Session
Fahrplan - Hauptprogramm 36C3
Hardware & Making

HAL - The Open-Source Hardware Analyzer

A dive into the foundations of hardware reverse engineering and our netlist analysis framework HAL
Ada
Max Hoffmann
Since the Snowden revelations the fear of stealthy hardware manipulations is no longer regarded as far fetched. This fear is also reflected in the massive discussions sparked by last year's Bloomberg allegations on a supposed hardware spy implant on Supermicro serverboards or the recent USA ban on Huawei telecommunication equipment. Hardware reverse engineering (HRE) is a promising method to detect such manipulations or hidden backdoors. However, HRE is a highly complex and cumbersome task. It takes months of work as well as expensive equipment to even obtain the netlist of a chip, the equivalent to the binary in software reverse engineering (SRE). In contrast to SRE where various paid or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis were available - neither commercial, nor free. To close this gap, researchers from the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. In this talk, we start with a basic introduction into the challenges of HRE. Then, we demonstrate the capabilities of HAL before giving a brief overview on our current research with HAL.

Hardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system. Use cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting. However, HRE is a notably complex and cumbersome task which consists of two phases: In the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device. Such a netlist is equivalent to the binary in software reverse engineering (SRE). In the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality.

However, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise. Even with a recovered netlist, understanding its functionality is an enormously challenging task. This is partly due to the lack of proper tools for netlist analysis: While in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free. To close this gap, researchers from the Embedded Security group of the Horst-Görtz Institute for IT-Security at the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. Inspired by the modularity of its SRE equivalents, HAL can be extended through optimized C++ plugins or directly used as a Python library, while at the same time offering a GUI for explorative and interactive analysis. The project is supposed to give hardware analysts a common platform for the development of new algorithms with a portable design, ultimately aiding both professionals in their daily work as well as researchers in their efforts to publish reproducible results.

In this talk, we will first introduce the foundations and main challenges of HRE, before giving a live demonstration of HAL and some of its capabilities on selected case studies. We conclude the talk with a glimpse at our associated research at the university that spans both, technical research as well as cross-disciplinary work with psychologists.

Our talk requires only minimum prior knowledge on digital hardware.

Additional information

Type lecture
Language English

More sessions

12/27/19
Hardware & Making
Clarke
While open source is necessary for trustable hardware, it is far from sufficient. This is because “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. This talk helps us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk ...
12/27/19
Hardware & Making
Matt Evans
Dijkstra
This talk will cover everything about the Acorn Archimedes, a British computer first released in 1987 and (slightly) famous for being the genesis of the original ARM processor.
12/27/19
Hardware & Making
Sebastian Staacks
Eliza
Modern smartphones offer a whole range of sensors like magnetometers, accelerometers or gyroscopes. The open source app "phyphox", developed at the RWTH Aachen University, repurposes these sensors as measuring instruments in physics education.
12/27/19
Hardware & Making
chipforge
Eliza
(en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing. (de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. Wir möchten darüber sprechen und vorführen, was wir tun.
12/27/19
Hardware & Making
Phil
Dijkstra
Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln, was die Hersteller umsetzen müssen (und was nicht). Hier wird auch die Frage beantwortet, warum beispielsweise die Apple-Watch (oder genauer gesagt nur zwei Apps) ein Medizinprodukt sind aber die card10 nicht.
12/27/19
Hardware & Making
LaForge
Ada
Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview.
12/28/19
Hardware & Making
Clarke
There's a variety of places - on Earth and beyond - that pose challenging conditions to the ever-shrinking digital circuits of today. Making those tiny transistors work reliably when bombarded with charged particles in the vacuum of space, in the underground tunnels of CERN or in your local hospital's X-ray machine is not an easy feat. This talk is going to shed some light on what can be done to keep particles from messing up your ones and zeroes, how errors in digital circuits can be detected ...