Reconnaissance

In this chapter we demonstrate on how to enumerate a device. It makes sense to follow a top down approach and start analyzing from the outside first before opening a device. Opening a unknown device comes always at the risk of triggering a tamper protection or damaging it. Even without opening the device we can already identify potential weaknesses.

Overview

  • Closed device

    • OSINT:

      • search the web for public information

      • use FCCID.io to get internal pictures of your device

    • Investigate USB Ports / SD-card

  • Opened device

    • Board Analysis:

      • Things to look out for on the PCB:

        • How to identify test pads as potential debug interfaces

        • component identification (flash chips, MCUs, wireless modules)

Last updated