Don A. Bailey (Security Consultant, iSEC Partners)

Presentation Title GoodFUN: Integrating Hardware Protocol Scanning Support in GoodFET
Presentation Abstract

The GoodFET, designed by Travis Goodspeed, is an open source JTAG adapter. Its primary job is to act as a programmer or debugger for embedded systems. It can also be used to attack embedded systems using several techniques, such as voltage glitching, to acquire application code from a secured chip. However, an attacker doesn’t always know which pins or test pads on a PCB correspond to JTAG and other protocols, such as USART or SPI.

This is where GoodFUN comes in. GoodFUN is based on an Atmel microcontroller application designed by Don A. Bailey that scans a dynamically configurable set of pins for potential JTAG. The application is highly configurable. Additionally, GoodFUN is useful in detecting pins capable of other protocols, such as USART or SPI, that may negate the ability to automatically scan for JTAG.

The GoodFUN presentation will describe the challenges faced in designing this application and the solutions. An Open Hardware implementation will be released so users can create their own GoodFET/GoodFUN solution without the typically requisite PCB. The GoodFUN source code will be released to the public to encourage other researchers and hobbyists to learn more about hardware hacking and security.
About Don Bailey

Don A. Bailey is a Security Consultant with iSEC Partners, Inc. Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software.

While Don’s primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences.

For the past six years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, DECT, GSM, and embedded security. Most recently, Don spoke at Blackhat Barcelona 2011 and SyScan Singapore 2011 regarding vulnerabilities in embedded architectures and issues in the global telephone network.