If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Hardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system.
Use cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting.
However, HRE is a notably complex and cumbersome task which consists of two phases:
In the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device.
Such a netlist is equivalent to the binary in software reverse engineering (SRE).
In the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality.
However, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise.
Even with a recovered netlist, understanding its functionality is an enormously challenging task.
This is partly due to the lack of proper tools for netlist analysis:
While in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free.
To close this gap, researchers from the Embedded Security group of the Horst-Görtz Institute for IT-Security at the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework.
Inspired by the modularity of its SRE equivalents, HAL can be extended through optimized C++ plugins or directly used as a Python library, while at the same time offering a GUI for explorative and interactive analysis.
The project is supposed to give hardware analysts a common platform for the development of new algorithms with a portable design, ultimately aiding both professionals in their daily work as well as researchers in their efforts to publish reproducible results.
In this talk, we will first introduce the foundations and main challenges of HRE, before giving a live demonstration of HAL and some of its capabilities on selected case studies.
We conclude the talk with a glimpse at our associated research at the university that spans both, technical research as well as cross-disciplinary work with psychologists.
Our talk requires only minimum prior knowledge on digital hardware.