When I began my approach for a By-Pass Lock screen solution, I knew that the USB/PCI Express Bridge chip I was using had the capability to enable DMA attacks. But I wasn’t sure how to configure it properly. In the end 20 Bytes of firmware did it. But getting to the 20 bytes of firmware…
Author: Joe FitzPatrick
Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
Make it Light
So a while ago I put together a hardware security project. The device I was building was a PCIExpress device to do DMA (Direct Memory Access) attacks on a computer. The idea being you would have a card that you could put in a slot into the computer. Then this card would basically use its…
Hardware to Bandwidth to Software Flipped Around
So here’s another occasion with a similar scenario where a small kludge solution turns a complicated design into something really easy but it requires a separate perspective on the problem. This is from my work on the CPU debug team at Intel, circa 2007. Engineers in my group were trying to resolve a problem. We…
First Week Impact
My approach to engineering craft has evolved to knowing when the easy solution exists and grabbing that instead of going with a complicated solution. Sometimes that’s a hack or sometimes it’s a different perspective. A newbie’s perspective can often provide that different perspective. Within my first week at Intel I surprisingly contributed immediately to my…