Closing Debug Ports Without Breaking Field Repair
Disabling debug ports hardens a device but can block legitimate repair. Here is how to lock down without painting yourself into a corner.
Measured Boot vs Secure Boot
Secure boot and measured boot sound similar but do different jobs. Here is how they differ, how each works, and when you want both.
Blowing Fuses: Locking Down a Production Device
One-time-programmable fuses turn security features on permanently. Here is what they protect and why shipping with them unblown is a common, costly mistake.
Using a Bus Pirate for Quick Hardware Triage
The Bus Pirate is a cheap multi-protocol tool for poking at unknown buses. Here is how it speeds up the messy early phase of hardware reconnaissance.
Tapping a Parallel Memory Bus
Older and higher-performance designs use parallel memory buses. Here is what makes them harder to tap than serial flash and how it is done.
Identifying Chips on an Unfamiliar Board
Before you can attack a board you have to know what is on it. Here is how to identify the chips that matter and skip the ones that do not.
Bypassing JTAG Lock With Hardware Access
A locked JTAG port is not always a closed one. Here is how physical access is used to re-open disabled debug interfaces, and why locking alone is not the end.
Reading a QFP Datasheet Like an Attacker
A datasheet is a map of where a chip’s secrets live. Here is how to read one with an attacker’s eye for debug pins and exposed interfaces.
Pulling Firmware Over a Bootloader Console
When a bootloader console is reachable over UART, you often do not need a chip clip at all. Here is how to dump firmware straight from U-Boot.
Why Encrypted Firmware Is Not Enough
Encrypting firmware feels like the finish line, but the key has to live somewhere. Here is why encryption alone rarely stops a determined attacker.