IC Reverse Engineering & Code Extraction
2-Day Training | Hybrid
| 22-23 November 2021

IC Reverse Engineering & Code Extraction

This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.

 

ALL TRAINEES WILL BE ENTITLED TO APPLY FOR A 30-DAY CHIPJUICE LICENSE BY TEXPLAINED

 
Founder & CTO, Texplained SARL

Available seats

TBA

Difficulty

Beginner
US$ 2,299

Attend in-person

at ADNEC Abu Dhabi

Attend online

via livestream

Date

22-23 November 2021

Time

09:00 to 17:00 GST/GMT+4

Physical tampering techniques are composed of three main families from non-invasive (clock and VCC glitches, side channel analysis, etc) and semi-invasive (laser fault injection, photo-emission, etc) to fully-invasive methods requiring the use of equipments such as deprocessing tools, Scanning Electron Microscope, Focused Ion Beam, etc. The latter class is known to be the most potent. On top of that, it also often brings sufficient knowledge about the target for the creation of easier-to-perform methods (non- and semi-invasive) to exploit weaknesses found in the embedded firmware and the hardware itself.

This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.

Students who complete this course will be familiar with all important classes of low-level hardware attacks (shield and hardware counter-measures bypass - ROM and Flash/EEPROM dump - bus passive and active probing - ...) through real world examples covering the entire analysis workflow from the lab to the data analysis. An introduction to non- and semi-invasive attacks will be given so as to be able to exploit the results of the IC RE and code dump results.

This training will be a mixture of theoretical lectures and practical assignments which will give the attendees all the key knowledge to perform such complete hardware + software analysis to reach their specific needs from in depth security evaluation to forensics data extraction.

HOW THE COURSE IS STRUCTURED:

Texplained IC Reverse-Engineering & Code Dump training is built to give a complete understanding of Integrated Circuits while analyzing the different means of extracting embedded firmware and data from Secure Devices.

The different chapters are organized so as to let the attendees discover each new topic in a progressive manner that reflects the Reverse-Engineering specific mindset. This way, attendees will be able to derive their own workflows and methods while working on their own projects after the training session.

This proposed learning curve aims at letting the attendees complete the training by strategizing low level physical methods involving Reverse Engineering, circuit modification and micro-probing. Explanations regarding other types (non- and semi-invasive) of hardware methods will be given as they are often used in conjunction with the invasive results to derive exploitation methods that do not require the entire set of equipments used to perform the initial process.

Finally, the IC RE & Code Dump training is also useful to discuss the current state of Integrated Circuits and embedded counter-measures security which can help chip designers improving their own security or help OEMs and integrators choosing the right device for their application.

  • Digital police investigators
  • Forensic investigators in law-enforcement agencies
  • Government Services
  • Pen Testers who want to assess the security of the embedded code, allowing for a complete  hardware + Software evaluation
  • Digital ICs designers & test engineers
  • Engineers involved in securing hardware platforms against attacks
  • Researchers who want to understand the nature of many hardware investigation methods
  • Team leaders involved in IC security and exploration as well as device security
  • Hardware hackers who want to become familiar with methods on ICs
  • Parties involved in hardware reverse-engineering and Vulnerability analysis

The training is derived from Texplained « IC RE & Attacks 101 » which means that there is overall no prerequisites. The instructor’s goal is to convert attendees to operational Integrated Circuit Reverse-Engineers no matter their original skills and expertise.

No particular electronic knowledge is mandatory as the training will start with digital electronic basics. Basic understanding of micro-controllers architecture and assembly language is a plus but will also be covered in the initial theoretical sections.

Attendees should be familiar with python scripting. If that is not the case, they will still be able to attend and work on the algorithmic parts while the instructor will help on the « language part ».

Attendees should also be familiar with HDL language as the training will include VHDL writing for building ROM models. The examples are designed to make this section doable even for people not familiar with VHDL and time will be spend to explain how to write good enough code to reach the results.

When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate.
The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully:
  • Recover ICs internal architectures
  • Evaluate the efficiency of existing countermeasures
  • Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations
The Students will be shown how such informations can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes.
Concretely, Students who complete this course will:
  • Find out how to perform low-level hardware reverse engineering
  • Develop analysis strategies for the target devices and apply these strategies to recover their embedded data
  • Recover ICs internal architectures
  • Evaluate the efficiency of existing countermeasures
  • Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations
  • Find out how to perform low-level hardware reverse engineering
  • Develop analysis strategies for the target devices and apply these strategies to recover their embedded data
  • Students will be shown how such informations can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes
  • Students will be provided assignments on paper as well as the training material as a .pdf file.
  • For working on the examples and handling the image processing steps, Fiji (ImageJ) and Photoshop will be needed.
  • Executables for Windows and Macs will be given if not already installed on their laptop.
  • For the trainings including a session with ChipJuice, the attendees will be informed of the required setup prior to the session

 

+Testimonials

It’s hard to highlight one special thing, part or topic. The course as a whole was exceptionally interesting. If i’m pressed to pick one, i would say it was the reversing of standard cells from an SEM-image.

RE of the logic cells was the most interesting, but general knowledge of what can be done on modern ICs was the most useful.

Yes, I would highly recommend this course to anyone with an interest in learning about IC reverse engineering.

+agenda

Title

Details

Date

Topics Covered

• Integrated Circuits Structure
• Transistors, CMOS logic and associated weaknesses
• Digital logic and Memories
• Failure Analysis and Reverse-Engineering Methods
• Embedded Firmware and Secret Data Dump: ROM & Flash Dump
> Analytical and Invasive ROM Dumps
> Linear Code Extraction Based Methods
• Automating the Entire Process
• How to use the RE and code extraction results
• Using scripting language to extract useful information
• Writing VHDL model to simulate part of the circuit
• Choosing the right types of attacks for a given study
• Non-, semi- and fully invasive attacks with a focus on the latter
• RE based attacks

 

22-23 November 2021

Book your spot for this training

+TRAINERS

Olivier Thomas
Founder & CTO, Texplained SARL

Oliver Thomas studied Electrical Engineering (EE) and subsequently worked for a major semiconductor manufacturer designing analog circuits.

Then, Olivier began to work in the field of Integrated Circuit (IC) security as the head of one of the world’s leading IC Analysis Labs.

The lab primarily focused on securing future generation devices as well as developing countermeasures for current generation devices to combat piracy and counterfeiting.

During this time Olivier helped develop many new and novel techniques for semi- and fully-invasive IC analysis.

He has an extensive background in all the Failure Analysis techniques and equipment necessary for accessing vulnerable logic on a target device. Combined with his experience as an IC design engineer, Olivier continues to develop techniques for automating the analysis process. These techniques are not only applicable to lower complexity devices such as smartcards, which are the traditional targets for IC analysis, but they are applicable to modern semiconductor devices with millions of gates, such as modern System-on-Chips (SoCs). Olivier is the author of ARES (Automated Reverse Engineering Software), a software toolchain for the efficient analysis of designs of independent of their logical size.

He is the founder and CTO at Texplained SARL.

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid