The Hardware Hacking Handbook

The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks · Jasper van Woudenberg & Colin O'Flynn ·446 pages

Comprehensive hardware security attack guide — finding debug interfaces (JTAG/UART), firmware extraction (SPI/JTAG), fault injection techniques (voltage/clock/EM/optical), power analysis attacks (SPA/DPA/CPA with Python), real-world examples (PS3, Trezor One, Philips Hue), and countermeasure design.

Capabilities (8)

› Build hardware attack trees: enumerate assets, threats, paths, and scoring
› Identify and exploit UART/SPI/I2C/JTAG/SWD debug interfaces on PCBs
› Extract firmware via SPI flash dump (flashrom) and JTAG memory read (OpenOCD)
› Perform voltage and clock fault injection to bypass security checks
› Understand and execute Simple Power Analysis (SPA) to recover RSA bits
› Execute Differential Power Analysis (DPA) and Correlation Power Analysis (CPA) on AES
› Apply countermeasures: voltage monitoring, redundant computation, masking, constant-time
› Set up hardware lab: oscilloscope, ChipWhisperer, JTAG debugger

How to use

Install this skill and Claude can identify debug interfaces on target PCBs, explain firmware extraction via SPI flash dump and JTAG, walk through fault injection search strategies for bypassing security checks, implement DPA/CPA attacks in Python for key recovery, and evaluate embedded system countermeasures against physical attacks

Why it matters

Hardware security flaws are invisible to software audits and survive software updates — a device with an open JTAG port or weak power analysis countermeasures is compromised at the silicon level, making physical-layer security reasoning essential for IoT and embedded systems where most security assumptions break down

Example use cases

› Identifying UART and JTAG pin candidates from PCB photos, explaining how to determine baud rate with an oscilloscope, and outlining the steps to obtain a bootloader shell on an IoT device
› Walking through a Correlation Power Analysis attack on AES-128 — trace collection setup, Hamming weight model, and key byte recovery from the correlation peak
› Auditing a proposed embedded firmware security check implementation to identify which fault injection techniques could bypass it and recommending redundant check patterns that resist glitching

Hardware Hacking Handbook Skill

Attack Classification

Attack Tree Methodology

Enumerate attacks hierarchically:

Assets: what needs protecting (firmware, crypto keys, PII, sensor data)
Objectives: confidentiality, integrity, availability
Attack paths: enumerate paths to compromise each asset
Scoring: cost × skill × detectability → prioritize by feasibility

Attack Type Taxonomy

Software attacks    → buffer overflows, protocol flaws, API misuse
PCB-level attacks   → probing, interposing on buses, JTAG debug access
Noninvasive attacks → power analysis, EM analysis, timing attacks
Chip-invasive       → decapping, probing internal nets, focused ion beam

Hardware Interfaces (Chapter 2)

Critical Debug Interface: JTAG

5 signals: TCK (clock), TMS (mode select), TDI (data in), TDO (data out), TRST (reset)
Provides: memory read/write, register access, CPU halt, breakpoints
Attack value: often left enabled on production hardware; gives full debug control
Find with: boundary scan, continuity testing, JTAGulator tool

Serial Interfaces Worth Targeting

Interface	Signals	Typical Use	Attack Vector
UART	TX, RX, GND	Debug console, bootloader	Shell access, parameter injection
SPI	SCK, MOSI, MISO, CS	Flash memory, sensors	Flash dump, MITM
I2C	SCL, SDA	EEPROMs, sensors	EEPROM dump, address scan
JTAG	TCK, TMS, TDI, TDO	Debug	Full CPU control
SWD	SWCLK, SWDIO	ARM debug (2-wire JTAG)	Full CPU control

Finding UART: look for 3-4 unpopulated pins on PCB edge, use oscilloscope to find data at 3.3V logic.

Identifying Baud Rate

Capture idle→active transitions on oscilloscope
Find shortest pulse width → baud = 1 / pulse_width
Common: 9600, 115200, 921600

Firmware Extraction (Chapter 3)

Information Gathering Sequence

FCC ID → internal photos, block diagrams (fcc.io)
IC markings → datasheet → memory map, debug interface pinout
PCB tracing → identify SPI flash, JTAG, UART

SPI Flash Dump

1. Identify flash chip (common: Winbond, Micron, Spansion)
2. Connect SPI to Bus Pirate / flashrom-compatible hardware
3. flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -r firmware.bin
4. binwalk firmware.bin → extract filesystems, find crypto keys

JTAG Memory Dump

1. Connect OpenOCD to JTAG adapter
2. openocd -f interface/ftdi/jlink.cfg -f target/stm32f4x.cfg
3. In telnet session: dump_image memory.bin 0x08000000 0x100000

Fault Injection (Chapters 4-6)

What Faults Can Achieve

Skip signature verification: fault the comparison → if (sig_ok) becomes always-true
Dump protected memory: fault the bounds check → memory protection bypassed
Recover cryptographic keys: differential fault analysis (DFA) on AES, RSA

Fault Injection Primitives

Method	Mechanism	Precision	Cost
Voltage glitch	Momentary supply drop	Medium	Low ($25-$500)
Clock glitch	Extra/missing clock edge	High	Low ($100-$500)
EM fault injection	Magnetic pulse via coil	High	Medium ($100-$10k)
Optical	Laser on decapped chip	Very high	High ($1k-$250k)

Fault Search Strategy

Parameters to sweep:
- Timing: when relative to target operation (rough → fine)
- Width: duration of glitch (narrow → wide)
- Amplitude: glitch magnitude (small → large)

Result categories:
- Normal:  no effect (parameters too mild)
- Glitched: useful fault (success)
- Crashed:  target reset/hang (parameters too aggressive)

Goal: find "glitch window" where Glitched responses occur

Voltage Glitch Circuit

Crowbar method: momentarily short VCC to GND via MOSFET:

              VCC ──┬── Target
                    │
                  MOSFET (N-channel)
                    │
                   GND
MOSFET gate controlled by glitch generator (ChipWhisperer, custom FPGA)

EM Fault Injection Setup

Thin wire coil (0.1-1mm diameter) on probe tip
Pulse generator drives current spike through coil
Position above target IC surface
Scan XY position to find sensitive locations (core vs. periphery)

Real-World Example: Trezor One (Chapter 7)

EM fault injection on STM32F205:

Trigger off USB communication timing
Fine-tune EM pulse position over the chip
Fault the memory read access check → dump protected flash

Power Analysis (Chapters 8-12)

Why Power Analysis Works

CMOS gates: power consumption P ∝ C × V² × f × α where α is switching activity. Switching activity depends on data being processed → power leaks information about data.

Simple Power Analysis (SPA)

Direct inspection of a single power trace:

RSA square-and-multiply: squares produce different trace than multiply → read bits directly
AES key schedule: round operations have distinct visual signatures
Defense: constant-time implementations, balanced operations

Differential Power Analysis (DPA)

Statistical attack using many traces:

Hypothesis: guess one byte of the key
Predict: compute predicted intermediate value for each trace
Partition: split traces into two groups based on predicted bit
Differentiate: D = mean(group1) - mean(group0) → spike at correct key byte
Repeat for all 16 key bytes of AES → 16 × 256 = 4096 hypotheses

# DPA in Python (simplified AES SBox attack):
for key_guess in range(256):
    predictions = []
    for trace_idx in range(num_traces):
        # Compute first S-Box output with guessed key
        sbox_out = SBOX[plaintexts[trace_idx][0] ^ key_guess]
        predictions.append(bin(sbox_out).count('1'))  # Hamming weight
    correlation = np.corrcoef(predictions, traces[:, time_point])[0,1]
    if abs(correlation) > threshold: # key_guess is likely correct

Correlation Power Analysis (CPA)

Better than DPA: correlate predicted Hamming weight with measured power:

ρ(traces_at_t, HW(predicted_value)) → peaks at correct key byte

Advanced Techniques

Template attacks: create power templates per key byte using a cloned device → very efficient
Deep learning (CNN): train CNN on labeled power traces → generalizes across noise
Profiling attacks: use one device to profile, attack another

Countermeasures (Chapter 14)

Against Fault Injection

Countermeasure	Mechanism
Voltage monitor	Detect supply droops → reset
Redundant computation	Compute twice, compare → halt if different
Dual-rail logic	Complementary signals cancel fault effects
Random delays	Make timing harder to target
Code hardening	Critical checks duplicated + inverted

Against Power Analysis

Countermeasure	Mechanism
Masking	XOR all intermediate values with random mask
Shuffling	Randomize operation order
Constant-time	No data-dependent branches or memory access patterns
Noise injection	Add artificial power noise
Hiding	Balance power consumption across operations

Secure Implementation Rules

Never use if (result != EXPECTED_VALUE) fail() — make the fail path also use the result
Redundant checks: if (ok1 && ok2 && ok3) where each is computed independently
Use hardware security modules (HSM) for key operations when possible
volatile keyword on security-critical variables to prevent compiler optimization

Equipment for Hardware Labs

Budget Entry ($300-$1000)

USB oscilloscope (Digilent Analog Discovery) + logic analyzer
Bus Pirate or similar multi-protocol adapter
ChipWhisperer Nano (integrated target + capture, ~$50)

Serious Lab ($2000-$10000)

500MHz+ oscilloscope (Rigol DS1054Z: $400, Siglent: $600-$2000)
ChipWhisperer Pro/Husky with power analysis capture
JTAG debugger (J-Link, OpenOCD compatible)
Hot air station + soldering iron for fine-pitch rework

For EM Fault Injection

Signal generator or pulse generator (~$300+)
Probe with small coil tip (~$200+, or DIY)
XY positioning stage ($100-$50k)