Hardsploit(Hardsploit.io)
Like Metasploit butForHardwareHacking
32C3CFPSubmission
What is Harsploit?
• AFrameworkforHardwarePentest orelectronic designers• OpenSource• Hardware+Software• Moredetails onHardsploit.io
Why we choose tocreate HardSploit?(1/2)
• Facilitate theauditofelectronic systems forindustry ‘security’workers
• Consultant,Auditor,Pentesters,Productdesigneretc.
• Increase thelevel ofsecurity (andtrust!)ofnewcommunicatingproducts designed byindustry
Why we choose tocreate HardSploit?(2/2)
• Tocreate a« allinonetools »forHardwareHacking
Some Hardsploit prototypesphotos
ProtoV1 Finalform factoron20062015
HardwareFeatures
• All-in-onetool dedicated forHardwareHacking• 64 I/Ochannels• Adjustable target voltageforlevel translation:3,3V& 5V• FGPACycloneIIforversatileandpowerfull electronic hardwarehackingmodules• USBinterfacefordirectconnection to GUI• Easy-to-use GUI&Consolemodeintegrated intheMetasploitFramework
Internal design(1/2)
Internal design(2/2)
Hardsploit GUI
Howwe create Hardsploit Board !
Hardsploit modules&Framework
• Hardsploit is atool with softwareandelectronic aspects• Thisis atechnical andmodular plateform (using FPGA)• Toperform security testsonelectronic communicationsinterfacesofembedded devices• It’s aFramework!
• All-in-onetool forHardwarepentest
Features
• Themain Hardware security auditfunctions are• Sniffer,• Scanner,• Interact,• Dumpmemory(even paralleles ones)• …
• Hardsploitmoduleswill lethardwarepentester intercept,replay and/or andsend dataviaeach typeofelectronicbusused bythetarget.Thelevel ofinteractionthat pen-testers will dependontheelectronic busfeatures…
Hardsploit modules
• Hardsploit ‘s modulesenable you toanalyseallsortofelectronic bus(serialandparallel type)• JTAG,SPI,I2C‘s,• Parallel address &databusonchip,• andmoreothers tocomeinthefutur…
Assisted visual wiring function
• Nomorestresswith that tremendous partofHardwarepen testing: Youwill knowwhat need tobe connected andwhere !
• We haveintegrate into thetool anassisted visual wiring function tohelpyou connect easily allwires tothehardwaretarget:• GUIwill displaythepinorganization (PinOUT) ofthetargeted chip.• GUIwill guideyou throughout thewiring process between Hardsploitconnectors andthetarget• GUIwill controlasetofLED that will turn ON/OFFtoletyou find therightHardsploit pintoconnect toyour target
Howamoduleis designed :parallel memorydumpexample (1/2)• We havecreated aFPGAmodulethat is abletodumpmost ofparallel memorychip.• Itwill helpsecurity pentesters todumpfirmware orallcontentcontained insuchmemoryinaneasy way.• Easier than ifcreating adumpingfunctioneach time…Nomorearduino like board withplenty ofwiring difficulties toconnect toyourchip,nomoretroubletofind therightmemorycommandtobe abletodumpthecomponentinfrontofyou…TheGUIwill helpyou achieve that infewclickonly.• Faster, aswe usehighspeedFPGAbusesandmachinestateto achieved thedump.
1st result : only 5 to 10 min to reada embedded linux rom of 128MB.
Howamoduleis designed :parallel memorydumpexample (2/2)• Howtousethat funkyand(over)hype parallel dumpingfunction ?
• We create alow level APIwith ruby that letyou interact with FGPAmodule(Harsploit Module)inasimply way.
Conclusion
• Hopeour modest submission could interest your selection commiteeandattendees• Contact:+33645453381• Mail:[email protected]