Reconnaissance

In this chapter we demonstrate on how to enumerate a device. It makes sense to follow a top down approach and start analyzing from the outside first before opening a device. Opening a unknown device comes always at the risk of triggering a tamper protection or damaging it. Even without opening the device we can already identify potential weaknesses.

Overview

• Closed device

  • OSINT:

    • search the web for public information

    • use FCCID.io to get internal pictures of your device

  • Investigate USB Ports / SD-card

• Opened device

  • Board Analysis:

    • Things to look out for on the PCB:

      • How to identify test pads as potential debug interfaces

      • component identification (flash chips, MCUs, wireless modules)