Reflections of the IoT Analysis Team

The following are retellings of the stories and experiences of interns of the Leahy Center for Digital Forensics and Cybersecurity. These are the written words of student interns of the Leahy Center, whom are able to gain valuable work-experience in the industry during their time at Champlain College. The nature of their content is not altered or abridged, only streamlined and refined with better prose, and as such: this contains the honest truth of these students’ experiences, and the value they gained from their time at the Leahy Center.

In this installment, we shall see the reports of a group of students who worked together on the Leahy Center’s IoT Analysis Team.

From Natan Eliezer:

Over the course of the Fall 2022 semester, interning at the Leahy Center we learned a lot about different artifacts and methods for extracting information from various devices. In the beginning of the semester, I was given the task and opportunity to learn the protocol for analyzing such devices.

We first needed to generate data that would be accurate to the device’s normal functions and take advantage of its features. Next, on the rooted phone, we would analyze the software and the artifacts on that. This gave a lot of insight on what certain types of information would look like when saved onto the device. After that, we would typically take apart the device and extract information from the hardware, itself. This was the main mission we were working on for the fall 2022 semester.

Overall, this became a more difficult process over time than we were expecting. We used many different tools to try to achieve this goal, with little luck. We researched how to use the JTAGULATOR, by Joe Grand, which we could use for our initial assessment of a device to discover any JTAG or UART interfaces on the device. From there we would attempt to use different devices to interface with different devices. This was the most common road-block for our hardware extraction. A main issue I ran into was the lack of documentation for many devices to interface with the JTAG or UART interfaces.

For example: the RIFF Box is commonly used to interface with JTAG, but we were unable to find any documentation for it being used for JTAG. Despite these issues and challenges, we were still able to learn and understand the framework for doing hardware analysis. It was really valuable to be able to work hands on with different devices that we don’t usually get to work with in classes.

Physically using and extracting software artifacts is also an aspect of the Leahy Center and IoT analysis team that I believe I will be able to use and apply in many situations, in the future.

From Paul Jones:

Over the course of this semester, the IoT Analysis Team (of which I am part) has moved from focusing primarily on the software aspects of IoT forensics, to focusing on the hardware aspects. At the beginning of the summer, I took a class in hardware-hacking IoT devices, which was very thorough. The issue, however, was that these skills were not refreshed or used over the next six months, nor leading up to my time at the Leahy Center. In the future, if anyone takes a class regarding hardware-hacking, it is my advice to keep these skills sharp by exercising them, in case they are needed. I ran into the issue of only remembering parts of my previous course, when we began to work on the hardware given to us, and thus I was not able to assist the new hires in this skillset.

The majority of the team’s attempts to access the hardware flash-memory of a given device involved interfacing with the debug pins present in said devices, in order to induce a connection to the flash chip so that the memory can be read. Various attempts were made to connect to either type of debug pin with little success using tools like JTAGULATOR, us pirate, and RIFF Box. Overall, whilst we gained significant understanding regarding hardware in general, no major successes were had by the IoT team in regards to hardware-hacking.

By far the biggest issue I encountered during this semester is making advances that could be replicated on repeated attempts. There have been a couple of times over the semester where either I, or the rest of the team, made advances which were isolated to a single device, or were in no way repeatable even with the same actions being performed on the chips. The reason why this is important is that what we are attempting needs to be replicated and explained, and so far: we have yet to succeed at this. Hopefully, over the course of the next semester, armed with the new tools we purchased: we can get a better grasp on hardware-hacking.

From Yehuda Bollen:

This semester at the Leahy Center, on the IoT analysis team, we mainly focused on hardware. In the beginning, we did a little bit of practice with software, but after that: it was hardware all the way through. To begin, we mostly researched how to get started. None of us had actually worked with hardware, before. Once we had figured out where to start, it became a lot of trial and error. At first, we were trying to interrupt the boot sequence by cycling power to the PCB we were using. This worked once, but we were not able to replicate this result since, so we tried a few other methods.

We bought a “JTAGULATOR”, which is an open-source tool that allows you to connect a PCB without identifying the pinout. Though we tried using this device a million different ways, we were never able to get the result that we wanted. We then moved on to the VR table. The VR table allows you to connect to, either, JTAG or UART without having to directly solder to the PCB. We connected the PCB to the computer using the RIFF box tool. The RIFF Box tool has software that gives you a terminal to access a system with. We tried using this and we were able to connect properly but we were never successful in getting root on the device.

We got a new tool called “attify badge”, near the semester’s end. It is similar to the RIFF Box, but used with more debug pin-types, and its software was more user-friendly. We ended the semester having learned a lot about hardware, and next semester, we will be getting more devices to work with software on. We will continue to work on hardware, in the meantime. I think that we did a lot of very productive work and I learned a lot by working on this team, and at the Leahy Center.

From Sebastian Eldridge:

During the first few weeks of the internship, we did a “general” IoT Research Report. This task allowed us to learn what an IoT device is, and how to research in-depth and granular topics. A skill that definitely became further developed as the internship continued. Following that, I disassembled and analyzed my first device, the Amazon Echo. This taught me how to identify, and ascertain the function of, various chips on the PCB.

We did research on the various methods that we would be using to hack hardware, and how they function. This mainly consisted of taking notes from the book, “The IoT Hacker’s Handbook“, by Aditya Gupta. As a result, I gained more knowledge on the usage of JTAG & UART. We also soldered pins onto a PCB; I researched how to use VR tables, and created connections on a PCB.

Not everything went perfectly, however. One thing that didn’t pan out quite so well was our attempts to hack a device. I’m not going to lie, it was a struggle actually getting results. It’s frustrating because I know, or at least, think I know how to hack them, but it just wasn’t working. I would say that this taught me the old adage: “no battle plan survives first contact with the enemy”.

My soldering skills also need some work, as although I learned how to do it: I still made mistakes.

.

I would say that the overall value I got out of this internship is threefold.

The first would be the additions I can make to my resume value. The various assignments in Champlain’s ITS-192 course are fairly good when it comes to fleshing out my marketable skills.

The second are experience and skills that I have gained and sharpened over the course of this internship. I definitely have a better understanding of IoT devices, and computers as a whole, and how to hack their hardware.

The third is the opportunity to network with other professionals. I would say that this internship gave me the opportunity to get to know my soon-to-be peers in the industry.

.

Interning for the Leahy Center as part of Champlain College’s technical courses is not always easy. But even as our student interns stumble and encounter road-blocks, they learn from their mistakes. They learn valuable lessons which will prepare them for fulfilling cybersecurity careers in the future. The quality of our tutoring and coursework fosters such development in hundreds of students, every year.

The Leahy Center thanks its interns for lending their time and words to this record. We also thank our many talented and dedicated staff-members for allowing us to do the work we do. Our doors are always open to those looking to gain firsthand experience for a budding career. Or those looking to continue a fruitful one in a professional, effective environment. From myself and the Leahy Center, we look forward to hearing from you.

Stay up to date with Twitter, Instagram, Facebook, and LinkedIn so you always know what we’re up to!

Written by James ‘23  // Professional Writing

More Student Experience
Champlain College as Finalists in NECCDC
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look