Microcontroller Exploits

Microcontroller Exploits is a deep dive into advanced hardware hacking with detailed examples of real-world techniques and a comprehensive survey of vulnerabilities.

In this advanced guide to hardware hacking, you’ll learn how to read the software out of single chip computers, especially when they are configured not to allow the firmware to be extracted.

This book documents a very wide variety of microchip hacking techniques; it’s not a beginner’s first introduction.

You’ll start off by exploring detailed techniques for hacking real-world chips, such as how the STM32F0 allows for one word to be dumped after every reset. You’ll see how the STM32F1’s exception handling can slowly leak the firmware out over an hour, and how the Texas Instruments MSP430 firmware can be extracted by a camera flash.

For each exploit, you’ll learn how to reproduce the results, dumping a chip in your own lab.

In the second half of the book you’ll find an encyclopedic survey of vulnerabilities, indexed and cross referenced for use in practicing hardware security.

Travis Goodspeed is an embedded systems reverse engineer from Tennessee, where he drives a Studebaker and collects memory extraction exploits for microcontrollers. His recent projects include a function recognizer for Thumb2 firmware, a fresh memory corruption exploit for a 90’s smart card, and a CAD tool for extracting bits from mask ROM photographs.