• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • June
  • 29
  • HAL – The Hardware Analyzer

HAL – The Hardware Analyzer

June 29, 2019 Comments Off on HAL – The Hardware Analyzer
hal analyzer hardware analyzer

HAL is a comprehensive reverse engineering and manipulation framework for gate-level netlists focusing on efficiency, extendability and portability. HAL comes with a fully-fledged plugin system, allowing to introduce arbitrary functionalities to the core.

Apart from multiple research projects, HAL is also used in our university lecture Introduction to Hardware Reverse Engineering.

 

Features

  • Natural directed graph representation of netlist elements and their connections
  • Support for custom gate libraries
  • High performance thanks to optimized C++ core
  • Modularity: write your own C++ Plugins for efficient netlist analysis and manipulation (e.g. via graph algorithms)
  • A feature-rich GUI allowing for visual netlist inspection and interactive analysis
  • An integrated Python shell to exploratively interact with netlist elements and to interface plugins from the GUI
  • Update v1.1.0 Support for Xilinx Unisim, Xilinx Simprim, Synopsys 90nm, GSCLIB 3.0 and UMC 0.18µm libraries is now added

API Documentation

The C++ documentation is available here. The Python documentation can be found here.

Salamandra – Spy Microphone Detection Tool 

Quick Start

Install or build HAL and start the GUI via hal -g. You can list all available options via hal [--help|-h]. We included some example netlists in examples together with the implementation of the respective example gate library in plugins/example_gate_library. For instructions to create your own gate library and other useful tutorials, take a look at the wiki.

Load a library from the examples directory and start exploring the graphical representation. Use the integrated Python shell or the Python script window to interact. Both feature (limited) autocomplete functionality.

Let’s list all lookup tables and print their Boolean functions:

from hal_plugins import libquine_mccluskey

qm_plugin = libquine_mccluskey.quine_mccluskey()

for gate in netlist.get_gates():
    if "LUT" in gate.type:
        print(gate.name + " (id "+str(gate.id) + ", type " + gate.type + ")")
        print("  " + str(len(gate.input_pin_types)) + "-to-" + str(len(gate.output_pin_types)) + " LUT")
        boolean_functions = qm_plugin.get_boolean_function_str(gate, False)
        for pin in boolean_functions:
            print("  " + pin + ": "+boolean_functions[pin])
        print("")

For the example netlist fsm.vhd this prints:

FSM_sequential_STATE_REG_1_i_2_inst (id 5, type LUT6)
  6-to-1 LUT
  O: (~I0 I1 ~I2 I3 I4 ~I5) + (I0 ~I2 I3 I4 I5)

FSM_sequential_STATE_REG_0_i_2_inst (id 3, type LUT6)
  6-to-1 LUT
  O: (I2 I3 I4 ~I5) + (I1 I2) + (I0 I1) + (I1 ~I3) + (I1 ~I4) + (I1 ~I5)

FSM_sequential_STATE_REG_0_i_3_inst (id 4, type LUT6)
  6-to-1 LUT
  O: (~I1 ~I2 I3 ~I4 I5) + (I0 I5) + (I0 I4) + (I0 I3) + (I0 I1) + (I0 ~I2)

OUTPUT_BUF_0_inst_i_1_inst (id 18, type LUT1)
  1-to-1 LUT
  O: (~I0)

OUTPUT_BUF_1_inst_i_1_inst (id 20, type LUT2)
  2-to-1 LUT
  O: (~I0 I1) + (I0 ~I1)

FSM_sequential_STATE_REG_1_i_3_inst (id 6, type LUT6)
  6-to-1 LUT
  O: (I0 I2 I4) + (~I1 I2 I4) + (I0 ~I3 I4) + (~I1 ~I3 I4) + (I0 I4 ~I5) + (~I1 I4 ~I5) + (I2 I5) + (I2 I3) + (I1 I5) + (I1 I3) + (I0 I1) + (~I0 I5) + (~I0 I3) + (~I0 ~I1) + (I1 ~I2) + (~I0 ~I2) + (~I3 I5) + (~I2 ~I3) + (~I4 I5) + (I3 ~I4) + (I1 ~I4)

Citation

If you use HAL in an academic context, please cite the framework using the reference below:

@misc{hal,
    author = {{EmSec Chair for Embedded Security}},
    publisher = {{Ruhr University Bochum}},
    title = {{HAL - The Hardware Analyzer}},
    year = {2019},
    howpublished = {\url{https://github.com/emsec/hal}},
}

Feel free to also include the original paper

@article{2018:Fyrbiak:HAL,
      author    = {Marc Fyrbiak and
                   Sebastian Wallat and
                   Pawel Swierczynski and
                   Max Hoffmann and
                   Sebastian Hoppach and
                   Matthias Wilhelm and
                   Tobias Weidlich and
                   Russell Tessier and
                   Christof Paar},
  title     	= {{HAL-} The Missing Piece of the Puzzle for Hardware Reverse Engineering,
               	  Trojan Detection and Insertion},
  journal	= {IEEE Transactions on Dependable and Secure Computing},
  year		= {2018},
  publisher	= {IEEE},
  howpublished 	= {\url{https://github.com/emsec/hal}}
}

Install Instructions

Ubuntu

HAL releases are available via it’s own ppa. You can find it here: ppa:sebastian-wallat/hal

macOS

Use the following commands to install hal via homebrew.

brew tap emsec/hal
brew install hal

Build Instructions

Run the following commands to download and install HAL.

  1. git clone https://github.com/emsec/hal.git && cd hal
  2. To install all neccessary dependencies execute ./install_dependencies.sh
  3. mkdir build && cd build
  4. cmake ..
  5. make

Optionally you can install HAL:

make install

Build on macOS

Please make sure to use a compiler that supports OpenMP. You can install one from e.g. Homebrew via: brew install llvm.

To let cmake know of the custom compiler use following command.

cmake .. -DCMAKE_C_COMPILER=/usr/local/opt/llvm/bin/clang -DCMAKE_CXX_COMPILER=/usr/local/opt/llvm/bin/clang++

Run static checks and clang format locally

To install clang-format hook install git-hooks and run:

git hooks --install

Start Docker build via: docker-compose run --rm hal-build

Generate Changelog

git log $(git describe --tags --abbrev=0)..HEAD --pretty=format:"%s" --no-merges

 

HAL Hardware Analyzer Screenshot

 

d

Post navigation

What is CTF and how to get Started – Complete Guide for Beginners to Advanced
MIG – Real-time Incident Response and Investigation Platform

Related Articles

PRET – Hacking Printer Command Languages

- Exploitation, Hardware & Embedded
May 8, 2019July 27, 2019

Bash Bunny – Multi-Functional USB Attack Device

- Hardware & Embedded
April 24, 2019

Killcast – Manipulate Chromecast Devices in your Network

- Hack Tools, Hardware & Embedded
January 16, 2019July 27, 2019
hacker gadgets
hacker phone covers

Recent Posts

Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. (4)

Mimicry – Security Tool For Active Deception In Exploitation And Post-Exploitation

March 24, 2023
CVE-2023-28445: Critical security vulnerability in the popular runtime, Deno

CVE-2023-28445: Critical security vulnerability in the popular runtime, Deno

March 24, 2023
CVE-2023-28432: High severity security vulnerability in MinIO

CVE-2023-28432: High severity security vulnerability in MinIO

March 24, 2023
CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

March 23, 2023
APCLdr - Payload Loader With Evasion Features

APCLdr – Payload Loader With Evasion Features

March 23, 2023
Reverseip_Py - Domain Parser For IPAddress.com Reverse IP Lookup

Reverseip_Py – Domain Parser For IPAddress.com Reverse IP Lookup

March 23, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW