Hardsploit(Hardsploit.io)

Like Metasploit butForHardwareHacking

32C3CFPSubmission

What is Harsploit?

• AFrameworkforHardwarePentest orelectronic designers• OpenSource• Hardware+Software• Moredetails onHardsploit.io

Why we choose tocreate HardSploit?(1/2)

• Facilitate theauditofelectronic systems forindustry ‘security’workers

• Consultant,Auditor,Pentesters,Productdesigneretc.

• Increase thelevel ofsecurity (andtrust!)ofnewcommunicatingproducts designed byindustry

Why we choose tocreate HardSploit?(2/2)

• Tocreate a« allinonetools »forHardwareHacking

Some Hardsploit prototypesphotos

ProtoV1 Finalform factoron20062015

HardwareFeatures

• All-in-onetool dedicated forHardwareHacking• 64 I/Ochannels• Adjustable target voltageforlevel translation:3,3V& 5V• FGPACycloneIIforversatileandpowerfull electronic hardwarehackingmodules• USBinterfacefordirectconnection to GUI• Easy-to-use GUI&Consolemodeintegrated intheMetasploitFramework

Internal design(1/2)

Internal design(2/2)

Hardsploit GUI

Howwe create Hardsploit Board !

Hardsploit modules&Framework

• Hardsploit is atool with softwareandelectronic aspects• Thisis atechnical andmodular plateform (using FPGA)• Toperform security testsonelectronic communicationsinterfacesofembedded devices• It’s aFramework!

• All-in-onetool forHardwarepentest

Features

• Themain Hardware security auditfunctions are• Sniffer,• Scanner,• Interact,• Dumpmemory(even paralleles ones)• …

• Hardsploitmoduleswill lethardwarepentester intercept,replay and/or andsend dataviaeach typeofelectronicbusused bythetarget.Thelevel ofinteractionthat pen-testers will dependontheelectronic busfeatures…

Hardsploit modules

• Hardsploit ‘s modulesenable you toanalyseallsortofelectronic bus(serialandparallel type)• JTAG,SPI,I2C‘s,• Parallel address &databusonchip,• andmoreothers tocomeinthefutur…

Assisted visual wiring function

• Nomorestresswith that tremendous partofHardwarepen testing: Youwill knowwhat need tobe connected andwhere !

• We haveintegrate into thetool anassisted visual wiring function tohelpyou connect easily allwires tothehardwaretarget:• GUIwill displaythepinorganization (PinOUT) ofthetargeted chip.• GUIwill guideyou throughout thewiring process between Hardsploitconnectors andthetarget• GUIwill controlasetofLED that will turn ON/OFFtoletyou find therightHardsploit pintoconnect toyour target

Howamoduleis designed :parallel memorydumpexample (1/2)• We havecreated aFPGAmodulethat is abletodumpmost ofparallel memorychip.• Itwill helpsecurity pentesters todumpfirmware orallcontentcontained insuchmemoryinaneasy way.• Easier than ifcreating adumpingfunctioneach time…Nomorearduino like board withplenty ofwiring difficulties toconnect toyourchip,nomoretroubletofind therightmemorycommandtobe abletodumpthecomponentinfrontofyou…TheGUIwill helpyou achieve that infewclickonly.• Faster, aswe usehighspeedFPGAbusesandmachinestateto achieved thedump.

1st result : only 5 to 10 min to reada embedded linux rom of 128MB.

Howamoduleis designed :parallel memorydumpexample (2/2)• Howtousethat funkyand(over)hype parallel dumpingfunction ?

• We create alow level APIwith ruby that letyou interact with FGPAmodule(Harsploit Module)inasimply way.

Conclusion

• Hopeour modest submission could interest your selection commiteeandattendees• Contact:+33645453381• Mail:yann.allain@opale-security.com