perform penetration testing across a wide variety of products including medical devices, ATMs, chemical control systems, security solutions, and other commercial products. Additionally, Caleb has a passion for integrating security into the product development life cycle and has helped several organizations in their approach to shifting left.

To Register

Click here to register.