Hacking Hardware with a \$10 SD Card Reader

Black Hat USA 2017

Presented by: Amir Etemadieh (Zenofex), CJ Heres, Khoa Hoang
Date: Wednesday July 26, 2017
Time: 13:30 - 14:20
Location: Mandalay Bay EF

Dumping firmware from hardware, utilizing a non-eMMC flash storage device, can be a daunting task with expensive programmers required, 15+ wires to solder (or a pricey socket), and dumps that contain extra data to allow for error correction. With the growing widespread use of eMMC flash storage, the process can be simplified to 5 wires and a cheap SD card reader/writer allowing for direct access to the filesystem within flash in an interface similar to that of using an SD card.

In this presentation, we will be showing attendees how to identify eMMC flash storage chips, how to reverse engineer the in circuit pinouts, and how to dump or modify the data within. We will be showcasing the tips and tricks to properly reverse engineer hardware containing eMMC flash storage (without bricking) along with a clear explanation of the process from identification to programming. The presentation will then finish with a demonstration of the process along with a number of free SD to eMMC breakouts for attendees.

Amir Etemadieh

Amir Etemadieh (@Zenofex) is a senior research scientist at Cylance. Amir founded the research group, Exploitee.rs, which has released exploits for over 45 devices including the Amazon FireTV, Roku Media Player, and the Google Chromecast. Amir is also a member of Austin Hackers and has spoken at a number of security conferences including DEF CON, B-Sides Austin, and InfoSec Southwest.

Khoa Hoang

Khoa Hoang (@maximus64_) is an undergraduate student at the University of Central Florida. Khoa enjoys a hardware based approach in researching embedded devices and is a master of the soldering iron. Khoa has disclosed numerous vulnerabilities in various set-top boxes and other "smart" devices to multiple vendors. He is currently listed on various "Security Hall of Fame" pages for successful bug bounty submissions including AT&T;, Samsung and Roku.

CJ Heres

CJ Heres (@cj_000) is a researcher in the Cyber and Information Security directorate at Draper Laboratory and also a member of Exploitee.rs. CJ has been involved in the release and responsible disclosure of vulnerabilities in a number of devices including TV's, media players, and refrigerators. CJ has presented at multiple DEF CON's and believes that a simple approach is often the most elegant solution.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats