Davide Toldo, M.Sc.

Hardware Security & IoT / Researcher

Contact Information

Pankratiusstr. 2
64289 Darmstadt
S2|20
dtoldo@seemoo.tu-darmstadt.de

Biography

Doctoral candidate at the Secure Mobile Networking Lab since 2023.
M.Sc. in IT Security from the Technical University of Darmstadt, Germany, in 2023.
Focus on low-level security topics, ranging from *OS drivers & internals, to software-level fault injection countermeasures and hardware-level attacks, as well as custom open-source hardware security research tooling.

Teaching

Hardware Hacking hands-on Training (summer semester).
Hardware-based seminar topics in our (Advanced) Seminar on Networking, Security, Mobility, and Wireless Communications.
Hardware-based lab topics in our Secure Mobile Networking Lab/Project.

Conference Talks

Offered Theses Topics

Type

Year

No results match your search criteria.

2023 Completed (November 2024)

FIZZLE: Fuzzing-based parameter search for offensive fault injection

Supervisor: Davide Toldo

Fault Injection is heavily being used in recent research to manipulate IoT and small consumer devices to access otherwise impossible features or areas. Finding possible vulnerabilities is usually the objective of a trial-and-error fault campaign. With Fizzle, we aim to provide a tool for finding the parameters of possible fault injection attacks to reach a specific target instruction by combining a fuzzer with QEMU for the emulation of Fault Injection attacks for the first time. Additionally, we discuss essential problem statements for building search strategies for fault injection attacks with a fuzzer and extend QEMU to correctly emulate such attacks.

2023 Completed (August 2024)

Decapsulation of integrated circuits using low-cost laser engravers

Supervisor: Davide Toldo

Access to the internal structure of integrated circuits through the use of decapsulation ("decapping") greatly expands a hardware attacker’s capabilities. Existing research mainly focuses on decapsulation for fault analysis during manufacturing using expensive lab-grade equipment. However, decapsulation can be achieved using low-cost consumer-grade laser engravers, making it accessible for security research. In this work, we develop the hardware and software needed to convert a laser engraver to a laser-decapper capable of capturing high-resolution and high-magnification images to guide the process and document the end result. We describe experiments on integrated circuits and show that they can be decapsulated successfully using our setup. Additionally, our results provide the basis for further research on ensuring that integrated circuits remain functional after decapsulation, in order to perform hardware security research such as laser fault injection and electromagnetic side-channel attacks.

2023 Available from: June 2025

Assorted Hardware Security Topics

Supervisor: Davide Toldo

I offer supervision mostly of hardware-based offensive security topics. Assist me and my team in getting access to the firmware of embedded systems, bypass security mechanisms and reverse engineer cutting-edge devices. Topics (can) involve building custom hardware (target boards, tools, experimental setups), reverse engineering firmware and more. Contact me if this sounds interesting to you. Experience with hardware (electronics, microcontrollers, circuit boards) is recommended.

Publications

Type

Year

Show awards only

No results match your search criteria.

2020 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

Attaching InternalBlue to the proprietary macOS IOBluetooth framework

Davide Toldo Jiska Classen Matthias Hollick

BibTeX DOI: 10.1145/3395351.3401697

Abstract

In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation framework.