BSidesPDX is in Portland later this month, and the schedule has been announced. A very quick look shows a few interesting HW/FW-centric workshops and talks, such as the ones below (and I may’ve missed some, look at the full schedule). Tickets are still available.
Reversing Corruption in Seagate HDD Translators, the Naked Trill Data Recovery Project
Allison Marie Naaktgeboren & MrDe4d
Translation tables are a dynamic component of HDD firmware that translate logical addresses to physical locations on the disk. Corrupted translators can be the cause of drive failures in drives that appear undamaged and are without physical trauma. That failure can be reversed in many cases. We will present ways to identify if a drive’s translator has been corrupted for the Moose & Pharaoh drive families specifically, how to force a translator rebuild, and open source tool(s) to help you repair the translator. Data recovery is a notoriously secretive field. Very little information about firmware and its internal data structures is public. By sharing what we’ve learned we hope to open this field up to more people, encourage repair, encourage re-use rather than disposal of hard drives, and encourage further publicly shared research. After the talk, attendees should be able to fix this type of error themselves in HDDs of the appropriate families using a TTL converter and the supplied code. Familiarity with the basic components of hard drive firmware is helpful, but not required.
How Not to be Seen: Creating Non-Speculative Side-Channel Resistant Code
Software side-channels have been a hot topic recently, and with good reason. Many of the techniques are used to liberate secret information from other processes or trusted execution environments (TEEs) such as Intel’s SGX, ARM’s TrustZone, and the like. Some of the techniques making headlines are related to speculative execution properties of modern processors, but there is an entire class of non-speculative techniques also receiving a lot of attention in recent research. Luckily there are a few techniques available for implementing algorithms that use secrets—like cryptography—so they present as few opportunities for leaking information as possible. In this talk you will learn the anatomy of a few classic non-speculative side-channels on mathematical algorithms used in just about every system in modern computing, followed by industry best practices for mitigating them, and finally what you can do to help minimize the risks for your applications.
Hacking USB on the Cheap with USB-Tools
Kate Temkin & Mikaela Szekely
Until recently, fully exploring the world of USB has been challenging – as tools for working with USB have historically been expensive and difficult to obtain, and knowledge regarding USB has been cloistered away in lengthy and somewhat-obtuse specifications – but recent developments in USB tooling have made working with USB significantly more accessible. This workshop provides an overview of USB security and USB-hacking techniques using inexpensive open-source software and hardware tools – including several tools developed by the presenters in order to make USB hacking more accessible. The workshop includes a variety of demonstrations, and is accompanied by a set of short exercises that allow attendees to get some USB-hacking experience.This workshop is best experienced when attendees bring a laptop with a working Python3 installation to follow along with.
Writing CHIPSEC Modules & Tools
Brent Holtsclaw; Erik Bjorge; Nick Armour; Stephano Cetola
CHIPSEC is a security research and validation tool implemented in Python that allows for low-level access to hardware. The powerful scripting capabilities can be used for tasks including verification of security mitigations and security research. This hands-on workshop will provide an overview of the existing tool architecture and how to write modules and tools. CHIPSEC modules focus on verification of firmware mitigations. CHIPSEC tools are designed to stress the system and perform tasks such as fuzzing interfaces.
ABC to XYZ of Writing System Management Mode (SMM) Drivers
Brian Delgado & Tejaswini Vibhute
System Management Mode (SMM) has gotten a lot of attention for being the most privileged processor mode, which raises concerns over how software and firmware manage hardware. This session demystifies designing and writing System Management Interrupt (SMI) handlers, and covers challenges that developers face in the process. Content covers different types of SMI handlers and various methods of invoking them. The session also describes common vulnerabilities that can result from incorrect coding practices or oversights. Debugging is critical to developing quality SMM drivers, so this session also demonstrates debugging using virtual environments (OVMF) and physical platforms.