Joe Fitz

@securelyfitz@chaos.social
1.5K Followers
182 Following
89 Posts
Hardware Hacker, Trainer, & Researcher
Tigardhttps://github.com/tigard-tools/tigard
Traininghttps://learn.securinghardware.com/
Show threadJoe FitzDec 26, 2024

Of course, if you'd rather take the classes in person, you can register today for some upcoming live classes:

S4 in Tampa, FL: https://s4xevents.com/s4x25-training/

Reverse.io in Orlando: https://shop.binary.ninja/products/re-verse-hardware-reverse-engineering

Black Hat in Singapore: https://www.blackhat.com/asia-25/training/schedule/index.html#applied-hardware-attacks-on-embedded-and-iot-systems--43057

Training

S4x25
Joe FitzDec 26, 2024

Got 2024 training budget left over? Need to use it or lose it? I set up coupon code "useitorloseit" for 20% off all my self-paced hardware hacking training.

APA #1 - Embedded and IoT systems: https://learn.securinghardware.com/checkout/?add-to-cart=27449 2+ days introducing you to hardware

APA #2 - Hardware Pentesting: https://learn.securinghardware.com/checkout/?add-to-cart=27888 2+ days of how to fit hardware into your existing pentest process, threat modeling, and risk assessment  

Both APA #1 and #2 bundle: https://learn.securinghardware.com/checkout/?add-to-cart=28725

Cart – SecuringHardware.com

Joe FitzDec 19, 2024
Show threadFeralRobotsDec 19, 2024
@rakoo @mekkaokereke @jeromechoo
Bingo. 'I agree with' is just wrong - he factually doesn't agree with Musk. But he just endorsed Musk's whole deal.
Show threadJoe FitzDec 8, 2024

@gsuberland @xabean @esden

Anyway, all those experiences lead to the design decisions in tigard. level shifting without a bitstream, always-on jtag, proper eeprom contents, and labeled headers.

I had hoped someone else would have done it, but really should have done it way before I did. I am always surprised that people love tigard so much since there's nothing special about it - except i guess for the part where it doesn't seem to have any fatal flaws.

Show threadJoe FitzDec 8, 2024

@gsuberland @xabean @esden
After the bustblaster, i tried using the TUMPA lite because it was cheap and readily available at the time. but for some reason we had >10% failure rate every time we taught a class with them.

Shikra came out of the desire to use a simple breakout board - it's the FTDI ft232h breakout board except with 2.54mm pins instead of 2mm.

Adafruit's breakout was even simpler and cheaper - but to this day ships with corrupt eeprom.

Show threadJoe FitzDec 8, 2024

@gsuberland @xabean @esden

I've gotten the buspirate working with jtag/openocd. You need to flash a specific firmware (or should i say - frimware), and then you have to only use jtag, and then it's really slow, and then if anything goes wrong with jtag, your part, or openocd, you have to hard power cycle the buspirate, re-enter jtag mode, and restart openocd,

Busblaster is better. Except out of the box i couldn't get it working on anything until i went and built my own bitstreams.

Joe FitzSep 26, 2024
Show threadJosephMennSep 21, 2024
Good ol’ bloomberg classic
Show threadJoe FitzAug 19, 2024

@brk I also have a bunch of different bit organizers that are laser cut plywood or acrylic plus standoffs... That replace 3d printed ones I used previously.

I have a huge assortment of 1x1.5" bins that I'm glad I didn't have to print for most stuff:

Show threadJoe FitzAug 19, 2024
@brk laser cut plywood boxes :)
Show threadJoe FitzAug 19, 2024

@stacksmashing @esden

A lot of these things are better suited to custom pcbs, but sometimes you don't have the time to wait for boards or a PCB mill on hand. For some, any cnc machine would actually be the ideal tool but 3d printers are smaller/quieter/cheaper/easier/safer/more readily available