Chaos Communication Congress

Hardsploit: A Metasploit-like tool for hardware hacking (32x72)

Data di messa in onda: Dic 28, 2015

Speakers: Yann.A, Julien MOINARD, Gwénolé Audic It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products. Hardsploit is a complete tool box (hardware & software), a framework which aims to: - Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.) - Increase the level of security (and trust !) of new products designed by the industry Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus. The main hardware security audit functions are: - Sniffer - Interact - Dump Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features. Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come ! We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit. Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.