Exploitation of a Hardened MSP430-Based Device | Braden Thomas

This presentation walks through the reverse-engineering and exploitation of a hardened embedded device and provides certain techniques you can use to exploit similar devices. The Supra iBox BT is a bluetooth and IR-based physical key storage device used by many real estate professionals in the US. It is physically hardened, and inside is a hardened MSP430 with a blown JTAG fuse. As MSP430 devices become more common, it is slowly becoming the norm to encounter devices in production with blown JTAG fuses. Previously, this was a significant hurdle. In 2008, Goodspeed described several attacks against the MSP's BSL (bootstrap loader). This presentation will review those attacks and describe the challenges facing a researcher attempting to perform them. This presentation will demonstrate how to reliably perform successful firmware extraction on a MSP430 with a blown JTAG fuse.

Sobre Braden Thomas

Braden is a Senior Research Scientist at Accuvant, where he focuses on embedded devices, reverse engineering, and exploit development. His work at Accuvant has covered the medical device and smart meter industries. Prior to Accuvant, he worked as a Product Security Engineer at Apple for six years. At Apple, Braden focused on increasing the internal fuzzing throughput and coverage, as well as performing proactive security reviews for many high-profile features.

Aquí te presenta su conferencia:

Braden Thomas saluda a la ekoparty 10! from ekoparty on Vimeo.