{"guid":"8cd18c98-4e30-4f3c-ab82-90178e7076ad","title":"HAL - The Open-Source Hardware Analyzer","subtitle":"A dive into the foundations of hardware reverse engineering and our netlist analysis framework HAL","slug":"36c3-10879-hal_-_the_open-source_hardware_analyzer","link":"https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10879.html","description":"Since the Snowden revelations the fear of stealthy hardware manipulations is no longer regarded as far fetched.\nThis fear is also reflected in the massive discussions sparked by last year's Bloomberg allegations on a supposed hardware spy implant on Supermicro serverboards or the recent USA ban on Huawei telecommunication equipment.\n\nHardware reverse engineering (HRE) is a promising method to detect such manipulations or hidden backdoors.\nHowever, HRE is a highly complex and cumbersome task.\nIt takes months of work as well as expensive equipment to even obtain the netlist of a chip, the equivalent to the binary in software reverse engineering (SRE).\nIn contrast to SRE where various paid or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis were available - neither commercial, nor free.\nTo close this gap, researchers from the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework.\n\nIn this talk, we start with a basic introduction into the challenges of HRE.\nThen, we demonstrate the capabilities of HAL before giving a brief overview on our current research with HAL.\n\nHardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system.\nUse cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting.\nHowever, HRE is a notably complex and cumbersome task which consists of two phases:\nIn the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device.\nSuch a netlist is equivalent to the binary in software reverse engineering (SRE).\nIn the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality.\n\nHowever, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise.\nEven with a recovered netlist, understanding its functionality is an enormously challenging task.\nThis is partly due to the lack of proper tools for netlist analysis:\nWhile in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free.\nTo close this gap, researchers from the Embedded Security group of the Horst-Görtz Institute for IT-Security at the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework.\nInspired by the modularity of its SRE equivalents, HAL can be extended through optimized C++ plugins or directly used as a Python library, while at the same time offering a GUI for explorative and interactive analysis.\nThe project is supposed to give hardware analysts a common platform for the development of new algorithms with a portable design, ultimately aiding both professionals in their daily work as well as researchers in their efforts to publish reproducible results.\n\nIn this talk, we will first introduce the foundations and main challenges of HRE, before giving a live demonstration of HAL and some of its capabilities on selected case studies.\nWe conclude the talk with a glimpse at our associated research at the university that spans both, technical research as well as cross-disciplinary work with psychologists.\n\nOur talk requires only minimum prior knowledge on digital hardware.","original_language":"eng","persons":["Max Hoffmann"],"tags":["36c3","10879","2019","Hardware \u0026 Making","Main"],"view_count":1547,"promoted":false,"date":"2019-12-30T11:30:00.000+01:00","release_date":"2019-12-30T01:00:00.000+01:00","updated_at":"2026-03-31T14:30:07.475+02:00","length":3652,"duration":3652,"thumb_url":"https://static.media.ccc.de/media/congress/2019/10879-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2019/10879-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2019/10879-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2019/10879-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/36c3-10879-hal_-_the_open-source_hardware_analyzer","url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_title":"36C3: Resource Exhaustion","conference_url":"https://api.media.ccc.de/public/conferences/36c3","related":[],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2024-01-21T20:35:34.059+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/DRAFT_36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/47959","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":172,"length":3652,"mime_type":"video/mp4","language":"eng-deu","filename":"36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-12-30T22:38:02.742+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-sd/36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_sd.mp4","url":"https://api.media.ccc.de/public/recordings/44006","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":211,"length":3652,"mime_type":"video/webm","language":"eng-deu","filename":"36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-12-30T21:21:11.008+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/webm-sd/36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/43911","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":55,"length":3634,"mime_type":"audio/mpeg","language":"eng","filename":"36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-12-30T21:20:30.716+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/mp3/36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/43907","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":197,"length":3652,"mime_type":"video/mp4","language":"eng-deu","filename":"36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T21:20:04.320+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/slides-h264-hd/36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/43902","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":512,"length":3652,"mime_type":"video/webm","language":"eng-deu","filename":"36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T21:19:53.095+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/webm-hd/36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/43900","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":35,"length":3634,"mime_type":"audio/opus","language":"eng","filename":"36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-12-30T21:15:20.701+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/opus/36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer_opus.opus","url":"https://api.media.ccc.de/public/recordings/43895","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":367,"length":3652,"mime_type":"video/mp4","language":"eng-deu","filename":"36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T15:06:29.969+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10879-eng-deu-HAL_-_The_Open-Source_Hardware_Analyzer_hd.mp4","url":"https://api.media.ccc.de/public/recordings/43675","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":227,"length":3652,"mime_type":"video/mp4","language":"deu","filename":"36c3-10879-deu-HAL_-_The_Open-Source_Hardware_Analyzer.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T15:05:58.602+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10879-deu-HAL_-_The_Open-Source_Hardware_Analyzer.mp4","url":"https://api.media.ccc.de/public/recordings/43674","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":227,"length":3652,"mime_type":"video/mp4","language":"eng","filename":"36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T15:05:36.143+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10879-eng-HAL_-_The_Open-Source_Hardware_Analyzer.mp4","url":"https://api.media.ccc.de/public/recordings/43673","event_url":"https://api.media.ccc.de/public/events/8cd18c98-4e30-4f3c-ab82-90178e7076ad","conference_url":"https://api.media.ccc.de/public/conferences/36c3"}]}