Close

Transcript for Breaking Security #HackChat

A event log for Breaking Security Hack Chat

Join us in a discussion with Samy Kamkar about reverse engineering, security, and all things hardware.

shulie-tornelShulie Tornel 04/07/2017 at 19:061 Comment

Questions: https://docs.google.com/spreadsheets/d/1HWo4lNc9ek27Gpr2SmprT9_8UK3AbMXCZG8qlhHPlf4/edit#gid=0

samy kamkar Hi friends, I'm Samy Kamkar. I've been fascinated by and fortunate to be learning about technology since I was young. Around 16, dropped out of high school as I was spending most of my time playing Counter Strike and writing open source cheats once I learned a little bit of programming and that you could actually manipulate memory, sniff packets, draw over applications, etc. Learned you could actually make a career out of programming and started contracting remotely (so that people wouldn't know I was young), and kept exploring different OS's, languages, software and protocols, Fell in love with hacking and reverse engineering, until it bit me when I was 19 -- released a worm onto myspace that ultimately caused anyone who viewed my profile to add me as a friend and append "samy is my hero" to their profile, along with replicating the code to their profile...within a day, one million friends were added, myspace had to shutdown, and I got a visit from the US Secret Service. After 6 months, ultimately had a deal with the government that I couldn't touch a computer, the internet, or myspace for 3 years -- actually a really interesting experience for me and glad I had it! but not go to jail :) Thus I started building attack tools and reverse engineering my own devices that I owned, and continued to release open source projects. Got super interested in privacy and the secrets that our computers, phones, etc held from us. At some point started running across hackaday projects...was so amazed by what people were creating! Tried to learn hardware by reading an electronics book and failed miserably. Just could not deal with scores of pages about resistors and capacitors, I just had no idea how to apply it...until one day someone handed me an Arduino. From there, dove in and learned you could just write software on it, which made it so accessible and easy for me (as I wrote software), and then making the jump to desiging my own hardware, firmware, etc was much easier (and I even kind of know what capacitors and resistors are good for now :) And here we are today...that's the short version! If you're interested in seeing some of my projects (both hardware and software), I have some of my more favorite projects up at my homepage, https://samy.pl So happy to dig into questions and also ask/ammend anything in the chat if you'd like!

Jørgen Kragh Jakobsen Any day job?

samy kamkar I've started a security related startup with some friends recently. I cofounded a VoIP company when I was 17 (fonality.com) and grew that for about 6 years, then didn't really have any real dayjob since then, instead I mostly worked on my own projects, released them as open source, and have been really fortunate to have people reach out to me afterwards about my projects to either license some of my work/resesarch or do short consulting projects, while still allowing me to spend a lot of time learning new things

billybob I am cautious about opening your homepage at work, will it add my linkedin automatically

billybob ;)

samy kamkar I found the more I did on my own on things I was really excited about, and shared for free, somehow the more well paying projects would come my way and became a bit cyclical

samy kamkar @billybob it's safe, I promise :)

Alex Peron +1 @billybob

samy kamkar So I'll grab some questions from the doc

samy kamkar @madaerodog asks What is your favorite/best tool that you never leave home without in your line of work (other than laptop)?

samy kamkar In my bag I keep a Saleae logic analyzer, arduino nano, teensy, and a handful of other small and portable tools...but I think those might top it. I have a pocket multimeter in there as well which can be useful.

madaerodogKwel, have some of those as well, i'll add the rest to my list of to buy :D

samy kamkar The important things to me are to be able to inspect and create, so a computer, microcontroller, and logic analyzer (with analog) is pretty powerful for me

samy kamkar @billybob asks Do you prefer to have a series of tools, or do you buy cheap, burnable devices?

samy kamkar I like what's best for the job...I was super fortunate when I was younger and living with my mom as she was still going to university, and there were people at the university library that would let me use the computers and Internet (early 90s), and just started having that available and learning HTML got me really started, so using whatever is availalbe is most important

samy kamkar For the projects I release, I try to use inexpensive tools because when I was younger, I didn't have access to much besides a computer, and it's important to me to demonstrate you can do a lot with a littleI'm lucky now that I can afford to buy nice equipment, and I do to improve my analysis and development, but once I've completed a project I usually bring things down to more accessible hardware/software so that more people can join in, do the same things, and hopefully build better things than I have

samy kamkar I don't know of many series of tools though...@billybob, do you have an example in particular?

samy kamkar @Alex Peron asks How do you pick the projects you work on. Serendipity or do you have a process?

samy kamkar The answer is yes.

madaerodog :)

billybob I meant do yu use little $20 android phones, and toss them after doing something potentially grey, or did you have a much more expensive static platform you use for dev.

billybob It sounds like it's a little of both.

samy kamkar Ahh @billybob yeah, a bit of both. I have some "throwaway" hardware and also my home lab

billybob ;)

Michael Welling @samy kamkar I saw you are following the pocketbone repository on github. You want a board?

samy kamkar For @Alex Peron's question, I have a laundry list of projects I want to work on. Sometimes I work on them, sometimes I lose motivation, I hit walls constantly and often feel stuck and lose motivation. Then in the middle of the night I'll have an idea on something, work on it for a few days straight, and that will be my next project. Other times, I'll work on something on and off for months and finally after completing all of the major hurdles, have a project done

samy kamkar To be clear, I'll be working on one thing, and have an idea for some other thing entirely and try to bust that out when I have that "flow"...such a beautiful thing. Wish I could just get into that state more often. I'm always trying to figure out what causes it...

samy kamkar @Michael Welling Cool, would be cool to check out!

samy kamkar Another question, not sure who from, Do you have a day job or do you make money off of Youtube?

billybob Good on you for not taking drugs. Lots of people turning to Adderall and Modafinil to force "flow"

samy kamkar I now am working at a startup but my income is extremely random year to year, sometimes from consulting, some from speaking, some from coding, some from hardware r&d, some from youtube/amazon, some from licensing stuff...really all over the place and no single, consistent source

Michael Welling @samy kamkar okay message me and I will see if can get you a free board.

samy kamkar @Michael Welling no worries, happy to buy one!

Michael Welling well it is not a product quite yet


zacchaeus liang What is the best advice you can give to someone in university that needs motivation to make projects

zacchaeus liang where do you get inspiration

samy kamkar I'm more driven by what I think is interesting, and I will happily make little to no money for a long time while just working on things I enjoy. Blessing and a curse...I've ended up in some bad situations financially, and then some amazing situations financially, and have learned that the times I'm happiest have nothing to do with money but who I'm spending my time with and what I'm spending my time on

samy kamkar @zacchaeus liang That's tough, I feel you! Do you have any projects that you've seen that you think are really cool? Give me an example of one or two

zacchaeus liang i've lost my way a bit i wanted to go into engineering and didn't have the marks and i've gone from wanting to work for tesla to saying music is not that bad

samy kamkar @zacchaeus liang and what are your current proficiencies, and what are your weak points that you want to learn more about or wish you could do that you feel you currently can't?

zacchaeus liang java and python and want to do embedded but feel i can't touch it since im in comp sci and not eng

zacchaeus liang it just feels wierd going from watching defcon talks hardware based to going to "oh this is a array and heres how to do shit" yaaay sounds fun

samy kamkar @zacchaeus liang I think the most amazing projects that I see are when multiple disciplines are combined. Combine music, software, and something you're not comfortable with -- hardware

samy kamkar @zacchaeus liang I have a secret...you don't have to know a *thing* about hardware to work on hardware projects. Arduino, Teensy, Raspberry Pi, you can work on all of those with JUST software. There are embedded platforms you can exclusively code on with Python and Java

samy kamkar @zacchaeus liang I personally can't stand "learning" unless I feel I can IMMEDIATELY use it and make something that puts a smile on my face or someone else's

samy kamkar Otherwise that info is in one ear and out the other

Jørgen Kragh Jakobsen I agree - stay cross platform - Learn the full stack - not all in one go - but bit by bit

zacchaeus liang are we going to go to a place that we just take hardware off the shelf and not requrire design ? is it only for the niche applications

samy kamkar @zacchaeus liang There are a ton of things like that today. Give me an example of something you want to make?zacchaeus liang a freaking car

Michael Welling baby steps

zacchaeus liang i just feel so detached from the physical work with my degree yeah i know

Shantam Raj same situation with me. i am from hardware background but i just don't know how to actually program uCs in embedded C. All i do is use libraries, edit, cut and paste. i also want to learn the gory details of how uCs work. how data flows...u know linkers and loaders and stuff so that i understand where exactly i can hack around, but i don't know how to learn. Can you recommend me some good resources that you have come across that explains internal details of the world of embedded programming, uCs etc.

samy kamkar @zacchaeus liang Great, now go build a car. It's hard, so use existing projects. It will take a long time, so start smaller. Here is a car you can build today: https://blog.miguelgrinberg.com/post/building-an-arduino-robot-part-i-hardware-component

zacchaeus liang not the whole thing but the hardware such as can

zacchaeus liang interfacing

Shantam Raj @samy kamkar i ahve a similar situation. i am from hardware background and i am quite good at it but i just don't know how to actually program uCs in embedded C. All i do is use libraries, edit, cut and paste. i also want to learn the gory details of how uCs work. how data flows...u know linkers and loaders and stuff so that i understand where exactly i can hack around, but i don't know how to learn. Can you recommend me some good resources that you have come across that explains internal details of the world of embedded programming, uCs etc

samy kamkar That is a small, arduino based car with obstacle avoidance (sound familiar?) -- a car, just scaled down. It lets you touch the hardware, the code, and the mechanical portions. Then you can start updating the code to do what you want...then you can update it to use CAN if you want using a Teensy between components

samy kamkar @zacchaeus liang I suggest you start with that project or one similar and keep me updated on how it's going, then once you do it, make it better

mjbraun @zacchaeus liang This might be of interest to you. (I have the parts sitting around ready for assembly and I'm looking forward to getting it up and running). https://github.com/Gutenshit/CANBadger

samy kamkar @Shantam Raj I learned from copying and pasting too! Then I started modifying stuff...then I started reading the docs about the stuff I was modifying. What uC(s) are you using in particular?

Daren Schwenke He probably means odb-ii, aka canbus: https://hackaday.com/tag/can-bus/

Shantam Raj @samy kamkar i started with Arduino. but now i work with ARM based SoCs like CC2650, MSP432, Teensy 3.2.

Tavish Naruka hi @samy kamkar !! probably a loaded question, so feel free to pass, but how do you keep being motivated?

samy kamkar @Shantam Raj Okay, choose one that you want to learn the ins and outs of. Which one?

Mike "Hamster" Field Hi Samy, I don't really worry about the legal side of things at the moment - should I?

I often implement 'closed' standards like HDMI or DisplayPort based on documents from the web and then publish my projects with a second thought.

With my current project, when does receiving and decoding GPS signals turn from "discovering and publishing how things work" to "ITAR violations" - I've had two different people send me links to the ITAR rules so far.

IKYANAL, but do you have such worries?

samy kamkar @Shantam Raj Whenever I want to learn something now, I first read any docs around it. Just doing that will actually make you more competent than most people who work with it every day. I always find crazy little nuggets of information in the docs that otherwise aren't shared or spoken about, and usually they're mentioned subtly

Matt Lipschutz @Mike "Hamster" Field : http://www.space.commerce.gov/itar-controls-on-gps-gnss-receivers-updated/ As an example.

Shantam Raj @samy kamkar Yes and No. I do through the datasheet and TI has extensive documentation but it gets too difficult and i end up using their example codes and editing them. I would like to be able to "create something new from scratch", like the engineers at TI did when they developed a software environment around their uC.

Jørgen Kragh Jakobsen The Ti people 'just ' waped the info from data sheet into library code

Matt Lipschutz @Shantam Raj *generally speaking* if you want to start creating at X level, you want to learn about the level just below tthat, to know what you are integrating with...

Jørgen Kragh Jakobsen Your mite be abable do somethign that serves you needs bedther the Ti general library

samy kamkar @Shantam Raj Regarding the code build process, I would first do a basic tutorial on C -- if you can write a little C code, then I would actually forget about learning it all and first produce a mental link between the hardware and the code -- so I would specifically learn to use gcc so you can compile something into assembly (gcc -S -o test.asm test.c), then read test.asm to see the assembly. Now, go into the architecture datasheet to understand what the assembly is doing, as it's just performing much simpler hardware operations. I think that will help make the link concrete

Pierce Nichols So... I'm familiar with the ITAR rules around GPS, because I had to learn a bit about them for a long ago job.

samy kamkar @Mike "Hamster" Field Tough question! I would reach out to the EFF before releasing anything that you think might cause problems for you. https://www.eff.org/

Pierce Nichols And there's another wrinkle -- most GPS receivers behave strangely under high acceleration/vibration. The issue is the front end SAW filters losing their mind. You can buy high-dynamic GPS receivers that fix this problem, but those are ITAR restricted.

Anthony what do you guys find the best way to commute with other builders / engineers? best events to go to? makerfaire?

Shantam Raj @samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do.

Matt Lipschutz @samy kamkar if you could have had a tutorial/explanation of any aspect of hardware/firmware tech before diving head first into all of this...any idea what it would be like?

samy kamkar @Tavish Naruka Good question. I'm usually not :) I spend a lot of time trying to figure out where my bursts of motivation come from (I journal all food I eat, any drugs I use like caffeine/alcohol/etc, when I work out, whether I got sun or not). I'd say another important thing I've learned is that a lot of the things I feel proud of didn't come from motivation but from discipline.

mjbraun I only just now added this to the doc but "There are a number of manufacturers that keep their datasheets behind paywalls or NDAs which is frustrating. Has anyone created a "sci-hub for datasheets"?"

Pierce Nichols I don't buy parts from manufacturers that don't publish their datasheets. :)

Matt Lipschutz I've seen plenty behind login requirements, and plenty required NDAs, but paywalls?

mjbraun Well, as in you have to buy stuff to access

mjbraun In very large quantities

samy kamkar @Tavish Naruka I've also started using a free, open source app called Habitica that turns your life into an RPG, essentially gamifying your todos, your daily things, goals, etc. It's super fun and seems to be the only reason I floss every night! I would also say I have external triggers...I am motivated by the people around me, or want to do things that they would enjoy, so immersing yourself with other people is when I also find some motivation, and even more so if I can work with others on a project as I now feel I wouldn't want to let them down

makosoft I think some of tyhe Nordic datasheets might've been paywalled once upon a time, but they discontinued that a while back.

Shantam Raj @samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do?

Shantam Raj @samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do ?

mjbraun Qualcomm are heavy on NDAs and now that they own NXP there's worry they'll restrict all the NXP stuff as well

samy kamkar @Anthony Makerfaire in SF was awesome, only have gone once. Defcon is fun for me. I try to go to local meetups (Hackaday events!) and a local makerspace, Crashspace, alng with engineering/tech/nerd meetups from meetup.com

Tavish Naruka thanks :) that was helpful

Matt Lipschutz @samy kamkar Habitica looks cool, thanks!

Matt Lipschutz (I'm def. in need of motivation)

samy kamkar @Matt Lipschutz Have you done hardware before? Software? Other engineering areas?

Anthony @samy kamkar Thanks! I'll try this!

philknuepfer I totally forgot about Habitica! Thanks for the reminder1

samy kamkar @Shantam Raj I don't know of any particular links. I would google as that's how I've learned a lot over the years

Matt Lipschutz I've got a degree in EE, grew up at a manufacturing/systems automation shop near Boston, love evrything from ASIC design to hacking big trucks

Matt Lipschutz @Shantam Raj you actually might want to check out some of the MITx courses on digital logic

Matt Lipschutz if you want to understand what's going on "under the hood"

Anthony @Matt Lipschutz EE represent :D

samy kamkar @Matt Lipschutz nice! I just wish someone told me that I could use my existing expertise (software) to get started quickly. For years I was afraid of starting in hardware because I thought it required a lot more effort to get going, and reading an EE book did not help with that

Matt Lipschutz I used to hang out at HackManhattan a lot, and i've heard that same sentiment many times.

Shantam Raj @Matt Lipschutz thanks for the tip.

Shantam Raj @samy kamkar thanks a lot!!.

Matt Lipschutz If you want to approach from the software side, as Samy mentioned, look at something like Arduino, and work backwards- compile a simple "blink" program in C++/processing, and then go and LOOK at the actual ASM created- then grab a data sheet, and start matching operands and memory locations with GPIO

Shantam Raj @samy kamkar Have u worked with FPGAs ?

Tavish Naruka it's just layers upon layers of abstraction, peel them one by one

Matt Lipschutz You'll see that moving a bit into a location is making a pin *do* something.

samy kamkar @Shantam Raj Just a little with the CoolRunner II CPLD

Salvador Mendoza Hey Samy! are you having any workshops coming up?

Jørgen Kragh Jakobsen Please remember - you will not learn to the level of a 10year expiernced ee in one year it takes 10 years

Anthony Best way to get into the Boston / SF hardware scene? I've been finding it a bit challenging to get responses from companies, even as an EE with a few years of experience. Thanks!

samy kamkar Hey @Salvador Mendoza, good to see you!! I'm doing a talk in Chicago at THOTCON and Australia at AUSCert but spread thin on a few different projects. Hopefully will have a new project out in the coming months

Sophi Kravitz hey @samy kamkar , is there time to answer just a couple more?

themartinm @samy kamkar Huge fan of your work, been following you for a while. i have a question regarding people's attitudes to your security research. (EE here, with electronics background) when im diving into a particular problem and ask for advice on a particular system or concept and get asked what Im working on, I often get cold shouldered or weird looks when I mention the applications. aside from a few like-minded people that are very open to even theoretical discussion of these systems, it seems that hardware security, or discussing insecurity in systems is taboo

samy kamkar Hey @Sophi Kravitz, yup, around another 10 mins or so

themartinm have you encountered this during your projects and any insights into this?

RoGeorge @samy kamkar How do you avoid falling to deep into the documentation's rabit hole? Did it happen to you to lookup one thing, and 4 hours later to discover you reading something almost unrelated?

samy kamkar @Anthony Do you have example projects you can show people? What about releasing stuff open source/hardware? I find that opens so many doors by showing things I've done publicly (even more so if people are using the projects!)

Matt Lipschutzoh c'mon that's my favorite way to waste time:P

Foalyy @Shantam Raj I was wondering the same thing about 2 years ago (how to go deeper than Arduino, coming originally from a software background), so I decided to choose a microcontroller and go over all the datasheet to build a (more or less) complete library for this mcu from scratch. It took me some time but it was a great experience, I learned step by step how the memory is mapped, how peripherals are accessed through registers, how interrupts work, how GCC and ld compile everything to a single HEX file... Now I'm currently writing documentation for it and I will release evernthing open-source, hopefully it can help people like "me two years ago" (and like you apparently :) ). I'll post this project on hackaday.io when it's a bit more complete (hopefully soon).samy kamkar says:1:10 PM

@RoGeorge Happens every time. As long as you're learning someting new (and NOT just rereading something to feel good that you know the material), then I think the learned information will pay off in the long runTeodora Szasz says:1:10 PM

@samy kamkar I want to build a peer-to-peer encrypted videocall system (any suggestions on the (secure) hardware I can use?)

Anthony @samy kamkar I've been pushing a lot of content to my personal project site, salvagedcircuitry.com and have been using reddit to attract some attention. I have produced a lot of CAD for free, available through grabcad and my website as well

Shantam Raj @Foalyy That is great news !!. Can't wait for you to finish it asap. Let me know if you need any help. Eagerly waiting for your project.

samy kamkar @themartinm Thanks! People often misconstrue things but if I care what they think, I may give them an example of why this is beneficial. For example, I was working on stuff to break into cars. I also know for a fact criminal organizations are already using tools to break into cars -- someone might be concerned that I'm working on that, but I would ask them, do they have a car? Do they know that others are already breaking into cars like theirs? Do they want to know how to stop it? The only way to know how is to know how to do it in the first place.

Tavish Naruka @samy kamkar are you aware of any security guidelines/resources related to embedded stuff specifically? Or anyone working on one? (if so, would love to contribute somehow) Stuff like guides on OWASP wiki

themartinm of course. security through obscurity is never the answer. only by bringing these problems into the light can they be fixed. it just seems that there is a LOT of talent and knowledge locked up int the older generation of engineers/designers that aren't very eager to share knowledge under the best circumstances, but are even more hostile when you mention why and what you're doing. Thanks!

samy kamkar @Teodora Szasz Awesome! Depends, what are your requirements regarding security on the hardware side? I'd ensure you're using well known standards like WebRTC over DTLS or SRTP, and on the hardware if you're trying to keep secrets protected like a private key, I'd investigate TPMs -- depends on the level of security you need

samy kamkar @Tavish Naruka Good question, I haven't found any OWASP-like resource for hardware. Hackaday is probably the best collection of stuff I've found for things like that, and following experts in the area like Joe Fitzpatrick and Joe Grand

Neil Cherry security through obscurity means you'll find it on wikileaks in a short time ;-)

Foalyy @Shantam Raj thanks for your interest! well, keep in mind that this is very "in progress" so there are a lot of "[TODO]" and missing pages, but if you want to take a look at what is already available, you can go there : https://libtungsten.io. The git is not available yet but the direct download link should work if you want to take a look at the code, hopefully it's well commented enough (some modules are also already covered in the web documentation).

samy kamkar @themartinm I would say stop depending on other people for information -- I know nobody owes me any information and I'm happy to learn on my own, and when I do, I learn a lot...nothing wrong from learning from others but I can understand people's concerns around this area so I try to do a lot myself

samy kamkar Okay, I have to run all!

Sophi Kravitz thanks Samy!

Tavish Naruka o/ thanks

Teodora Szasz Thnk you, @samy kamkar . This is really helpful. I will investigate more about your solution.

Matt Lipschutz Thanks Samy!

Anthony Thanks Samy!

Sophi Kravitz come back anytime :)

Salvador Mendoza Thanks Samy! for your time and work!

samy kamkar Thanks so much for having me!! Keep me updated on your projects all, I'm on twitter @SamyKamkar and on here!

qufgmx+hackaday Thanks

RoGeorge Thank you! :o

Jørgen Kragh Jakobsen Thanks near Flow for 1.5h :-)

Foalyy Thanks Samy

Discussions

Lucas Rangit MAGASWERAN wrote 04/10/2017 at 23:22 point

Great chat with lots of useful tips.

  Are you sure? yes | no