SlideShare a Scribd company logo

DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware

Felipe Prado
Felipe Prado

DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware

Technology
1 of 45
Download to read offline
101 Ways to Brick Your Hardware (With some un-bricking tips sprinkled in for good measure) Joe FitzPatrick & Joe Grand (Kingpin)
Overview • What’s a Brick? • Kinds of Bricks • 001: Bricking Firmware • 010: Bricking PCBs • 011: Bricking Connectors • 100: Bricking ICs • 101: Bricking ‘WTF’ scenarios • Recap and Best Practices
What’s a Brick?
What’s a Brick?
• Shows signs of life • Doesn’t boot or work as intended • May be soft-unbrickable • Typically a software or configuration problem Soft Brick
Hard Brick • Little or no sign of life • Doesn’t even power on or flash lights • Probably needs hardware hacking to fix it
101 Kinds of Bricks • 001: Bricking Firmware • 010: Bricking PCBs • 011: Bricking Connectors • 100: Bricking ICs • 101: Bricking ‘WTF’ scenarios
Blanking, wiping, erasing, corrupting, or otherwise invalidating your device’s firmware 001: Bricking Firmware > xxd firmware.bin 0000000: dead dead dead dead dead dead dead dead ................ 0000010: dead dead dead dead dead dead dead dead ................ 0000020: dead dead dead dead dead dead dead dead ................ 0000030: dead dead dead dead dead dead dead dead ................ 0000040: dead dead dead dead dead dead dead dead ................ 0000050: dead dead dead dead dead dead dead dead ................ 0000060: dead dead dead dead dead dead dead dead ................
Flashing Bad Firmware: 
 DEFCON 18 Bootloader • Bootloader not in protected region • Screw up during linking can cause bootloader to be overwritten • Un-bricked through JTAG interface & MC56F8006 development tools
Wiping Critical Sections: Chromebook Firmware
• binwalk’s histogram shows entropy in a file • Top: Physical extraction of BIOS via SPI • Bottom: Software dump via flashrom • The two firmwares are different because the CPU blocks access to the ME region for software reads? Wiping Critical Sections: Chromebook Firmware
Touching Signed Filesystems: Acer C720 Chromebook • Mount R/O filesystem as R/W • Make changes and reboot • Kernel verifies rootfs before mounting • Mismatch causes error
Careless Copying: 
 DDing the Wrong Partition • Don't accidentally overwrite your primary media • This is bad (except when it’s not) > sudo dd if=install.iso of=/dev/sda bs=32M 128+0 records in 128+0 records out 4294967295 bytes (4.3 GB, 4.0 GiB copied)
Unbricking your Firmware • Restore a known good/complete backup • Directly read/write the storage media • Recovery/bootloader/download mode • On-chip program/debug interface (JTAG, ICSP, etc.) • Swap out physical Flash device
Burning, melting, delaminating, shorting and scratching your PCBs and traces 010: Bricking PCBs
Delaminating Traces:
 Preparing Debug Headers • Unpopulated JTAG header’s holes were filled with solder • Too much heat + sloppy work = completely extracted through-hole plating • Directed heat can eventually cause copper to delaminate from substrate
Scratching Traces:
 Desoldering CPU on a Pogoplug • Wanted to remove CPU to follow traces underneath • Tried lifting part before solder was molten, putting too much pressure on PCB w/ sharp tool • Damaged traces on board and broke pins on chip, but it was worth it!
Shorting Traces/Pins: 
 Hirsch ScramblePad • Using multimeter to measure input voltage to LM7805 • Probe slipped, shorting input to ground • Spark, burned board, bruised ego
Burning Traces: 
 FoodSaver V850 • Improper connection of oscilloscope ground • Tried to measure an AC signal • Blew trace that served as a low-cost fuse • Thankfully oscilloscope not damaged!
Burning Traces: 
 FoodSaver V850
Unbricking your PCBs • Careful soldering to repair and/or replace • Blue wires • Epoxy and adhesives • Patience
Damaging power plugs, breaking solder joints, crushing internal connectors, and severing internal cabling 011: Bricking Connectors
Loose Connectors: 
 Chromebook C720 Display • Taut cable routing causes LCD connector to loosen over time • 9 out of 10 ‘DOA’ C720’s were fixed by adjusting this cable and re- taping • Sometimes normal use can brick your hardware
Misused Connectors: 
 ECS Liva Mini PC • Micro USB connector used for power input • Traces are not well sized for required current (3A), thermal regulation is not well controlled • At high CPU utilization, the PCB overheats, deforms the connector, disconnects power
Breaking Solder Joints: 
 TW700 Tablets • Micro USB connector used for power/charging input • Tablet case cutout is not snug around the connector • Wiggling the cable moved the connector and broke solder joints • Surface mount connectors have poor mechanical stability, solder is not designed to handle mechanical stress
Slicing Internal Cables: 
 Low-Cost Consumer Device • Acer CB3 has USB & audio running over FPC (Flexible Printed Circuit) • FPC connects between circuit boards on each side of the clamshell • Opening the case without knowing this either disconnects cable (good) or causes cable to kink & tear (bad)
Slicing Internal Cables: 
 High-Cost Consumer Device
Unbricking your Connectors • Mechanical reinforcement (e.g., tape, epoxy, not solder) • Electrical reinforcement (e.g., upgraded wiring, more solder) • Know how to measure & locate replacements • Know how to read mechanical drawings • Digi-Key is your friend
Exceeding the Absolute Maximum ratings and letting out the magic smoke 100: Bricking ICs
Applying Too Much Voltage: 
 Teclast X98 1.8V SPI Flash • Intel Bay Trail chipsets use 1.8V SPI Flash chips to store BIOS • Many common HW tools are 3.3V or 5V • Overvoltage could corrupt memory contents, damage chips • Use a level shifter to bring signal voltages within allowable range
Pulling Too Much Current: 
 Serial-to-USB Devices • Serial-to-USB device using counterfeit Prolific PL2303 • Poor build quality caused overcurrent condition that wasn't detected by host USB port • Case melted, PCB damaged, component fried
• Used in power supply circuitry of pre-production consumer device • Die analysis reveals burned output driver caused by over current to the tab Pulling Too Much Current: 
 Seaward SE8117T33 LDO Regulator
Unbricking your ICs • Replace the chip • Fix your board/connection issues first or you’ll have two fried chips • Digi-Key is still your friend
When environmental conditions and physical factors gang up against your devices 101: Bricking ‘WTF’ Scenarios
Anti-Tamper Mechanisms: AT&T Microcell • 2x3 male headers w/ 3 jumpers each • Jumpers are tethered to both sides of case, get pulled out when opened • When powered up, sets tamper flag and phones home
Anti-Tamper Mechanisms: VeriFone PINpad 1000SE • Multiple mechanisms to detect physical intrusion (switch, active mesh PCB) • Tamper event erases encryption keys from battery-backed RAM • Requires special process/sequence to re-key/re-enable
Environmental Conditions: Parallax RFID R/W USB Module • Antenna sensitivity too high • Received noise from environment and unclean USB power • Demodulated noise into digital data • Years of anguish • Single capacitor value change solved problem
Environmental Conditions: AR Sandbox Kinect • Kinect uses IR light to generate a pattern • IR light from sun interferes with pattern, so Kinect doesn’t work in daylight • Putting a black sheet over sandbox helps block indirect light, but casts a deceiving pattern resulting in strange behavior
Environmental Conditions: Optical Glitching • Most silicon is light sensitive and can be subject to the photoelectric effect • Photoelectrons can intentionally or unintentionally change behavior of IC • Not a problem when they’re encapsulated in opaque package • Raspberry Pi 2: Camera flash caused power regulator to glitch and reset • Hirsch ScrambleLock: Camera flash caused MCU to lock up, requiring physical reset
Unbricking WTF Scenarios • You might not know what you did! • Get another piece of hardware and be careful this time • Get another piece of hardware and manually ‘diff’ • Grab a bite to eat or take a nap. Maybe it’ll just work later?
The Best Ways to Brick? • 001: Bricking Firmware
 -> Wipe your flash • 010: Bricking PCBs
 -> Cut your traces • 011: Bricking Connectors
 -> Smash your connectors • 100: Bricking ICs
 -> Apply the wrong voltage • 101: Bricking ‘WTF’ scenarios
 -> Work on anything last minute
The Best Ways to Avoid Brick? • 001: Bricking Firmware
 -> Back up your firmware! • 010: Bricking PCBs
 -> Plenty of workspace & protective measures • 011: Bricking Connectors
 -> Patience and the right tools • 100: Bricking ICs
 -> Double check pinouts and voltages (RTFM!) • 101: Bricking ‘WTF’ scenarios
 -> Have a predictable workbench setup
The Best Ways to Unbrick? • 001: Bricking Firmware
 -> Restore your backup • 010: Bricking PCBs
 -> Soldering skills • 011: Bricking Connectors
 -> Digi-Key is your friend • 100: Bricking ICs
 -> Digi-Key is still your friend • 101: Bricking ‘WTF’ scenarios
 -> Don’t hack what you can’t afford to lose!
Benefits of the Brick • Sacrificial brick • Learn from your mistakes (hopefully at someone else's expense) • Share your mistakes so others can avoid them
Questions? • Apparently you can make a whole presentation about bricking • Thanks for watching!

Recommended

Introduction to PCB Design (Eagle)
Introduction to PCB Design (Eagle)Introduction to PCB Design (Eagle)
Introduction to PCB Design (Eagle)yeokm1
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...ScyllaDB
 
Assembling
AssemblingAssembling
AssemblingMagline Pereira
 
data recovery training course online offline INTERSOFT
data recovery training course online offline INTERSOFT data recovery training course online offline INTERSOFT
data recovery training course online offline INTERSOFT Abdullah Khan
 
Siri hardware troubleshooting
Siri hardware troubleshootingSiri hardware troubleshooting
Siri hardware troubleshootingsirikeshava
 
Assembling.pptx
Assembling.pptxAssembling.pptx
Assembling.pptxGauravSharmaIAHAP
 
Chs safety and hazard
Chs safety and hazardChs safety and hazard
Chs safety and hazardanjgulf
 

Recommended

Introduction to PCB Design (Eagle)
Introduction to PCB Design (Eagle)Introduction to PCB Design (Eagle)
Introduction to PCB Design (Eagle)yeokm1
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat Security Conference
 
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...
Scylla Summit 2018: Make Scylla Fast Again! Find out how using Tools, Talent,...ScyllaDB
 
Assembling
AssemblingAssembling
AssemblingMagline Pereira
 
data recovery training course online offline INTERSOFT
data recovery training course online offline INTERSOFT data recovery training course online offline INTERSOFT
data recovery training course online offline INTERSOFT Abdullah Khan
 
Siri hardware troubleshooting
Siri hardware troubleshootingSiri hardware troubleshooting
Siri hardware troubleshootingsirikeshava
 
Assembling.pptx
Assembling.pptxAssembling.pptx
Assembling.pptxGauravSharmaIAHAP
 
Chs safety and hazard
Chs safety and hazardChs safety and hazard
Chs safety and hazardanjgulf
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Pre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationPre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationDVClub
 
ComputerAssembly
ComputerAssemblyComputerAssembly
ComputerAssemblyjay decelo
 
Reasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the PrecautionsReasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the PrecautionsAjay Jassi
 
PCB DESIGN - Introduction to PCB Design Manufacturing
PCB DESIGN - Introduction to PCB Design ManufacturingPCB DESIGN - Introduction to PCB Design Manufacturing
PCB DESIGN - Introduction to PCB Design ManufacturingVibrant Technologies & Computers
 
Day 2 HARDWARE
Day 2 HARDWAREDay 2 HARDWARE
Day 2 HARDWAREMarlon Rabacca
 
Computer Assembly
Computer AssemblyComputer Assembly
Computer AssemblyMichael Corcino
 
Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1Gaditek
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
Css grade 11 week 3
Css grade 11 week 3Css grade 11 week 3
Css grade 11 week 3Danilo Anos
 
Computer Class Presentation-3
Computer Class Presentation-3Computer Class Presentation-3
Computer Class Presentation-3avalentinpr
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...Felipe Prado
 
Edtec440pp
Edtec440ppEdtec440pp
Edtec440ppkhough3877
 
PCBDesign.pdf
PCBDesign.pdfPCBDesign.pdf
PCBDesign.pdfdavecornec
 
Ss air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_applianceSs air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_applianceAdvantec Distribution
 
io and pad ring.pdf
io and pad ring.pdfio and pad ring.pdf
io and pad ring.pdfquandao25
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 

More Related Content

Similar to DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware

DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Pre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationPre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationDVClub
 
ComputerAssembly
ComputerAssemblyComputerAssembly
ComputerAssemblyjay decelo
 
Reasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the PrecautionsReasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the PrecautionsAjay Jassi
 
Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1Gaditek
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Gaditek
 
Css grade 11 week 3
Css grade 11 week 3Css grade 11 week 3
Css grade 11 week 3Danilo Anos
 
Computer Class Presentation-3
Computer Class Presentation-3Computer Class Presentation-3
Computer Class Presentation-3avalentinpr
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...Felipe Prado
 
Ss air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_applianceSs air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_applianceAdvantec Distribution
 
io and pad ring.pdf
io and pad ring.pdfio and pad ring.pdf
io and pad ring.pdfquandao25
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 

Similar to DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware (20)

DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardware
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Pre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si ValidationPre-Si Verification for Post-Si Validation
Pre-Si Verification for Post-Si Validation
 
ComputerAssembly
ComputerAssemblyComputerAssembly
ComputerAssembly
 
Reasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the PrecautionsReasons why Hardware is Installed and Potential Problems and the Precautions
Reasons why Hardware is Installed and Potential Problems and the Precautions
 
PCB DESIGN - Introduction to PCB Design Manufacturing
PCB DESIGN - Introduction to PCB Design ManufacturingPCB DESIGN - Introduction to PCB Design Manufacturing
PCB DESIGN - Introduction to PCB Design Manufacturing
 
Day 2 HARDWARE
Day 2 HARDWAREDay 2 HARDWARE
Day 2 HARDWARE
 
Computer Assembly
Computer AssemblyComputer Assembly
Computer Assembly
 
Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1Dealing with Exceptions Computer Architecture part 1
Dealing with Exceptions Computer Architecture part 1
 
Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2Dealing with exceptions Computer Architecture part 2
Dealing with exceptions Computer Architecture part 2
 
Css grade 11 week 3
Css grade 11 week 3Css grade 11 week 3
Css grade 11 week 3
 
Computer Class Presentation-3
Computer Class Presentation-3Computer Class Presentation-3
Computer Class Presentation-3
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
 
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
DEF CON 27 - PHAR NO MAS - how one side channel flaw opens atm pharmacies and...
 
Edtec440pp
Edtec440ppEdtec440pp
Edtec440pp
 
PCBDesign.pdf
PCBDesign.pdfPCBDesign.pdf
PCBDesign.pdf
 
Ss air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_applianceSs air defense_model_sv-1252_appliance
Ss air defense_model_sv-1252_appliance
 
io and pad ring.pdf
io and pad ring.pdfio and pad ring.pdf
io and pad ring.pdf
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
 

More from Felipe Prado

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
 
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingDEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingFelipe Prado
 

More from Felipe Prado (20)

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
 
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingDEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware

  • 1. 101 Ways to Brick Your Hardware (With some un-bricking tips sprinkled in for good measure) Joe FitzPatrick & Joe Grand (Kingpin)
  • 2. Overview • What’s a Brick? • Kinds of Bricks • 001: Bricking Firmware • 010: Bricking PCBs • 011: Bricking Connectors • 100: Bricking ICs • 101: Bricking ‘WTF’ scenarios • Recap and Best Practices
  • 5. • Shows signs of life • Doesn’t boot or work as intended • May be soft-unbrickable • Typically a software or configuration problem Soft Brick
  • 6. Hard Brick • Little or no sign of life • Doesn’t even power on or flash lights • Probably needs hardware hacking to fix it
  • 7. 101 Kinds of Bricks • 001: Bricking Firmware • 010: Bricking PCBs • 011: Bricking Connectors • 100: Bricking ICs • 101: Bricking ‘WTF’ scenarios
  • 8. Blanking, wiping, erasing, corrupting, or otherwise invalidating your device’s firmware 001: Bricking Firmware > xxd firmware.bin 0000000: dead dead dead dead dead dead dead dead ................ 0000010: dead dead dead dead dead dead dead dead ................ 0000020: dead dead dead dead dead dead dead dead ................ 0000030: dead dead dead dead dead dead dead dead ................ 0000040: dead dead dead dead dead dead dead dead ................ 0000050: dead dead dead dead dead dead dead dead ................ 0000060: dead dead dead dead dead dead dead dead ................
  • 9. Flashing Bad Firmware: 
 DEFCON 18 Bootloader • Bootloader not in protected region • Screw up during linking can cause bootloader to be overwritten • Un-bricked through JTAG interface & MC56F8006 development tools
  • 10. Wiping Critical Sections: Chromebook Firmware
  • 11. • binwalk’s histogram shows entropy in a file • Top: Physical extraction of BIOS via SPI • Bottom: Software dump via flashrom • The two firmwares are different because the CPU blocks access to the ME region for software reads? Wiping Critical Sections: Chromebook Firmware
  • 12. Touching Signed Filesystems: Acer C720 Chromebook • Mount R/O filesystem as R/W • Make changes and reboot • Kernel verifies rootfs before mounting • Mismatch causes error
  • 13. Careless Copying: 
 DDing the Wrong Partition • Don't accidentally overwrite your primary media • This is bad (except when it’s not) > sudo dd if=install.iso of=/dev/sda bs=32M 128+0 records in 128+0 records out 4294967295 bytes (4.3 GB, 4.0 GiB copied)
  • 14. Unbricking your Firmware • Restore a known good/complete backup • Directly read/write the storage media • Recovery/bootloader/download mode • On-chip program/debug interface (JTAG, ICSP, etc.) • Swap out physical Flash device
  • 15. Burning, melting, delaminating, shorting and scratching your PCBs and traces 010: Bricking PCBs
  • 16. Delaminating Traces:
 Preparing Debug Headers • Unpopulated JTAG header’s holes were filled with solder • Too much heat + sloppy work = completely extracted through-hole plating • Directed heat can eventually cause copper to delaminate from substrate
  • 17. Scratching Traces:
 Desoldering CPU on a Pogoplug • Wanted to remove CPU to follow traces underneath • Tried lifting part before solder was molten, putting too much pressure on PCB w/ sharp tool • Damaged traces on board and broke pins on chip, but it was worth it!
  • 18. Shorting Traces/Pins: 
 Hirsch ScramblePad • Using multimeter to measure input voltage to LM7805 • Probe slipped, shorting input to ground • Spark, burned board, bruised ego
  • 19. Burning Traces: 
 FoodSaver V850 • Improper connection of oscilloscope ground • Tried to measure an AC signal • Blew trace that served as a low-cost fuse • Thankfully oscilloscope not damaged!
  • 21. Unbricking your PCBs • Careful soldering to repair and/or replace • Blue wires • Epoxy and adhesives • Patience
  • 22. Damaging power plugs, breaking solder joints, crushing internal connectors, and severing internal cabling 011: Bricking Connectors
  • 23. Loose Connectors: 
 Chromebook C720 Display • Taut cable routing causes LCD connector to loosen over time • 9 out of 10 ‘DOA’ C720’s were fixed by adjusting this cable and re- taping • Sometimes normal use can brick your hardware
  • 24. Misused Connectors: 
 ECS Liva Mini PC • Micro USB connector used for power input • Traces are not well sized for required current (3A), thermal regulation is not well controlled • At high CPU utilization, the PCB overheats, deforms the connector, disconnects power
  • 25. Breaking Solder Joints: 
 TW700 Tablets • Micro USB connector used for power/charging input • Tablet case cutout is not snug around the connector • Wiggling the cable moved the connector and broke solder joints • Surface mount connectors have poor mechanical stability, solder is not designed to handle mechanical stress
  • 26. Slicing Internal Cables: 
 Low-Cost Consumer Device • Acer CB3 has USB & audio running over FPC (Flexible Printed Circuit) • FPC connects between circuit boards on each side of the clamshell • Opening the case without knowing this either disconnects cable (good) or causes cable to kink & tear (bad)
  • 27. Slicing Internal Cables: 
 High-Cost Consumer Device
  • 28. Unbricking your Connectors • Mechanical reinforcement (e.g., tape, epoxy, not solder) • Electrical reinforcement (e.g., upgraded wiring, more solder) • Know how to measure & locate replacements • Know how to read mechanical drawings • Digi-Key is your friend
  • 29. Exceeding the Absolute Maximum ratings and letting out the magic smoke 100: Bricking ICs
  • 30. Applying Too Much Voltage: 
 Teclast X98 1.8V SPI Flash • Intel Bay Trail chipsets use 1.8V SPI Flash chips to store BIOS • Many common HW tools are 3.3V or 5V • Overvoltage could corrupt memory contents, damage chips • Use a level shifter to bring signal voltages within allowable range
  • 31. Pulling Too Much Current: 
 Serial-to-USB Devices • Serial-to-USB device using counterfeit Prolific PL2303 • Poor build quality caused overcurrent condition that wasn't detected by host USB port • Case melted, PCB damaged, component fried
  • 32. • Used in power supply circuitry of pre-production consumer device • Die analysis reveals burned output driver caused by over current to the tab Pulling Too Much Current: 
 Seaward SE8117T33 LDO Regulator
  • 33. Unbricking your ICs • Replace the chip • Fix your board/connection issues first or you’ll have two fried chips • Digi-Key is still your friend
  • 34. When environmental conditions and physical factors gang up against your devices 101: Bricking ‘WTF’ Scenarios
  • 35. Anti-Tamper Mechanisms: AT&T Microcell • 2x3 male headers w/ 3 jumpers each • Jumpers are tethered to both sides of case, get pulled out when opened • When powered up, sets tamper flag and phones home
  • 36. Anti-Tamper Mechanisms: VeriFone PINpad 1000SE • Multiple mechanisms to detect physical intrusion (switch, active mesh PCB) • Tamper event erases encryption keys from battery-backed RAM • Requires special process/sequence to re-key/re-enable
  • 37. Environmental Conditions: Parallax RFID R/W USB Module • Antenna sensitivity too high • Received noise from environment and unclean USB power • Demodulated noise into digital data • Years of anguish • Single capacitor value change solved problem
  • 38. Environmental Conditions: AR Sandbox Kinect • Kinect uses IR light to generate a pattern • IR light from sun interferes with pattern, so Kinect doesn’t work in daylight • Putting a black sheet over sandbox helps block indirect light, but casts a deceiving pattern resulting in strange behavior
  • 39. Environmental Conditions: Optical Glitching • Most silicon is light sensitive and can be subject to the photoelectric effect • Photoelectrons can intentionally or unintentionally change behavior of IC • Not a problem when they’re encapsulated in opaque package • Raspberry Pi 2: Camera flash caused power regulator to glitch and reset • Hirsch ScrambleLock: Camera flash caused MCU to lock up, requiring physical reset
  • 40. Unbricking WTF Scenarios • You might not know what you did! • Get another piece of hardware and be careful this time • Get another piece of hardware and manually ‘diff’ • Grab a bite to eat or take a nap. Maybe it’ll just work later?
  • 41. The Best Ways to Brick? • 001: Bricking Firmware
 -> Wipe your flash • 010: Bricking PCBs
 -> Cut your traces • 011: Bricking Connectors
 -> Smash your connectors • 100: Bricking ICs
 -> Apply the wrong voltage • 101: Bricking ‘WTF’ scenarios
 -> Work on anything last minute
  • 42. The Best Ways to Avoid Brick? • 001: Bricking Firmware
 -> Back up your firmware! • 010: Bricking PCBs
 -> Plenty of workspace & protective measures • 011: Bricking Connectors
 -> Patience and the right tools • 100: Bricking ICs
 -> Double check pinouts and voltages (RTFM!) • 101: Bricking ‘WTF’ scenarios
 -> Have a predictable workbench setup
  • 43. The Best Ways to Unbrick? • 001: Bricking Firmware
 -> Restore your backup • 010: Bricking PCBs
 -> Soldering skills • 011: Bricking Connectors
 -> Digi-Key is your friend • 100: Bricking ICs
 -> Digi-Key is still your friend • 101: Bricking ‘WTF’ scenarios
 -> Don’t hack what you can’t afford to lose!
  • 44. Benefits of the Brick • Sacrificial brick • Learn from your mistakes (hopefully at someone else's expense) • Share your mistakes so others can avoid them
  • 45. Questions? • Apparently you can make a whole presentation about bricking • Thanks for watching!