Interfacing with IoT Devices

In this 3 day course, students will learn the basics of introductory hardware hacking and interfacing with IoT devices to gain console access, dump firmware, and debug IoT devices. For many of the labs, the BUSSide hardware hacking tool ,created by the trainer, will be used for interfacing. Students will learn practical skills, tool usage, and some underlying theory.

Course Objective

To interface with a variety of IoT devices using UART, I2C, SPI and JTAG.

Training Outcomes

  • Learn basic electronics theory.
  • Learn and practice how to solder.
  • Learn and demonstrate use of the BUSSide.
  • Interface with UART.
  • Demonstrate desoldering and chip-off techniques.
  • Demonstrate Non-destructive firmware dumping using SPI and I2C.
  • Reverse engineer unknown interfaces using logic analysers.
  • Program the NodeMCU to interface with SPI and I2C.
  • Detect JTAG pinouts and gain debug access to a devices.
  • Learn simple Arduino circuits and programming, with applications in security.

Who Should Attend?

  • Embedded Systems Developers
  • IT Professionals
  • Penetration Testers
  • Hardware Security Auditors and Testers
  • Vulnerability Researchers
  • Anyone else interested

About the Trainer

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was the firmware developer for the BSides Canberra delegate badges for 3 years and is the creator of the BUSSide hardware hacking tool. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

What to Bring?

  • All materials are provided by InfoSect

What Will be Provided?

  • Laptops for class use
  • Hardware hacking tools for class use
  • Coil bound lecture materials
  • Catering provided.
  • Access to VMs with software for laboratories
  • InfoSect Swag

Participant Skillset

Students taking Interfacing with IoT Devices should have an exposure to C development (for NodeMCU programming).  They should have hands on experience in:

  • C Coding Experience
  • Linux

Class Syllabus

Day 1 (Electronics and Interfacing)

  1. Lecture 1 – Introduction to Practical Electronics
  2. Lab 1 – Soldering and Assembly of an Electronics Kit
  3. Lab 2 – Building the BUSSide
  4. Lecture 2 – Introduction to Hardware Hacking
  5. Lecture 3 – UART
  6. Lab 3 – Interfacing with UART
  7. Lecture 4 – Interfacing with SPI
  8. Lab 4 – Interfacing with SPI
  9. Lab 5 – Interfacing with SPI – Chip Off Techniques

Day 2 (Embedded Development)

  1. Lecture 5 – Introduction to Embedded Development
  2. Lab 6 – Embedded Development with the Arduino IDE
  3. Lab 7 – Defeating an IR Controlled Alarm with Arduino
  4. Lecture 6 – Software UART on the NodeMCU
  5. Lab 8 – Interfacing with UART Using the NodeMCU
  6. Lecture 7 – PWM and DACs
  7. Lab 9 – PWM and DACs
  8. Lecture 8 – SPI
  9. Lab 10 – SPI

Day 3 (Interfacing with IoT)

  1. Lecture 9 – Electronics Prototyping
  2. Lab 11 – SPI Fuzzing
  3. Lab 12 – Desoldering and Dumping NAND Flash
  4. Lecture 10 – I2C
  5. Lab 13 – Interfacing with I2C
  6. Lab 14 – I2C
  7. Lecture 11 – JTAG
  8. Lab 15 – JTAG Debugging