So, you want to build a hardware product? Every so often, a device comes along that changes the way we live our daily lives and things are never the same again. With today's digital technology, such devices may come more frequently than in the past - personal gadgets you cannot live without. What’s inside? What makes it tick? How do you find out? In this sharing session, Mark will provide an introduction to hardware hacking and why it matters, going through some quick tips on getting cosy with hardware to find out what makes it tick. Mark (MK FX) is a founder of Bazinga! Pte Ltd, a technology development and prototyping company that builds gadgets from ideas. An engineer since birth, because if you can dream it, think it - you can build it.

1. HARDWARE
Mark Wong
10th October 2014
hacking101
www.omgbazinga.com

2. DISCLAIMER
While the following has been conscientiously researched.
Neither the organizers nor the author will accept any
liability if you render your device inoperable as a result of
these instructions. Proceed at your own risk. DO attempt
these experiments, tests, trials, or any activity in this
presentation at home, work, or anywhere else for that
matter. Have fun, gain more experience and knowledge,
be safe and use common sense!

3. WHAT WE DO

4. WHAT WE DO

5. HAQDLOFU-ALOIKFME

6. 233 MHz
Pentium
w/ MMX

11. So the learning journey begins…

12. 1997
Evolution of my Rigs
SMOOTHER
GAMES
1999
2002
2004
2006
2008
2009
2012
Coming
soon
2015
Pursuit of
No $?

13. How does hardware affect
me?
HARDWARE
ROCKS

15. iB Secure Device token
UNLOCKS YOUR
MONEH

16. Coin
Cell
Battery
Epoxied resin IC die “Chip-on-board”, ‘glob-top’
Button contacts
Infineon BC857BL3
PNP transistor
Assorted SMD
resistors
Test /
programming
pads
Manufacturer
information
silkscreen
32.768kHz Ceramic Crystal Oscillator
LCD junction pads

17. Technical Specifications
• Weight: 14 grams
• Dimensions: 9.8 x 25.9 x
62.7mm
• Display: 8-characters LCD
• Keypad: one-button
• Real-time clock to
provide time value to
DIGIPASS algorithm
• Supported crypto
algorithm: DES, 3DES and
AES, DIGIPASS time and
event based
• OATH event (HOTP) or
time (TOTP)
• Battery: non-replaceable,
lifetime expectancy 7
years
https://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx

18. What have we learnt?
OATH - Initiative for Open
AuTHentication
HOTP: An HMAC-Based One-Time
Password Algorithm (RFC 4226)
Supports: TOTP -Time-Based One-
Time Password Algorithm (RFC
6238)
Standards set by: Internet
Engineering Task Force (IETF)
Then HOTP(K,C) is mathematically defined by: HOTP(K,C) = Truncate(HMAC(K,C)) & 0x7FFFFFFF
K is a secret key, C is a counter key
For HOTP to be useful for an individual as a system input, result must be converted into a HOTP
value, (6–8 digits number) where HOTP-Value = HOTP(K,C) mod 10d, d is the desired number of digits
http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm
http://www.sourcemediaconferences.com/CTST09/PDF09/D/Tuesday/BajajSiddharth.pdf
http://www.globaleventspanama.com/clab2010/files/conf_donald_malloy.pdf

19. Somebody already hacked it!
https://http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank%27s-security-token/#.VCIywxbgzgU

20. https://www.youtube.com/watch?v=k87vSrfhof4

21. What can I do with what I’ve learnt?
The “stuff” Who makes it? How
did they do it?
Learn everything
about it, try it.
Learn about
cryptography
Learn about
low-cost
manufacturing
or electronic
packages
Make your own
crypto-key
generator
Be happy
having learnt
something

http://www.empf.org/empfasis/dec04/improve1204.htm
http://www.digikey.com/catalog/en/partgroup/avr-cryptocontroller/32031
http://www.maximintegrated.com/en/products/digital/microcontrollers/MAXQ1010.html

23. How do I
Start?

24. Tools of the trade
Screwdriver. Multi-meter. Pliers. Cutters.

25. What the heck hack is
inside
IT?

26. HOW DOES A CAR
WORK?
HOW DOES YOUR EZ-LINK
WORK?

27. If you don't know how things work,
how can you design interfaces with
dreams to change the
world?
How do you improve something if you
don't know how it works?

28. Build. Fail.
Rebuild.
Results.
Outcome.
Find out
How?
Why?
System
design /
Adoption
Hardware
Lifecycle
Summary
3-stage Block diagram

30. Teardowns!!!

32. BOM (Bill of Materials), Datasheets

34. https://www.ifixit.com/Teardown/iPhone+6+Teardown/29213
http://www.techinsights.com/teardown.com/apple-iphone-6/

36. • ultra-small (2mm x 2mm)
– WOW!
• Tri-axial
• Measurement of
accelerations in 3
perpendicular axes
• Senses tilt, motion, shock
and vibration
- Low power consumption
of 130 μA – NICE!

37. Don’t be
afraid to blow
things up

38. Online Resources
Complexity
& Ability
Time

39. 3-stage Block diagram
Controller /
Process /
Decision
Measurement
/ Input
Outcome

40. Input
•Keyboard
• Sensor
• Touch screen
Process
• Processor
•Microcontroller
• Signal
conditioning
•Analog-to-digital
Converter
•Application
software /
firmware
Output
• LEDs
• Screen
•Sound
Design your system

43. The good ‘Ol days

44. Today’s
Platforms

45. Apollo Guidance Computer (AGC), 1966
16-bit, 55Watts
<1MIPS, 4K RAM, 32K ROM, 8 GPIO
1.024 Mhz
31 kilograms
$15 Million
Arduino UNO platform, 2009
8-bit Atmel atmega ATmega328
20MIPS, 2K RAM, 32K ROM, 14 GPIO
16Mhz
27 grams
$20

46. Hardware platforms change
all the time. The key is
quick adoption.

47. Diodes
Boring.
Not Fun.
http://startingelectronics.com/beginners/components/LED/
http://dangerousprototypes.com/docs/Basic_Light_Emitting_Diode_guide

48. What does it
• ONE WAY VALVE
• PLUS (+) and
MINUS (-)
• Makes pretty
lights
do?

52. What are you
gonna make?

53. Iterative prototyping

54. Learning Curve
Complexity
& Ability
I kick-ass


Valley of despair – “who’s dumb idea is this”
Can’t live without!
Time
Increase in
skills
Associative
stage
Autonomous
stage
GOD-LIKE
Trial & Error
Cognitive stage ‘I suck’ threshold

56. Mark.wong@omgbazinga.com
@fusion2x
@fusion2x