image image

Javier Vidal & Ferdinand Nolscher

Low-Level Hardware Reversing

Trainers: Javier Vidal & Ferdinand Nolscher

Date: 25th - 27th Oct 2021

Time: 9:00am to 5:00pm CEST

Venue: NH Den Haag Hotel, The Netherlands

Training Level: Basic

Note: Regarding COVID-19 safety, will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. will follow all applicable health regulations required by the local (GGD) and government (RIVM and VWA) authorities.

Training Objectives:

This Training allows attendees to quickly get started in the field of hardware security. After the training, attendees should be able to identify, analyze and tamper common protocols found in embedded devices using industry standard tools.
The goal is to introduce attendees to the hardware security ecosystem in a hands-on, bottom-up approach, starting with basic electrical protocol theory, all the way to covering firmware extraction and analysis techniques while also teaching essential soldering and rework skills.

What to Expect? | Key Learning Objectives:

  • Understand the architecture of modern embedded systems, as well as the most common protocols (UART, I2C, SPI, CAN etc.)
  • Learn how components work together and how they communicate on the lowest levels
  • Perform basic reversing exercises which will be useful in the real world
  • Perform PCB rework operations using several tools
  • Use and understand Industry-Standard hardware tools with confidence, know the hardware development ecosystem
  • Learn how to spot and exploit common mistakes of manufacturers
  • Learn important safety principles so that you don't blow up your target devices
  • Understand principles of fault injection

Training Detailed Description:

Day 1
  • Communication Protocols, Serial, I2C, SPI
  • The Logic Analyzer: What is a logic analyzer? How to identify and analyze protocols using the logic analyzer?
  • Exercises introducing the logic analyzer, the protocols and the victim board
  • Different types of low-density memories: Flash & EEPROMs, how are they used and what can you do with them?

Day 2
  • How to dump and modify memories
  • Exercises: Dump and Modify data on the victim board
  • Different types of protections used on persistent memory
  • Finding and using Debug ports
  • Exercises around identifying backdoors on the victim board
  • How to effectively look for backdoors on systems (other than ‘uart shells’)
  • Production Backdoors vs. Retail Backdoors
  • Introduction to Reworking using the Soldering iron and the Hot-Air Station, practical exercise

Day 3
  • Real-World device free-for-all
  • Advanced Soldering: Continuation of Day 2 exercises
  • Software Tools for the Hardware Hacker: Learn about the most important software tools for handling a variety of dumps and artifacts
  • Principles of Fault Injection

Who Should Attend? | Target Audience:

  • Anyone who's interested in entering the hardware security field should take this training.

What to Bring? | Software and Hardware Requirements:

  • Laptop with Windows 7 or Windows 10 as host (or VM with working USB pass-through)
  • Winhex (licensed or demo).
  • Termite terminal installed
  • Saleae Logic Analizer (any model)
  • Latest Saleae Beta software installed
  • 5 GB of free space mimimum
  • 4 GB RAM minimum
  • Bringing a Mouse is highly recommended
  • Any device that you would like to test your newly acquired skills on (routers, IP cams, etc)!
  • Optionally: Screwdrivers, Multimeter (will also be provided by the instructors, but using your own can be better)

What to Bring? | Prerequisite Knowledge and Skills:

There are no specific requirements for those who wish to take this training. It can be useful to have a basic understanding of electronic circuits or to read up on this topic before the training.

Resources Provided at the Training | Deliverables:

  • Lab Manual / Book
  • A copy of all the slides with bonus content
  • One victim board


Javier is passionate about technology and specializes in hardware and embedded systems security. He studied Electromechanics and Telecommunications, developing a passion for electronics and technology since his youth. He has been part of several projects that involved well-known hardware, but his first public work was released at Black Hat Arsenal USA 2013, the ECU tool. He also presented the CHT at Black Hat Asia 2014, a tool to take over the CAN network, and shown how a smart meter can be fully compromised at BlackHat Europe 2014. He is currently leading Information Security projects at Noelscher Consulting GmbH, and has worked for companies such as Airbus Military and Visteon.

Ferdinand has been very passionate about information security ever since he was young. He specializes on hardware security and reverse engineering techniques and spends most of his time analyzing the most challenging security aspects of embedded systems. In the past, he has spoken at Usenix WOOT, Blackhat Arsenal and, along with Javier, he completed numerous embedded security projects. Together, they presented the CANBadger, a novel automotive hacking tool, at Blackhat and DefCon 2016. Right now, he's busy finding bugs and securing embedded systems at Noelscher Consulting GmbH.