Remove embedded emmc chips from devices for analysis!

Experts from VXRL will demonstrate how to attack the IoT/mobile devices  to obtain privilege and gain access control as well as the data stored.  We will also introduce some inexpensive JTAG/ISP and chip-off equipments (even made in China) on-site and for your testing.

Come by the VXRL chip-off village and learn how to remove embedded eMMC chips for your own analysis. VXRL members will also teach you how to attack IoT/mobile devices to obtain privileges and gain access controls. In addition, some inexpensive JTAG/ISP and chip-off equipment will be made available for your testing and eMMC chips with circuit board kits will be made available for practice.

Agenda (tentative)

27 Nov 2018
Time Village
10:00 – 12:00 Chip off Village – Session 1
12:30 – 14:30 SMD soldering challenge
15:00 – 17:00 Chip off Village – Session 2
28 Nov 2018
Time Village
10:00 – 12:00 Chip off Village – Session 1
12:30 – 14:30 SMD soldering challenge
15:00 – 17:00 Chip off Village – Session 2

Run Down

  • Briefing
  • Chips-off Demonstration
  • Dispenser
  • Data Analysis
  • Practise
  • Challenges

Challenges

  • Use the soldering iron and the dispenser to clean the chip
  • Turn Off the machine
  • Put the chip into the USB eMMC reader in correct direction
  • Retrieve the date from the chip for analysis
  • After cleaning the chips and put it in the eMMC reader, you will see the volume “DEFCONCHIPS” and you can start the analysis
  • Use the common tools: Hex Editor, Python and APKTool to analyze the image file.
  • Answer the questions and get the welcome gift

Speakers

Captain

Captain is the founder of Chip-off Village. It had been held in the different security conference like HITB AMS and Defcon China, and the coming Hardware Security Conference in The Hague and HITB Dubai. He has also delivered chip-off forensics analysis training in HTCIA US, HITCON and CodeBlue security conference.

Anthony

Anthony Lai focus on offensive “Kungfu”, malware analysis, target attack research as well as attribution. He is passionate over Capture the Flag game, reverse engineering and exploitation for years. Anthony found VXRL since 2009 and he is Blackhat Asia and HITB CFP review board members, speaking at Blackhat USA and DEFCON on malware analysis, APT and DDoS attack techniques.