The last part of the PROBoter series showed how innovative algorithms can help an embedded system pentester to analyze recorded voltage signals of an unknown PCB. Besides basic signal characteristics, these algorithms can link signal lines and identify communication buses typically found on PCBs like I2C or SPI. In this final post of the PROBoter series, we draw the big picture of the PROBoter software framework. In parallel to the release of this post, all missing services forming the framework are released on the PROBoter Github repo.
This article is an extension to the SCHUTZWERK blog post series about the PROBoter PCB analysis platform. It introduces the algorithm of the Time Invariant Signal Analysis, which the PROBoter uses to produce information on the functionality of the conducting paths identified on a PCB from passive eavesdropping.
The last part of the PROBoter series introduced the heart of the PROBoter framework - the hardware platform. The platform allows (semi) automated electrical probing of an unknown PCB which is usually a very time consuming and error prone task. This post focuses on methods to automate the initial analysis step of an embedded system - the visual analysis of the PCB(s) forming the device under test.
The PROBoter is a modular, self-calibrating probing machine to support PCB analysis tasks in penetration tests of embedded systems. The video of the PROBoter demonstrates its four main contributions: 1) The automatic visual detection of components and contact points on a PCB, 2) the automatic probing of contact points for net reversing and signal detection, 3) the mapping of signal lines to given bus protocols, and 4) the support in identification of potential attack vectors.
The first part of the PROBoter series gave an introduction to the manual process of embedded system pentesting. It then showed a possible automated workflow which will be implemented in the form of the PROBoter platform. After a longer phase of further internal development and evaluation, this post describes the core component of the PROBoter framework - a hardware platform for automated electrical probing and PCB image generation.
The escar is the world’s leading automotive cyber security conference. SCHUTZWERK participated at this year’s escar Europe with two talks. The first talk of Dr. Bastian Könings discussed the current challenges in automotive penetration testing. The second talk of Fabian Weber presented the PROBoter, a hardware platform to support penetration tests of embedded systems by automating time-consuming analysis tasks.
Security analysis of embedded systems on the Printed Circuit Board (PCB) level can be a very tedious and time-consuming task. Many steps like visual PCB inspection and reverse engineering of security relevant nets, i.e. electrically connected components, is usually done manually by an embedded security expert. PROBoter aims at automating this manual analysis.