Attacking and Securing OT/IOT Applications in FreeRTOS

4 DAY U_LONG 32 CPE HOUR TRAINING: FEBRUARY 2022 * WEEK 1: FEB 14-18
Dr. Andrew Blyth and Campbell Murray
Dr. Andrew Blyth and Campbell Murray

Abstract

This training is geared towards people wanting to develop and deploy real-time applications on a real time operating system (RTOS). While there are many RTOS on this course we will focus upon the FreeRTOS embedded operating system. We will learn how FreeRTOS functions and how we can develop and debug real-world applications. This training will make use of a standard ARM based development board to give the attendee real-world development, debugging and attacking experience. The course will start by developing the fundamental principles required to understand what an RTOS application is, and how it can be developed and debugged. We will then explore the low level knowledge required to extract and attack an RTOS Application on the ARM Core running FreeRTOS.

To allow the attendees to get the most out of the course we will show how emulation can be used to aid-in, and enhance, the testing process.

THIS HANDS-ON TRAINING REQUIRES ADDITIONAL HARDWARE. WE INTEND TO EMPOWER YOU NOT JUST WITH THE KNOW-HOW, BUT ALSO WITH PROPERLY VETTED TOOLS FOR CONTINUED RESEARCH AND ANALYSIS.
PLEASE REFER TO THE SHOPPING LIST AT THE BOTTOM FOR DETAILS.

Learning Objectives

  • Develop an understanding of the FreeRTOS architecture
  • To understand the ARM Core Architecture
  • To gain and demonstrate the ability to develop applications within FreeRTOS
  • To be able to just the JTAG interface for FreeRTOS software debugging

Agenda

Session 0:

  • Introduction to OT/IOT and the application domains for FreeRTOS
  • Software development models/methods for real-time applications
  • The FreeRTOS development tool chain for an ARM Core
  • A quick introduction to programming in C
  • Exercise #0: Installing and Testing the GCC Tool Chain
  • The FreeRTOS Architecture
  • The ARM Core Architecture
  • Emulation of ARM Core and FreeRTOS
  • Interrupt Handling in FreeRTOS
  • Exercise #1: Test communications with Development Board and the GCC Tool Chain for FreeRTOS
  • Q&A / Wrap-up Session 0

Session 1:

  • Task Management within FreeRTOS and Direct Task Communication
  • Task Scheduling, Context Switching and Multi-Tasking
  • Queues, Mutexes and Semaphores for Interface Task Communication
  • Exercise #2: Getting Tasks to communicate with each other and debugging communication task
  • Exercise #3: Using Inter-Task Communication using Mutexes and Semaphores
  • Memory Management and Memory Protection
  • The STACK and the HEAP
  • Exercise #4: Using Memory Management constructs
  • Exercise #5: Identifying and Exploiting Stack and Heap Vulnerabilities in RTOS
  • Q&A / Wrap-up Session 1

Session 2:

  • JTAG and Debugging a FreeRTOS application with JTAG and GDB
  • Exercise #6: Debugging a RTOS application using JTAG and GDB
  • Exercise #7: Using JTAG to dump the firmware
  • Reverse Engineering the RTOS firmware/application using static and dynamic techniques
  • Decompiling applications
  • Exercises #8: Reverse Engineering a RTOS application and identify vulnerabilities
  • Q&A / Wrap-up Session 2

Session 3:

  • Communicating with the Outside World (GPIO, Ethernet, etc)
  • FreeRTOS and the Cloud (AWS)
  • Exercises #9:
  • Bring it all together and building an Application
  • Source Code Reviews and Security Auditing
  • Exercise #10:
  • Q&A / Wrap-up Session 3

Who should take this course?

  • People working in development teams for a Real Time Operating System Applications (OT/IOT)
  • People managing development teams for a Real Time Operating System Applications

Required Skills

  • Written/Read code on at least one high level language (Programmed in C is a plus).
  • Have used a debugger before. (GDB knowledge is a plus).
  • A limited understanding of Unix/Linux.
  • SKILL LEVEL: INTERMEDIATE

System Requirements

  • A computer capable of running VMware/VirtualBox with Ethernet, 40G disk space, 8GB of RAM
  • A decent Internet connection in order to access exercises and material

Shopping List

Here are the tools that you need, and sources from where you can purchase them.

Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated