JTAGsploitation - 5 Wires, 5 Ways to Root

Explore the world of JTAG exploitation in this 47-minute conference talk presented by Joe FitzPatrick and Matt King at the 44CON Information Security Conference. Dive into the intricacies of using JTAG (Joint Test Action Group) interfaces to gain root access on embedded systems. Learn about the physical layer of Test Access Ports, the data link layer of TAP Finite State Machines, and transport layer specifics. Discover practical applications on the Beaglebone Black, including boundary scan techniques and accessing non-volatile storage. Delve into advanced topics such as run control, memory access, analysis, and scraping. Explore boot arguments, patching, and Linux file system ACL enforcement. Gain insights into locating kernel functions, identifying patch points, and various delivery options. Master techniques for kernel patching, manipulating getty parameters, searching memory, and patching processes. Equip yourself with powerful hardware hacking skills and understand the potential vulnerabilities in embedded systems.

Intro
Speaker Bio
Physical Layer: Test Access Port
Data Link: TAP FSM
Transport Layer: Target-Specific
JTAG on the Beaglebone Black
Boundary Scan on the BBB
Access Non-Volatile Storage
Run Control
Memory Access
Simple Memory Analysis
Advanced Memory Analysis
Memory Scraping & Analysis
Boot Arguments
Boot Patch
Linux File System ACL Enforcement
Locating Kernel Functions
Identifying Patch Point
Delivery Options
Kernel Patch
getty Parameters
Searching Memory
Patch a Process
Summary