Books You Should Read: The Hardware Hacker’s Handbook

Here on Hackaday, we routinely cover wonderful informative writeups on different areas of hardware hacking, and we even have our own university with courses that delve into topics one by one. I’ve had my own fair share of materials I’ve learned theory and practical aspects from over the years I’ve been hacking – as it stands, for over thirteen years. When such materials weren’t available on any particular topic, I’d go through hundreds of forum pages trawling for details on a specific topic, or spend hours fighting with an intricacy that everyone else considered obvious.

Today, I’d like to highlight one of the most complete introductions to hardware hacking I’ve seen so far – from overall principles to technical details, spanning all levels of complexity, uniting theory and practice. This is The Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. Across four hundred pages, you will find as complete of an introduction to subverting hardware as there is. None of the nuances are considered to be self-evident; instead, this book works to fill any gaps you might have, finding words to explain every relevant concept on levels from high to low.

Apart from the overall hardware hacking principles and examples, this book focuses on the areas of fault injection and power analysis – underappreciated areas of hardware security that you’d stand to learn, given that these two practices give you superpowers when it comes to taking control of hardware. It makes sense, since these areas are the focus of [Colin]’s and [Jasper]’s research, and they’re able to provide you something you wouldn’t learn elsewhere. You’d do well with a ChipWhisperer in hand if you wanted to repeat some of the things this book shows, but it’s not a requirement. For a start, the book’s theory of hardware hacking is something you would benefit from either way.

Giving You A Solid Framework…

Having a solid theoretical basis for hardware hacking helps a lot. Don’t get me wrong, you’ll do pretty well reading our articles and learning from examples of your fellow hackers’ work – but there are going to be structural gaps when it comes to how hacks relate to each other and what else is out there.

Traditionally, such gaps would be by universities and educational courses, taking a lot of information, structuring it and then gifting that structure for you to sort all further knowledge into. Sadly, we know that even if you can find a professor, it’s not a requirement that their lectures are engaging – or up to date with modern times. This book spends a hundred pages creating a structure for you, a categorized bookshelf to sort your books into. In order to have a complete picture of hardware and never run out of ways to approach it, it helps if you understand your device in the same way that a hardware security understand s it, and both of our authors worked tirelessly to convey their mental frameworks to you, with plentiful examples.

Whether it’s going through Intel CPU die shots and pointing out different areas, showing protocol signal traces to demystify what really happens with a signal, or explaining the potential hidden in different PCB features you might encounter on the board you’re tackling, you get a glimpse into an expert’s mind as you go through the examples they provide you with. It doesn’t shy away from topics like cryptography, either – something that a hacker might not know they could use, and might be compelled to treat as a black box. In fact, it’s arguably one of the most important topics such a book could go into – and go there, it does. Before you start RSA key extraction, they go through RSA calculations involved in cryptographic signatures – while some understanding of algebra is beneficial, it’s not required, and you can always supplement with something like the RSA calculator we covered recently.

…And Teaching You How To Apply It

Without a doubt, you’ll want examples, as that’s how we learn best. With these advanced techniques in hand, they take the Trezor One cryptowallet, a device sold online today, and bypass its security measures, extracting the private keys stored on the wallet. The focus on power analysis and glitching pays off handsomely here – in fact, almost literally. This demonstration is advanced and heavy enough that it deserves its own chapter, and even if you don’t follow the steps as you go through it, the attack ties the concepts you’ve seen together, helping you make the links between what you’ve read and what you will do when you need to extract secrets out of your own device.

The authors make sure to keep the theory firmly coupled to real-world hardware as the book progresses. As training grounds for the Trezor wallet foray, you’ll be taught you how to solder a FET to the underside of a Raspberry Pi 3B+ PCB in order to glitch the CPU power rail and try making the CPU skip instructions. This exercise assumes you have a ChipWhisperer, though just the Lite version will do, but if you want to get real results anyway without the precise timing that the ChipWhisperer brings, you can use an ATMega328P and a piezoelectric generator from a BBQ lighter – giving you insights without tying the book’s value to a piece of extra hardware.

Then, they go into power analysis – something that you can often do with an oscilloscope, and present you with the basics. It’s a chapter that I’m only going through myself still, with this book being as information-dense as it is. However, I have high hopes for it, as power analysis is simultaneously a relatively non-invasive way to extract information and also an attack vector that most of hardware out there in the wild is susceptible to, making this part of the book a priority of mine when facing a bit of free time in my schedule. In fact, about a third of this book is devoted to power analysis techniques, from simple to advanced, and goes through multiple test setups, with even an Arduino-based target to get your feet wet.

Of course, part of hardware hacker’s power is in the equipment, which is why it’s hard to write a book like that and not expect your reader to have a few specific tools. The authors are mindful of that, which is why there’s an entire chapter going into equipping your own lab – on budgets from high to very low. A lot of the tools, you’ll be able to makeshift or repurpose, or will be able to use thanks to a friendly nearby hackerspace. Of course, most of them, you’ll get by without in the beginning, but when you encounter a particular problem, it’s helpful to know that there’s a tool for your exact need.

Side Channel Attacks Will Only Get Better

Since this book’s release, we’ve seen Colin advance the frontier of side channel attacks once more. Just last year, he’s given a Remoticon talk about EM injection glitching, and provided us with an accessible method on doing that without any fancy hardware requirements. These side channel attacks are an advancing field that chips will remain vulnerable to in the foreseeable future, and this book will get you up to speed on applying these methods when unlocking your own

For newcomers, such a promising field of study is a great intro to getting hardware, as many other attack surfaces we’ve known for years are nowadays well-protected and often won’t work as well in the wild. For professionals, you’ll undoubtedly find a few blind spots in your knowledge that you’d do good eliminating. We don’t have technology for uploading information into our brain – yet; as it stands, books are the closest we can get to that, and The Hardware Hacking Handbook is a respectable attempt to teach you what hardware hackers like [Jasper] and [Colin] know.

36 thoughts on “Books You Should Read: The Hardware Hacker’s Handbook

    1. Sorry to be that guy, but if you really want to do electronics or almost any science-related stuff you will need to learn some english. Technical english is not the one from Shakespeare and stuff like this, it is actually not too hard to learn enough english to at least understand some things from datasheets and technical books. I couldn’t read any Shakespeare stuff, but for technical stuff my comprehension is fine. And if needed there is always an internet connection to some dictionary somewhere.

      1. Heh, and going the other way, a chemical engineer pretty much had to have some working German up until the late 1950s, as most of the major research and documentation tended to be German. There are still a few niches where it’s occasionally difficult to make progress on a project if you can’t piece together enough German to read the relevant papers. Many of the more arcane papers were never translated, especially ones that ended up superseded by improved methods.

        A few years ago, a relative had to dig into a few hundred pounds of dusty microfiche for details on optimizing a particular synthetic lubricant process, related to Fischer-Tropsch. It’s just barely unrelated enough to modern interests that nobody followed up on it in recent decades, so all the extant details are in German only. Apparently, after a few hours of skimming, any sudden exposure to English seemed quite brain-bending…

        It turned out to be moderately easy to informally learn enough technical German to get the task done. According to one of my relative’s coworkers, going the other way is much harder. English is much more adaptable and multi-paradigmatic, which makes for long-term evolutionary success. But in exchange, learning English requires internalizing the paradigms of several widely different language families, as modified by centuries of adaptation. This doesn’t make it impossible, or even all that hard. It does mean that it’s not as easily picked up in passing.

        I was peripherally involved in an ESL program for a few years (they kept frying classroom camera packs and we needed to make that stop happening), and discussion with their linguists and ESL teaching staff tended to support this hypothesis.

        1. “English is much more adaptable and multi-paradigmatic, which makes for long-term evolutionary success.”

          People and their consistent abuse of Darwin and evolutionary theory…

          English is not widespread because it is easy, adaptable, organic or any other thing people assign to it, which is incorrect.

          English is so widespread due to its colonial past, many countries having it as official language, being the business language (also due to old time colonial past and strong business connections).

          It is not because of the language itself. English is “easy” because people today are exposed to it everywhere all the time. German is simpler logically and from pronuciation much more logical.

          The major “disadvantage” of German are the longer words and terms, which at the same time is its advantage: you can guess the meaning of new unknown words quite often. It also leads to another mode of thinking and insights you don’t get in other languages.

          Take any reasonably complex phrase, and English isn’t as simple anymore, either.

          In general, being multilingual is an advantage, because of how it gives different perspectives, different inspirations, mindsets, and cultural background.

      2. German here.

        I’ve done this, starting with 16 when I bought my copy of Tanenbaum’s Operating Systems – Design and Implementation for a then horrid 129DM and 5 weeks of waiting in 1988.
        I only had post-it notes, and an native american electronics engineer who attended my dad’s BBQs and was kind enough to explain over and over again. Not only abrv. = abreviation, but also context and etymology, so that I could learn better.

        So, yes, it is a *lot* more easier today to access knowledge, but still today native speakers of the language often underestimate the steep learning curve if you not only have to grasp concepts and ideas of the problem domain, but stumble at the first few abbreviations or terms. “snubber” for example was in none of my printed paper dictionaries back then, when I stepped into electronics.

        As for the “just learn english, dude” subtext vibes, which I also received a lot during the years… well, wait another 10 years, and you’l be presented with 只学普通话,伙计… even if I will be 60 then, i will try, and hope that some chinese person explains patiently.

        1. And as much as English imposed itself for technical stuff I definitely had to use German for some devices as their documentation was better than their English one…
          One cannot do without English, but German is definitely useful too for some technical information…

        2. English definitely uses more specialized terms and less composed and less logical ones.
          It favors more colloquial and “cool” terms that require you to be in the know.

          Often German gives you a rough idea already, not just because of the composition principle, but because German itself tries to be clear.

    2. You could buy the kindle version and use the built-in dictionary to lookup words you don’t understand, that way you’re learning (more) English while reading the book.

    1. You know Amazon, right? BTW on .com it shows me -30% so it’s not that expensive, on my local Amazon it’s much more. :-/ I am not sure i will buy this, it sounds quite complicated and i already have too many books to read and stuff to try…

      1. Oh the book’s not complicated to read, in my experience – the story is coherent and flows well! Even if power glitching/analysis isn’t your cup of tea just yet, I’d recommend getting it purely for the “how everything works” introductory chapters alone, the background provided there is extensive and goes easily.

  1. If we’re going for a Hackaday reading list, I would like to nominate Nicholas Collins’ Handmade Electronic Music: The Art of Hardware Hacking. It has a lot of stuff that @Eliot Williams covered in the Logic Noise series and then some. The Radio Shack part lists may be obsolete, but the hacks/builds are not. Great intro to hardware and electronics from the musician’s perspective.

  2. At Black Hat right now. Pretty disappointed not to find this among the other No starch Press books in the bookstore. I suppose it is more of a DEFCON thing, but I was hopeful anyhow. I think I’ll have to get a copy when I get home.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.