Hardware hacking 101: There is plenty of room at the bottom

This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we?

In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects.

I will review the hardware, its capabilities, how to breach its security, and how to enable it with top-class network configuration at boot-up, on nearly any network. I will then show how to build and install additional software and customize the device, using shell script and Perl, for workloads that fit its minute size and low power requirements.

Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures.

We close the session with a review of similar exploits against hard drive controllers. There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects.

Use your newfound knowledge for good, with great power comes great responsibility!