Here at Hackaday, we routinely report wonderful informative posts on various areas of hardware hacking, and we even have our own university with courses tackling the topics one at a time. I’ve had my own fair share of materials to learn theory and practice from over the years I’ve been hacking – for over thirteen years by the looks of it. When such materials on a particular subject were not available, I would trawl through hundreds of forum pages for details on a particular subject, or spend hours grappling with a complexity that everyone else found obvious.
Today I want to highlight one of the most comprehensive tutorials on hardware hacking I’ve seen so far – from general principles to technical details, covering all levels of complexity and combining theory and practice. That is The Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. In four hundred pages, you’ll find as complete an introduction to hardware subversion as anyone can get. None of the nuances are taken for granted; Instead, this book fills in any gaps you might have, finding words to explain each relevant concept at levels from high to low.
Aside from the general hardware hacking principles and examples, this book focuses on the areas of fault injection and power analysis – underappreciated areas of hardware security that you should learn, as both of these practices give you superpowers when it comes to taking control of Hardware. This makes sense since these areas are the focus [Colin]’s and [Jasper]’s research, and they can offer you something you wouldn’t learn anywhere else. You’d be fine with a ChipWhisperer in hand if you want to repeat some of the things this book shows, but that’s not a requirement. First off, the book’s hardware hacking theory is something you would definitely benefit from.
Having a solid theoretical foundation for hardware hacking helps a lot. Don’t get me wrong, you’ll do pretty well reading our articles and learning from examples from the work of your fellow hackers – but there will be structural gaps in how hacks relate to each other and what else is hip there.
Traditionally, gaps like this would be created by universities and educational courses taking lots of information, structuring it, and then giving away that structure for you to sort through any further knowledge within it. Unfortunately, we know that even if you can find a professor, it doesn’t require their lectures to be engaging – or up to date. This book spends a hundred pages creating a structure for you, a categorized bookshelf on which to organize your books. To have a complete picture of hardware and never run out of ways to approach it, it helps to understand your device the way hardware security understands it, and both our writers have worked tirelessly to refine their mental framework to convey to you, with ample examples.
Whether it’s going through Intel CPU die shots and pointing out different areas, showing protocol signal traces to demystify what’s really happening to a signal, or explaining the potential hidden in various PCB features, where you might encounter on the board you’re tackling, you’ll get a glimpse into the mind of an expert as you go through the examples they provide. It also doesn’t shy away from topics like cryptography – something a hacker may not know they can use and may be forced to treat as a black box. In fact, it’s arguably one of the most important topics a book like this could address—and go there, it does. Before you start RSA key extraction, go through RSA calculations associated with cryptographic signatures – while some understanding of algebra is beneficial, it’s not required and you can always add something like something the RSA calculator we recently covered.
No doubt you’ll want examples, because that’s how we learn best. With these advanced techniques in hand, they take the Trezor One Cryptowallet, a device sold online today, and bypass its security measures by extracting the private keys stored on the wallet. The focus on performance analysis and glitching pays off here – in the truest sense of the word. This demonstration is advanced and difficult enough that it deserves its own chapter, and even if you don’t follow the steps, the attack ties the concepts you saw together and helps you make the connections between what you see. have read and what you will do when you need to extract secrets from your own device.
The authors ensure that the theory remains tightly coupled to real-world hardware throughout the course of the book. As a training ground for the Trezor wallet foray, you’ll be taught how to solder a FET to the bottom of a Raspberry Pi 3B+ PCB to disrupt the CPU power rail and try to skip the CPU instructions. This exercise assumes you have a ChipWhisperer, although just the Lite version will do, but if you still want real results without the precise timing that the ChipWhisperer brings, you can use an ATMega328P and a piezoelectric generator from a BBQ -Use the lighter – this gives you insights without tying the value of the book to additional hardware.
Then they dive into power analysis—something you can often do with an oscilloscope—and walk you through the basics. It’s a chapter I’m still only working through myself, this book being as information-dense as it is. I have high hopes for it, however, since performance analysis is both a relatively non-invasive method of extracting information and also an attack vector to which most hardware out there is vulnerable, making this part of the book a priority for me if I have some free time in my schedule. In fact, about a third of this book is dedicated to power analysis techniques, from basic to advanced, and walks through multiple test setups, even with an Arduino-based target to get your feet wet.
Of course, some of the power of hardware hackers resides in their equipment, which is why it’s difficult to write a book like this and not expect your reader to have a few specific tools. The authors think of this, which is why an entire chapter is devoted to equipping their own laboratories – and that with high to very low budgets. You can use many of the tools makeshift, repurposed, or thanks to a friendly hackerspace nearby. Of course, you’ll go without most of them in the beginning, but if you run into a specific problem, it’s helpful to know that there’s a tool for your exact needs.
Since the publication of this book, we’ve seen Colin push the frontier of side-channel attacks once again. He only gave last year a remoticon conversation about EM injection glitches and provided us with an accessible way to do it without fancy hardware requirements. These side-channel attacks are a progressive field that chips will remain vulnerable to for the foreseeable future, and this book will update you on using these methods as you unlock your own
For newcomers, such a promising area of study is a great starting point for hardware acquisition, since many other attack surfaces we’ve known about for years are well protected today and often don’t work as well in the wild. For professionals, you will no doubt find a few blind spots in your knowledge that you would do well to fill in. We don’t have the technology to upload information to our brains – yet; Books are the closest thing to it by the looks of it, and The Hardware Hacking Handbook is a respectable attempt at teaching you what hardware hackers like [Jasper] and [Colin] knows.