This is a live demonstration of hacking into the processor embedded in an SD card, effectively turning the device into a potentially covert Raspberry Pi-class computer under your complete control. The ARM926EJ-S ARM processor made its appearance as the embedded CPU in Transcend’s WiFi-enabled SD cards, clocking in at an impressive 426 BogoMips – we can’t possibly leave that territory unexplored, can we? In this session we root the card’s own CPU, install a more featureful OS, and explore the system’s common and unusual capabilities (in hardware AES encryption and native support for Java bytecode among them). These provide plenty of building blocks for our projects. Clearly, complete control of such a hidden computer running with full network connectivity can be used in network penetration scenarios. We’ll discuss applicable security threat countermeasures. There is plenty of room at the bottom, and opening these computer-within-the computer configurations create interesting miniaturized automation scenarios alongside the obvious, more ominous security aspects. Use your newfound knowledge for good, with great power comes great responsibility!