HITB-Invoice-Logo

deep knowledge technical trainings

AUGUST 22 / 23 / 24 / 25 @ INTERCONTINENTAL SINGAPORE

IC Reverse Engineering & Code Extraction

Students who complete this course will be familiar with all important classes of low-level hardware attacks through real world examples covering the entire analysis workflow from the lab to the data analysis.

$2,299.00

Duration

2-day

Delivery Method

In-Person

Level

beginner

Seats Available

20

REGISTRATION CLOSED

DATE: 22-23 August 2022

TIME: 09:00-17:00 SGT/GMT +8

Date Day Time Duration
22 August Monday 09:00-17:00 SGT/GMT +8 8 Hours
23 August Tuesday 09:00-17:00 SGT/GMT +8 8 Hours

 


All trainees will be entitled to apply for a 30-day ChipJuice license by Texplained!


 

Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, etc) to fully-invasive methods requiring the use of equipments such as deprocessing tools, Scanning Electron Microscope, Focused Ion Beam, etc.

The latter class is known to be the most potent. On top of that, it also often brings sufficient knowledge about the target for the creation of easier-to-perform methods (non- and semi-invasive) to exploit weaknesses found in the embedded firmware and the hardware itself.

This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in ยซ Secure Elements ยป so as to conduct forensics analysis.

Students who complete this course will be familiar with all important classes of low-level hardware attacks (shield and hardware counter-measures bypass – ROM and Flash/EEPROM dump – bus passive and active probing – …) through real world examples covering the entire analysis workflow from the lab to the data analysis.

An introduction to non- and semi-invasive attacks will be given so as to be able to exploit the results of the IC RE and code dump results.

This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction.

When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate.

Researcher

National University Singapore

Dr. Wang Kailong is currently a research fellow at National University of Singapore (NUS). He received his PhD degree from School of Computing NUS in 2022. He has worked as a Research Assistant in NUS while pursuing his PhD degree from 2016 to 2021. His research interests include mobile and web security and privacy, and protocol verification. His works have appeared in the top conferences such as WWW and MobiCom.

Co-Founder & CTO

Authomize

Mr. Gal Diskin is a cybersecurity and AI researcher. He was previously the VP & head of Palo Alto Networks’ Israeli site, and is a serial entrepreneur. Mr. Diskin’s research has been featured in HITB, Defcon, Black Hat, CCC, and other conferences, spanning fields from low level security research such as hardware vulnerabilities, binary instrumentation, and car hacking to high level research on AI detection methods, Enterprise security, and Identity security. Mr. Diskin was also the technical lead and co-founder of Intel’s software security organization, as well as the CTO of Cyvera and HeXponent (co-founder) before their acquisition.

Senior Security Researcher

Huajiang โ€œKevin2600โ€ Chen (Twitter: @kevin2600) is a senior security researcher. He mainly focuses on vulnerability research in wireless and Vehicle security. He is a winner of GeekPwn 2020 and also made to the Tesla hall of fame 2021. Kevin2600 has spoken at various conferences including KCON; DEFCON and CANSECWEST.

Why You Should Take This Course

Students who complete this course will be familiar with all important classes of low-level hardware attacks through real world examples covering the entire analysis workflow from the lab to the data analysis.

Who Should Attend

  • Digital police investigators
  • Forensic investigators inย law-enforcement agencies
  • Government Services
  • Pen Testers who want to assess the security of the embedded code, allowing for a completeย  hardware + Software evaluation
  • Digital ICs designers & test engineers
  • Engineers involved in securing hardware platforms against attacks
  • Researchers who want to understand the nature of many hardware investigation methods
  • Team leaders involved in IC security and exploration as well as device security
  • Hardware hackers who want to become familiar with methods on ICs
  • Parties involved in hardware reverse-engineering and Vulnerability analysis

Key Learning Objectives

[“Recover ICs internal architectures”,”Evaluate the efficiency of existing countermeasures”,”Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations”,”Find out how to perform low-level hardware reverse engineering”,”Develop analysis strategies for the target devices and apply these strategies to recover their embedded data”,”Students will be shown how such informations can be used to define easier methods to find \/ exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes”]

Prerequisite Knowledge

The training is derived from Texplained ยซย IC RE & Attacks 101ย ยป which means that there is overall no prerequisites. The instructorโ€™s goal is to convert attendees to operational Integrated Circuit Reverse-Engineers no matter their original skills and expertise.
No particular electronic knowledge is mandatory as the training will start with digital electronic basics. Basic understanding of micro-controllers architecture and assembly language is a plus but will also be covered in the initial theoretical sections.
Attendees should be familiar with python scripting. If that is not the case, they will still be able to attend and work on the algorithmic parts while the instructor will help on the ยซย language partย ยป.
Attendees should also be familiar with HDL language as the training will include VHDL writing for building ROM models. The examples are designed to make this section doable even for people not familiar with VHDL and time will be spend to explain how to write good enough code to reach the results.

Hardware / Software Requirements

  • Students will be provided assignments on paper as well as the training material as a .pdf file.
  • For working on the examples and handling the image processing steps, Fiji (ImageJ) and Photoshop will be needed.
  • Executables for Windows and Macs will be given if not already installed on their laptop.
  • For the trainings including a session with ChipJuice, the attendees will be informed of the required setup prior to the session