Episode 22: Chipping Away at Hardware Hacking
Critical Thinking - Bug Bounty Podcast8 Kesä 2023

Episode 22: Chipping Away at Hardware Hacking

Episode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Checkout NahamCon:

https://bit.ly/42vnpMS

RiverLoop Security Write-up: https://bit.ly/3oSKL1o

Good Chip-Off Write-up:

https://bit.ly/3IWym3q

Scratching chips to expose pins:

https://bit.ly/45Tj21i

https://bit.ly/3oJJt8Z

Chat with Corben on Degrees: https://youtu.be/N9P5PUx-PNQ?t=2311

Gareth Hayes Tweet:

https://bit.ly/3qvFNYW

Huntress - John Hammond - MoveIt Response:

https://bit.ly/42vTTXv

Critical Thinking Hardware Hacking Setup - See the gear we're talking about (Affiliate links): https://linke.to/hardwarehackingset

Timestamps:

(00:00:00) Introduction

(01:03) NahamCon's Live Hacking Event and Justin's Presentation on PCI DSS

(02:40) Depreciation of Data URLs in SVG Use Element

(04:55) Gareth Hayes and knowledge sharing in the hacking community

(07:50) Move It vulnerability and and John Hammond’s epic 4 am rants

(12:18) Identifying promising leads in bug bounty hunting, and knowing when to move on

(Start of main content)

(21:40) Hardware Recon, and using Test Pins to Access EMMC Chip

(26:16) Identifying Chip Pinouts and Continuity Testing

(29:01) Using Logic Analyzers for Hardware Hacking

(33:01) Importance of Fundamental Knowledge in Hacking, and the benefits of understanding Electrical Engineering

(35:46) Replay Protected Memory Block Protocol

(40:00) Bug Bounty Programs and Hardware Testing Support

(41:05) Chip Pulling techniques and Essential Equipment for Hardware Hacking

(59:50) Tips for Buying Hardware Hacking Tools: Research and Specific Use Cases

(01:06:35) Hardware Hacking: Just scratching the surface.

(01:08:45) Vulnerability Disclaimer: Pulling OS from a chip does not constitute a Vulnerability.

Jaksot(161)

Episode 105: Best Critical Thinking Moments from 2024

Episode 105: Best Critical Thinking Moments from 2024

Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us a...

9 Tammi 20252h 17min

Episode 104: 2024 Hacker Stats & 2025 Goals

Episode 104: 2024 Hacker Stats & 2025 Goals

Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. ...

2 Tammi 202529min

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk thr...

26 Joulu 20241h

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF...

19 Joulu 20241h 2min

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI app...

12 Joulu 202451min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show ...

5 Joulu 20241h 41min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the ...

28 Marras 20241h 42min

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They...

21 Marras 20241h 43min