This workshop will be focused on reverse engineering and utilizing hardware-level debuggers, such as JTAG and SWD. Starting with a deep dive into how these debugging systems are designed, we will review things such as DAP/TAP controllers as well as ARM's CoreSight architecture and how to probe and interact with these controllers to search for undocumented features. Moving up the stack, we will review how these debug ports are interfaced at the protocol and signal level. After a characterization of the protocols and overall structure of these systems are provided, an overview of the current tooling landscape will be covered, discussing both hardware and software tools.
For each protocol, we will give an example of how to identify the relevant signals, and interface with them. Using these interfaces we will learn how to extract memory, debug through firmware, and upload new firmware as well!
The material used will be similar to the materials posted here:
Instructor: Matthew Alt
Matthew is a reverse engineer with a focus on embedded systems. He began working in the security industry in the automotive performance industry, searching for vulnerabilities in engine control units and diagnostic implementations. Following that, he worked at MIT Lincoln Laboratory in the Cyber Systems Assessment Group as a team lead on a program that focused on embedded systems exploitation and reverse engineering. He currently works for Caesar Creek Software as a security researcher and VoidStar Security as a trainer and consultant. He regularly posts projects to his GitHub site.