Common Hardware Components
Common Hardware Components in IoT & Hardware Hacking
When performing hardware hacking or analyzing IoT devices, it’s important to understand the basic components that make up the device. Below is a quick reference guide to common hardware components.
Capacitors
Function: Store and release electrical energy. They help regulate voltage and filter noise in circuits.
Relevance to Pentesters: Capacitors can affect power analysis techniques, especially in side-channel attacks. They often need to be removed for that reason.
Flash Chips
Function: Non-volatile memory used to store firmware and device settings.
Relevance to Pentesters: Flash chips often contain firmware that can be extracted and analyzed. Tools like a flash programmer can be used to read from flash chips.
RAM (Random Access Memory)
Function: Temporary memory that stores data for quick access by the device’s processor.
Relevance to Pentesters: RAM often contains runtime data, and in some cases, sensitive information can be extracted for analysis, especially during volatile memory analysis in exploitation or reverse engineering.
MCU (Microcontroller Unit)
Function: A small computer on a single integrated circuit containing a processor, memory, and I/O peripherals.
Relevance to Pentesters: MCUs control the behavior of embedded systems. By analyzing or reprogramming MCUs, pentesters can manipulate the behavior of IoT devices.
Common MCUs: STM32, ESP8266, LPC1768
Resistors
Function: Limit or control the current flow in a circuit.
Relevance to Pentesters: Understanding resistor configurations helps in circuit analysis, especially in reverse engineering hardware designs.
Diodes
Function: Allow current to flow in one direction while blocking it in the opposite direction.
Relevance to Pentesters: Diodes protect sensitive components from reverse voltage. Zener diodes, for example, regulate voltage in circuits, which is useful in power behavior analysis.
Transistors
Function: Act as switches or amplifiers, controlling large amounts of current with small inputs.
Relevance to Pentesters: Transistors are found in almost every circuit. Understanding how they control signals is vital when analyzing or manipulating hardware circuits.
Types: Bipolar Junction Transistors (BJT), Field Effect Transistors (FET), Metal Oxide Semiconductor FETs (MOSFET)
EEPROM (Electrically Erasable Programmable Read-Only Memory)
Function: Non-volatile memory used for storing small amounts of data, such as device configurations.
Relevance to Pentesters: EEPROMs may store critical configuration data that can be dumped for analysis or modified to change device behavior.
Common Interfaces: I2C, SPI
Crystals / Oscillators
Function: Provide a clock signal to synchronize operations in digital circuits.
Relevance to Pentesters: Crystals are key in timing-related attacks, such as clock glitching. Precise timing manipulation can sometimes lead to exploitable conditions in embedded systems.
Types: Quartz crystals, ceramic resonators
Voltage Regulators
Function: Maintain a constant voltage level for components in a circuit.
Relevance to Pentesters: Voltage regulators play a role in power analysis, especially during fault injection or brown-out attacks where system voltage stability is critical.
Types: Linear regulators (e.g., LM7805), switching regulators
LEDs (Light Emitting Diodes)
Function: Emit light when current passes through them.
Relevance to Pentesters: LEDs provide visual feedback on the state of a device. They are also often used in optical communication or data transfer for debugging.
Common Variants: Standard LEDs, IR LEDs
Inductors
Function: Store energy in a magnetic field when current passes through them.
Relevance to Pentesters: Inductors are important in power circuits and can affect power analysis attacks. They are often found in combination with capacitors in filters or oscillators.
Push Buttons / Switches
Function: Allow manual control of circuits by opening or closing an electrical connection.
Relevance to Pentesters: Buttons or switches are common on IoT devices for user input or reset purposes. Manipulating them at the right time during the boot process could bypass security mechanisms.
Connectors (e.g., JTAG, UART, USB)
Function: Provide a physical interface for communication between hardware devices or for debugging purposes.
Relevance to Pentesters: Connectors like JTAG and UART give direct access to the internal functioning of a device. Understanding these interfaces helps in gaining control over hardware or extracting sensitive data.
Common Interfaces: JTAG, UART, I2C, SPI
Jumpers
Function: Small connectors used to manually set configurations or routes on a circuit board by connecting specific pins.
Relevance to Pentesters: Jumpers are often used to enable or disable features of a device, such as entering debug or boot modes. Adjusting jumpers can help pentesters gain access to restricted areas or manipulate boot settings.
eMMC (embedded MultiMediaCard)
Function: Non-volatile memory used for mass storage in embedded systems. It combines flash memory and a controller in one package.
Relevance to Pentesters: eMMC is often used to store operating systems, firmware, or sensitive data in IoT devices, similar to SD cards. Pentesters may use eMMC readers to dump the contents for analysis, extracting valuable information such as passwords, encryption keys, or firmware.
Last updated