Board Analysis | HardBreak

Why it’s interesting
- Interfaces like UART, SPI, I2C, and JTAG allow communication between components and can offer access to debugging or internal system states.
Pentesting focus
- Can give debugging access, unauthorized data interception, or to bypass authentication mechanisms
Examples:
- Sometimes pins are directly exposed:
Header-pins exposed
Sometimes there also available as golden/silver test pads:

Todos:

Identify what connector pins you find (if they are not labeled)
- Put your multimeter in continuity mode (often a "sound" symbol):
- This mode will check if there is a direct link between two points on the pcb
- Put one probe on the connector pad you want to test and the other one goes on the chip (datasheet will tell you what pins are used for UART/SPI/JTAG)
How to probe
- Try to identify all required pins for the corresponding protocol.
If you can't use the microchips pins as reference (for example if it's a BGA chip or if there is no datasheet) you can check the voltage of the pins:
- High constant (around 3.3V or 5V) indicates VCC
- If the voltage fluctuates this may indicate data transmission (try a Logic Analyzer)
- Zero voltage indicates GND

Why it’s interesting
- These are the "brains" of the device, containing firmware and handling communication between components. Vulnerabilities in their firmware or boot process can be exploited to bypass security measures.
Pentesting focus
- Identify debug interfaces (e.g., JTAG, SWD), probe for firmware extraction, inspect for vulnerabilities in the bootloader or firmware updates.
Example

Todos:
- google the chip name (here STM32H7B0) and search for the datasheet
- inside the datasheet look how to communicate with the chip: JTAG/UART/SPI etc.
- identify these pins on the PCB and check where they are going

like Flash, EEPROM, RAM

Why it’s interesting
- These store sensitive information such as firmware, encryption keys, and user data. Analyzing memory chips can help retrieve critical data or alter firmware.
Pentesting focus
- Direct access to these chips for firmware dumping, encryption key recovery, or manipulating stored data (e.g., via SPI or I2C interfaces).
Example:
- They come in different sizes and chapes
  Flash chip
Todos:
- google the chip name and search for the datasheet
- inside the datasheet look how to communicate with the chip: I2C/SPI etc.
- identify these pins on the PCB
- check the section "Extracting Firmware using SPI"

USB ports, Ethernet ports or SD card slots are also of interest for us. This part should have been done before opening the device. Check "closed device" section.

Why it’s interesting
- These ports are common attack vectors for injecting malicious payloads or gaining unauthorized access.
Pentesting focus
- Inspect for insecure configurations, vulnerabilities in firmware updates via USB, and potential exploitation through interface protocols.

like Wi-Fi, Bluetooth, RF, ZigBee

Why it’s interesting
- Wireless communication modules can introduce vulnerabilities like insecure transmission, poor encryption, or weak authentication.
Pentesting focus
- Analyze for improper configuration, sniff traffic, and perform wireless-based attacks like jamming or eavesdropping.\
Example GSM-module: