Review: The Bus Pirate

We have been playing with the Bus Pirate for a while now in the lab. And, while overall, we love the tool and the functionality it brings, there is one thing we hate about it too. We love the open source architecture and just the fact that it exists, in general. It is quite a useful tool for exploring electronic systems and dumping data from embedded devices.

The tutorials and documentation around the web make it a widely useable device. You can find detailed configuration data and connection scenarios in the forums for the product and in the general documentation as well. We recently spent a good deal of time playing with the Pirate and connecting it up to known and unknown equipment. The wide variety of modes took a lot of the complication out of the manual work that used to be required before the Pirate became available.

There is really only ONE thing NOT to like about the Bus Pirate. That specific thing is the flashing process to upgrade or downgrade the firmware. It requires physically manipulating the device pins with jumper wire and running an application to specifically install the version you desire. Given how easy using the device is normally, we hope to see this mature into something more along the lines of the update process for a router or the like. The main gripe about the current process is the time it takes to do the upgrade/downgrade. In a classroom environment, it takes quite a bit of time to make these changes, though among our team there is currently a discussion about the inherent value of the lessons learned from doing it. 

Overall, even with the tedium of the upgrade process in mind, the Bus Pirate is a wonder. Dangerous Prototypes have pulled off an amazing feat to bring this thing to life. It makes hardware hacking so much easier than the “bad old days” and gives more people more access to the circuitry level for hacking. It makes grabbing data from chips and systems significantly easier. At the same time, it means that vendors of products that need to protect data against attacks at this level have to get better too. More eyes and more brains focusing on this level, means the race is on at a heated pace…

Hardware Security Testing Presentation & MP3 Available

The pdf of the slides and the audio from yesterday’s presentation on Hardware Security Testing is now available.

You can get the files from this page on the main MicroSolved site.

Thanks to the many who attended and who sent me the great feedback this morning. I am really glad everyone liked the content so much!

Check out the next virtual event scheduled for March 25th at 4 PM Eastern. The topic will be 3 Application Security “Must-Do’s”.

Here is the abstract:

This presentation will cover three specific examples of application security best practices. Developers, security team members and technical management will discover how these three key processes will help them mitigate, manage and eliminate risks at the application layer. The presenter will cover the importance of application security, detail the three key components to success and provide strategic insight into how organizations can maximize their application security while minimizing the resources required.

We look forward to your attendance. Email to sign up!