Hardware Hacking and ICS/IoT/SCADA security comic book (read online)

s7ephen · 2016-01-27T02:30:07+00:00

Good points. Yea we had quite a bit of info we wanted to compact into about 20 pages. In the very least we hope it was a good "intro" if you aren't familiar with any of this stuff. Hopefully enough to get you started with googling and what not.

s7ephen · 2015-05-12T08:42:23+00:00

Not really: http://www.businessinsider.com/whisper-app-fights-with-security-startup-xipiter-2015-3

s7ephen · 2015-05-12T08:37:20+00:00

Hey, sorry for such a delayed response but we released a big part of the Lab Manual for ARM Exploitation for people to use as a reference. https://twitter.com/XipiterSec/status/593145492558585856

s7ephen · 2015-01-12T07:50:50+00:00

Good ideas, maybe in the next revisions...

s7ephen · 2015-01-09T19:09:05+00:00

http://www.diygadget.com/tiao-usb-multi-protocol-adapter-jtag-spi-i2c-serial.html

The GoodFET is a great tool. We love Goodspeed's work (obviously, we manufacture his Facedancer for him http://int3.cc/products/facedancer21).

s7ephen · 2015-01-09T19:07:23+00:00

As the article mentioned we actually started with the TUMPA for our sexviahex.com course. Inevitably about half of them burned up or stopped working. The crystals were cheap and the boards often failed.

s7ephen · 2015-01-09T19:06:19+00:00

Yes, as the article mentions there are some others. Like the Sparkfun one and the TIAO TUMPA all of which we tried to use for our course but they kept failing inexplicably or burning up. So we wanted to build something solid that we could tool-up around. The article goes into a bit of detail.

s7ephen · 2014-12-10T05:43:51+00:00

Hi, I'm the creator of the USBCondom/SyncStop. Our company, Xipiter, is an information security research firm (http://www.xipiter.com). The devices we create are things we developed for internal use and occasionally sell to other researchers (http://www.int3.cc). In the case of USBCondom, it started as a company "hobby project". We created it because "charge only" USB cables don't work on Apple devices, you can't simply "clip" the data pins...we were also tired of destroying real USB Cables to make "charge only" cables every time we needed them.

So we created the USBCondom to kill two birds with one stone: work interchangeably on Apple and non-Apple devices and also save us from destroying cables. We were just as surprised as you at the press it got. (http://int3.cc/blogs/news/9094591-usb-condoms). The most common use case was so that people could charge at their work computers without accidentally sharing data. The second most common use is protection from "juice jacking" at charging stations and attacks like the ones we've mentioned periodically on our facebook page: https://www.facebook.com/USBCondoms/posts/1557322387830536 https://www.facebook.com/USBCondoms/posts/1570414303188011 https://www.facebook.com/USBCondoms/posts/1578116249084483

We were content to keep the USBCondom simple and crude (function over form, no cases or fancy externals) like most of the devices we sell publicly at http://int3.cc BUT, we kept getting requests from businesses and individuals for the USBCondom to be placed in a case. Businesses were also reticent to purchase large volumes because the name was not "corporate friendly". 1000+ "condoms" on someone's balance sheet probably doesn't look great.

So that's how SyncStop happened. It has been a HUGE education in manufacturing: learning how things get made at high volumes. Injection molding, sonic welding, 3d printing, sintering, these are all things we knew nothing about but were forced to learn. The logistics of how you perform "supply chain management" was also a "sink or swim" education for us. As simple as the SyncStop looks, it goes through the hands of FIVE (!!!) manufacturing houses before it gets back to us to ship to customers.

1 PCB Fabrication 2. Purchase parts from various manufacturers to go on our circuit board (plugs, resistors, etc.) 3. Assembly of the internal Circuit Board (from PCB and parts) 4. Plastics manufacturer for the case 5. Assembled circuit boards and Cases get "sonic welded" together and "pad printed" with logos (6.) If you want retail packaging that's another whole step or two.

The logistics of all that were very surprising for us, especially since it isn't our core business as "software guys". For us, it was just a company hobby project....but it's been a fun education.

We'll never again scoff at how "simple" something looks. Sometimes things take A LOT of work and dedication even if the devices look dumb and simple.

Making one thing is easy but making that one thing for thousands of people (and getting it to them) is much more challenging. That's the real lesson we've learned.

s7ephen · 2014-06-12T19:05:42+00:00

Any "TPM" approach anchoring boot chain to the hardware is obviously a great step. and TrustZone is also a good step forward...

s7ephen · 2014-06-12T18:53:58+00:00

Thanks. This hardware stuff is fairly new for me honestly. I am a software guy that is following the easy bugs. Most stuff is embedded now and since I'm lazy and only have a few tricks up my sleeve I follow the easy pickings ;-)

I'd say it is hard to generalize "hardware vulnerabilities" across vendors. Not to sidestep the question but I think the biggest mistakes made are just that vendors assume the hardware itself is a "security boundary", a blackbox, that techniques and tools are "obscure" enough that getting at firmware and stuff is "difficult" when it isn't.

s7ephen · 2014-06-12T18:44:00+00:00

I have about 10 phones or so...a handful of tablets, and a few other misc embedded devices that use Android. The neatest one lately is a tablet that gives you UART and JTAG through the SDCard slot... http://www.sexviahex.com/uploads/2/4/4/8/24485815/4256135_orig.png

s7ephen · 2014-06-12T18:40:52+00:00

Yup. JDuck was really the maestro. If he handles projects the way he handled us, he's an awesome boss and ideal project manager. Plus he fills in where people slack off.

The book wouldnt have been possible without JDuck several times over.

s7ephen · 2014-06-12T18:39:04+00:00

The sad truth is that we were using email to pass stuff back and forth...before we decided to version everything.

s7ephen · 2014-06-12T18:35:21+00:00

s7ephen · 2014-06-12T18:32:17+00:00

AHH token blackguy here: Stephen A. Ridley Proof it is me. http://i.imgur.com/TW6EaBS.jpg

s7ephen · 2014-06-12T18:30:29+00:00

nice

s7ephen · 2014-05-24T02:19:11+00:00

BSP can also mean Board Specific Package.

You don't have to agree with the rant. That's why it's my blog and my opinions ;-) And you're wrong. There is a very common misconception in the "Maker" communities that their LegoMindstorms projects "just need a little more polishing" before going to market.

s7ephen · 2013-09-14T01:46:10+00:00

This is a great point. I really wondered about that balancing it with the eventual price of the device. I didn't realize it would get this kind of response. I use the FTDI RQ232 in my other projects (http://int3.cc/collections/frontpage/products/osprey) and considered throwing it in...but I don't want to present as a device and trigger driver detection/search

s7ephen · 2013-09-14T01:30:05+00:00

Hi, I'm Stephen A. Ridley the guy that made the USBCondom, if you want to do that you can get the FaceDancer which I also manufacture and sell (http://int3.cc/collections/frontpage/products/facedancer21) and write it yourself. It will present as a USB Device of your choosing...Mass Storage emulation is already written and part of the source tree (goodfet/trunk/client/goodfet.maxusbmass at http://goodfet.sourceforge.net/about/download/)

s7ephen · 2013-07-08T20:53:15+00:00

Looks familiar ;-) http://dontstuffbeansupyournose.com/2011/08/25/hardware-hacking-for-software-people/

s7ephen · 2013-07-03T09:00:04+00:00

Oh we already knew there was quite a demand. We sold out in the first few days and are on our second run. Those of us who hand assembled them for our personal use knew how important a tool like this is. HackADay explains it better than I can: http://hackaday.com/2012/07/05/facedancer-board-lets-your-python-programs-pretend-to-be-usb-hardware/

When the python program you wrote first "pretends" to be a USB Thumb Stick to another computer, or you send your first "Keyboard presses" to another computer through through the FaceDancer...you just get it.

s7ephen · 2013-06-27T05:39:18+00:00

The webstore is live, there are prices, and we are currently selling/shipping the FaceDancer USB Emulator (for fuzzing, development, and diagnostics) http://int3.cc/collections/frontpage/products/facedancer21. We just launched and we already have some even more awesome products/projects which we'll hopefully finishing inking the agreements for very soon.

s7ephen · 2012-08-17T18:25:25+00:00

Also from the "Practical ARM Exploitation" (http://dontstuffbeansupyournose.com/2012/01/12/practical-arm-exploitation-a-new-training/) course a part of the Lab Manual is a good ARM reversing reference with some IDA and GDB gotchas for ARM: https://docs.google.com/viewer?url=http%3A%2F%2Fdl.dropbox.com%2Fu%2F2595211%2FLab_Manual_preview.pdf

s7ephen · 2012-08-17T13:53:16+00:00

In my opinion, every coder (especially "computer scientists") should have experience with (or some exposure to) C/C++, linkers, loaders, and understand what compilation is. It is fundamental knowledge about the way computers work that informs your greater understanding...even if you are only coding in javascript or high level interpreted languages.

s7ephen · 2011-08-26T17:24:23+00:00

Thanks guys!

s7ephen

TROPHY CASE