How Hardware Gets Hacked: Breaking and Defending Embedded Systems is a two-day onsite training course with programming examples, taught by Nathan Jones. It is offered at the Gaylord Rockies from 09:00 to 17:00 Aurora time (MDT) on Saturday and Sunday, September 12th and 13th, 2026 (immediately before the conference). Lunch is included.
◈ Register Here ◈ See Other Offerings ◈
Course Description
Your firmware is probably easier to break than you think.
In the 2023 MITRE Embedded Capture-the-Flag (eCTF), teams were given a simple embedded “car and key fob” system and asked to secure it. Within hours, attackers were extracting secrets over debug interfaces, replaying unlock messages, exploiting timing leaks, overflowing buffers, and even glitching hardware to bypass security checks.
In this two-day hands-on workshop, participants will attack and defend a paired embedded system implemented in C++ based on that very competition. Using a host-based simulation of competition firmware, attendees will progressively exploit vulnerabilities including:
- Simulated secret extraction over JTAG/SWD
- Replay attacks and broken rolling-code implementations
- Message authentication failures
- Timing side channels in PIN validation
- Buffer overflows and memory corruption
- Simulated fault injection attacks that subvert control flow
For each exploit, participants will analyze why it works at the firmware level and then work with the provided firmware, attack scripts, and automated test harnesses to test and implement practical defenses. These may include secure key handling, message authentication codes (MACs), constant-time comparisons, hardened buffer management, and defensive design patterns resilient to fault attacks. No prior security experience is required, but attendees should be comfortable reading C++ code and using command-line tools.
Although the system models embedded hardware, the vulnerabilities are not unique to microcontrollers. The same assumptions about memory, timing, state validation, and trust boundaries appear in desktop, server, and high-performance C++ systems. Understanding how attackers reason about systems leads directly to writing safer code, no matter whether you’re building firmware, libraries, or high-performance infrastructure.
Prerequisites
This workshop is intended for C++ developers interested in embedded systems, firmware development, or low-level system security. No prior security experience is required. Participants should:
- Be comfortable reading and modifying C++ code
- Be comfortable using the command line
- Have basic familiarity with Python (scripts will be provided)
Be able to compile and run a C++ project locally All firmware, attack tooling, and automated test harnesses will be provided.
Course Topics
- Day 1 — Breaking the System
- Introduction: The MITRE eCTF Model
- Overview of the competition
- System architecture: car and key fob
- Threat model and attacker capabilities
- Lab environment setup
- Exercise: Build and deploy the baseline insecure firmware.
- Reconnaissance and Debug Interface Attacks
- Understanding microcontroller debug interfaces
- Firmware extraction concepts
- Inspecting memory to retrieve secrets
- Exercise: Extract and inspect memory to recover sensitive values.
- Defense: Disable debug access and enable readout protection.
- Replay Attacks and Rolling Codes
- Capturing and replaying unlock messages
- Why naïve rolling codes fail
- State synchronization pitfalls
- Exercise: Capture and replay a message to unlock the system.
- Defense: Implement a counter-based rolling code.
- Message Authentication Codes (MACs)
- Why counters are insufficient
- Adding integrity and authenticity
- Key management challenges
- Exercise: Implement a MAC-protected unlock protocol.
- Introduction: The MITRE eCTF Model
- Day 2 — Advanced Exploits and Hardening
- Timing Attacks
- Side-channel leakage in PIN/password checks
- Constant-time comparison pitfalls
- Exercise: Measure timing differences to recover a secret.
- Defense: Implement constant-time validation and mitigation strategies.
- Buffer Overflow Exploitation
- Embedded memory layout fundamentals
- Stack and buffer mismanagement
- Crashes vs. controlled behavior
- Exercise: Trigger a buffer overflow and analyze its effects.
- Defense: Add bounds checking and hardened parsing logic.
- Fault Injection and Glitching
- What voltage/clock glitching does
- How control flow can be subverted
- Defensive coding patterns against fault attacks
- Demonstration: Live glitch example or pre-captured traces.
- Exercise: Harden code against glitchable conditions.
- Secure Design Patterns and Takeaways
- Defense-in-depth in embedded systems
- Trust boundaries and state validation
- Lessons for general C++ systems
- Further reading and resources
- Timing Attacks
Course Instructor
Nathan Jones is an embedded systems engineer and educator focused on understanding how low-level systems behave — and how they fail. His work explores the boundary between hardware and firmware, including debugging, firmware development, and practical embedded security considerations. He is a frequent contributor to DigiKey and EmbeddedRelated, where he writes on topics including microcontroller architecture, debugging techniques, and practical embedded system design.
Nathan earned a Bachelor of Engineering from Harvey Mudd College in 2010 and a Master of Computer Engineering from North Carolina State University in 2020. He has taught digital logic, computer architecture, electrical engineering, and physics at the United States Military Academy at West Point, where he developed entire courses and delivered hands-on laboratory instruction for future Army officers.
Nathan has been invited to speak at the Embedded Online Conference, Hackaday Superconference, the Embedded Systems Summit, JawnCon, and Teardown. He lives in Tennessee with his wife, two children, and one black cat.