Course Details
Number of Days: 4
Attendance: In-Person
Course Description
This is a four-day crash course in rapid prototyping for hardware hacking. You'll build upon the basics you already covered in an introductory hardware hacking course and will design and assemble, from scratch, multiple malicious hardware implants.
We'll start with analysis and prototyping. you will:
Analyze an undocumented debug connector
Design and print an interface jig
Layout, fabricate, and assemble a PCB interposer
Safely make electrical connections
Bit-bang a custom hardware protocol in software
Once you have those skills under your belt, we'll use them to design, build and program:
A standalone hardware protocol payload delivery device
A wireless 'tap' for a wired hardware protocol
A hardware implant-in-the-middle device
In order to squeeze all of this into 4 days, we'll rely on existing open-source hardware and software that we can customize to fit our needs. We'll bring our portable lab of PCB mills, 3D printers, and a pick-and-place machine so that you can assemble and test the devices you design.
Course Syllabus/Outline:
Day 1:
What is Rapid Prototyping
Brief lecture on what, why, how, and the tradeoffs involved
Measuring Targets
How to directly and indirectly measure parts
Document the measurements of your target system
3D Printing Jigs
How to model targets and tools from documentation
Print parts to hold, align, and simplify access to testpoints
PCB Breakout Design
How the PCB design and fabrication process works
Designing your first PCB in KiCAD
Manufacturing your PCB on a PCB mill
Day 2:
Safe Electrical Connections
What to be concerned about when connecting to electronic components
Calculate and design appropriate protection circuitry for your target
Assembling Components
How to get your boards assembled, from single unit to high volume
Setting up and running your board through a Pick and Place machine
Analyzing a Protocol & controlling I/O
How to look at a protocol and find the useful data
Analyze an unknown hardware protocol, then write software to speak that protocol
What is a Hardware Implant
Brief lecture on combining these techniques to custom tailor hardware implants
Days 3-4:
Payload Delivery Implant
Analyze a target. Design a PCB interface with it, and program a microcontroller to drop a payload to the target system to escalate privilege.
Remote Access Implant
Analyze a target. Design a PCB to interface with it, and program a microcontroller to wirelessly proxy an internal hardware interface
Implant-In-The-Middle
Analyze a target. Design a PCB and program a microcontroller to filter and manipulate traffic over a wire between two components
Concealing Implants
Take an existing implant design, and assemble a very small version that can be easily hidden in many devices
Prerequisites/Background/Audience
You should have experience working with embedded devices over a serial console. Most introductory hardware hacking classes will cover this.
Ideally, you should have soldered a surface mount component before.
Ideally, you should be comfortable with either Python or C coding. There is not a lot of coding in this class, but understanding the basics will really help
We will cover PCB design, 3D printing, and automated component assembly. You don't need experience with any of these - but if you do have experience, you should be able to work through those sections more quickly and get to the hardware implants sooner.
What to Bring
A laptop with administrative privileges. We recommend installing Ubuntu 26.04+ on a spare system.
MacOS or Windows may suffice but installing the necessary software may be more complicated.
Notepad, tablet, pen, pencil, stylus, crayons... whatever you work with best for taking notes and documenting mechanical measurements
If you've got a test system you've been playing with that you might want to build an implant for, you're welcome to bring it - success isn't guaranteed, but you will have access to the tools to try.
About the Instructor: Joe FitzPatrick
Joe FitzPatrick (@securelyfitz) is a trainer and researcher at SecuringHardware.com with a personal mission to make all hardware devices at least a bit more secure.
He builds tools like Tigard and Erebus, and teaches Applied Physical Attacks trainings to help people break - and secure - their hardware devices.
His actual superpower is the ability to instantly end awkward conversational pauses if you ask him about BSides Portland, the CTRL-H Hackerspace, or drone taco delivery at ToorCamp.