The past decade of hardware hacking is mostly a story about open windows, unlocked doors, and keys left in plain sight. Physical access and a little know-how made sniffing and manipulating low-speed inter-chip interfaces like UART, SPI and I2C trivial – like stealing a car with the doors unlocked and keys in the ignition.
Now that physical access is in more threat models, we’re seeing some progress protecting against basic hardware hacks. The next evolution will be when attackers move beyond low-speed interfaces and on to the high-speed interconnects like DRAM, PCIe and SATA – where they still find the doors unlocked and keys in the ignition – but the car’s speeding down the highway at the same time.
I’ll start by explaining a few of the underlying reasons why manipulating these high-speed interfaces isn’t trivial. We’ll look at the commercially available tools to observe and manipulate high speed interfaces the ‘right’ way. Finally, I’ll show off a handful of techniques that allow you to DIY your way to success on a shoestring budget. Then, I’ll walk through a series of examples using inexpensive attack hardware and software against a few different embedded devices, running both embedded Linux and proprietary RTOSs. a