A path to learn hardware reverse engineering for cybersecurity.

Alex Fitzgerald

3 min read
Share

I'm not an expert, i am learning while documenting.

if you are someone starting off and gathering information on hardware reverse engineering. You have probably realized there is very little information (at least very hard to find) on learning how to do it.

The documentation of this particular learning path, may hopefully help you make a more informed decision.

What is hardware reverse engineering?

Take "reverse" out of the sentence, we have "hardware engineering"

Hardware engineering - (IN THIS CASE) is using the physical components of electronics to route electricity to achieve your desisted result. (it helps to think of electricity as the language, and the electronic components as "helping to pronounce what you want to say"

Now a days, hardware engineering its not all solely physical parts there is a lot of software involved.

If we add the reverse back into the sentence. Hardware reverse engineering, were usually working with a finished product. to figure out how and why it works.

Stage 1: Knowing how it works, before you can truly know. How to make it "not work as intended"

A great starter book on learning the basics of electronics is "Make: Electronics: Learning by Discovery: A hands-on primer for the new electronics enthusiast" (The picture is the third edition of the book.)

(BOOK COVER)

SIDE NOTE - For Charles platt book, buying all the electronic components can easily pass the 200 - 300 euro price range. If you don't want to spend that type of money for the "hands on experience" watching YouTube videos of the books chapters lets you understand the essentials.

Why I chose this at this stage? this was the first thing i have chosen because the book teaches the foundational building blocks of electronic devices.

Stage 2: The Arduino.

Moving to a made PCB, the arduino uno R3 (it being completely open source) to have a "Mini project" to learn the basic tools e.g probe around with a multimeter (trying to map out what connects to what), learn basic serial communications and learning the software side ect.

SIDE NOTE - You will need some sort of zooming in potential if you want to try to map the board with a multimeter.

Why I chose this at this stage? mostly because i wanted to get my hands on something to reverse engineer (and due to it being completely open source, it was a good next stage.)

Stage 3: Creating a cpu with a FPGA to make a complete sandbox to reverse engineer.

The Digital design and computer architecture RISC-V edition by SarahL Harris and David Harris. This book is great to learn how to make a CPU from scratch.

(BOOK COVER)

You will need a FPGA (field programmable gate array) to make a CPU

I have chosen the Arty A7 100 FPGA board to work on, with this book. (the arty A7 is not strictly required, a vast amount of FPGA's work)

If you have bought all the electronic components from the make electronics book. you will be able to use them here to make a advanced projects.

There is a lot of potential to learn with a FPGA (not just a cpu) there is too much to list here what you can do.

Why I chose this at this stage? The basics of electronics only goes so far. nearly all "smart devices" use some sort of "cpu" to be "smart"

As a whole, whats the reasoning for choosing this path?

I have tried opening up devices to reverse engineer them and two main problems arose.

  1. "The naive expert" When i was starting off with trying to reverse engineer (starting from zero) i thought i could just "open up a device and change it how ever i felt" but what i have learnt so far is. Most products are designed with strict maths/limits of physical reality e.g opening up a fan and trying to change a resistor, to allow the fan to spin even faster. Is usually physically impossible, the motor on the device has a set "speed limit" or else the device will just be bricked.
  2. Without a "complete open sandbox" i felt i was not truly learning what i was doing. Finding a "exposed" UART or JTAG, will only get me so far.

The positives with this path.

  1. The FPGA will allow a way to make a "exposed" system, i can attack, and then try to apply security features to it (this should provide a great learning environment.)
  2. The FPGA can be used as a future tool (its not a learn and done solution.)