DEFCON 19: Battery Firmware Hacking

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right so if you can tell if you follow me on Twitter I have a terrible cold I've had awful DEF CON been sick the whole time I didn't get to play soccer I haven't you know I've been sober for 72 hours and I can barely talk so I'm gonna do my best and you know bear with me but I do have a back-up plan so here's my backup plan let me see here if I start to phase out here you'll be here this my battery I can't talk is that good should I do that instead all right I'll try it if I get too nasally I'm gonna go back to the computer so so hopefully that what happened okay so Who am I and sorry about the screen I guess they had to move it up so so people in the front could see so I used to work at the NSA for five years doing secret stuff and then when the iPhone came on I hacked it and when the Android phone came out did you want fun to hack that one pwned on last four years I've been sporting the stylist jacket so if you see a guy you know wearing a white jacket for some reason that's probably me so the ever even one who won this year got the jacket for some reason the woman who wears it written a couple of books and that sort of stuff and then the most important thing is there's an info sock comic that has my name in it so I feel pretty cool about that although I don't I don't understand this particular comic but maybe that's because it's about me okay so why am i why am I here why did I decide to do battery firmware hacking so last year I came to to black hat and DEF CON and I saw barmy Jax talk and I would thought it was really awesome so I was like this is cool that you know it's easy to explain it someone you walk up to an ATM and it gives you money right this is this is what it's all about it's not like hey I can make calculator pop up on your computer like it's just not impressive and you know that's what I usually do and I actually do less impressive stuff than that it's like I can make this bit change or something right so so then I was like I need to do something cool like barnaby so I came across this YouTube video of this computer like catching on fire and like the flames just going feet high I was like I want to do that so so I set out like in September last year like right after blackhat I was like I'm gonna see if someone remotely could blow up my computer and you're going to find out I actually didn't do that but I made a lot of progress and so it's sort of interesting anyway and maybe someone who's a little smart and me can actually finish it up for me and now so I'm kind of a chicken so you'll see that you see about that too okay so this is the spoiler side you know despite what you might have read in the paper I actually didn't blow up anything mostly well you'll see there's a lot of layers and security I totally bust one of them and and then I got kind of scared so there's there's like all these parameters you can switch then you got charged it and discharging it and maybe overnight and I work on my home and you know so anyway it's kind of a but you'll see that it's kind of cool so what's to talk about so mostly I'll start with a little sort of intro on how batteries work and that sort of thing and then I'm going to basically tell you the story of like seven months of my life looking into this and you know it's it's mostly a story about a guy who's good at software hacking who tried to do hardware hacking so the good thing about that is you know probably not you guys who were in hardware hacking village which I should actually go to and hang out but the guys who do software you'll probably learned some stuff hopefully about how to do hardware because that's what I had to learn and then then I'll talk about like you know the silhouette question since I didn't blow up some something what did I do and what could I do alright so so when I started this whole thing I didn't know anything about batteries or you know chargers or really anything about hardware so I'm giving you a little bit of a spoiler here because just to sort of make sense of what I'm going but I didn't know this when I started so there's this document called the smart battery specification and what it does is it outlines exactly how batteries and chargers and computers are supposed to communicate with each other and so this is this sort of justifies you know what I went after so it says you know safety is a primary concern it's great the primary concept is that the primary intelligence is supposed to be in the battery itself so you know the computer smart it doesn't have to be the charger doesn't have to be smart it's supposed to be smart and this whole thing is the battery so the brains are still seeing the battery and the reason is because when the the battery knows the most about the battery so it knows how much charge it's got and it knows how much you know how much it's got stored in it and knows what its temperature is it knows what kind of chemistry it has so the battery is supposed to have to be the brains of the operation and everything else is supposed to rely on that and so that's why I attack the brains so I'm going to go after the little the little chip on the battery okay so what so what are smart batteries right I just thought these were like dira cells well they're the Douro cells with a chip so are actually more than one chip you'll see so there's just a you know there's chemistry cells and then there are some some chips and this main job is to make sure that it's it gets charged and it doesn't blow up and if you if you have a macbook like me and you hit you know the more information about your system you end up with a screen that looks like that if you can read it and on this one on when I started it didn't say let's but on this one actually if you look it says device named BQ 24:51 that's the model the chip from from Texas Instruments is on this battery but anyway this if this information is obtained from the battery by the average system asking the battery the battery telling it alright so like you know what could go wrong with a battery right so you could you can make their battery network anymore and this is super easy I do it all the time never on purpose though and then you could reprogram it to you know why and this is what I do maybe this would allow what the engineers called thermal runaway and I call like explosions but I didn't do it so I can't say and then the other thing is you can imagine like just talking to you have the battery talking nonstop to the to the you know OS like you know Dan Kaminsky DEFCON talk and then eventually the OS is going to get bogged down dang everyone loves Dan Kaminsky at blackhat that would have nailed it okay so and then you can imagine it also if there was a bug in the kernel it could actually attack the kernel from the battery and you figure like you know Apple can barely write secure software when they know someone's going to attack them but when they're like you know reading values from a battery they really probably didn't pay attention and then you're also on the same bus as like a TPM chip or the bio so you could sniff all sorts of other interesting things that you wouldn't normally have access to because you're at this other spot and hardware these are things that you might be able to do with this okay so you know the story was again you know after blackhat i sat around you know mopey trying to think of something interesting to do and eventually I was like yeah let's see if I can blow up a computer so I was like well you know I wish I knew something about hardware so I know I have a computer to have a battery what else well let's just use Google that's what a lot of this talk is I don't know what I'm doing site Google stuff so I so in this case like Google MacBook battery firmware all right that seems like a reasonable thing to start and sure enough the very first hit is about a firmware upgrade that day that Apple put out in 2009 and I was like sweet its software I can look at this I understand this so I downloaded it checked it out reverse engineered it and I found out a few things so one thing is and you know the computer is trying to talk to the battery and it just wraps this function IO Connect method structure is structure 0 function over and over and over it just keeps call on this it turns out this is a function that you use and OS X to talk to kernel drivers like texts so so this is the way you do it and the particular driver they're talking to is called Apple smart battery manager so the you know that your user land program it has to have root privileges is but it doesn't have to like have you know wires plug Hardware anything it can it can talk to the battery by you calling this this method so then you know I was like ok cool so I noticed that there's this sort of associated source code bundle on the Apple website called Apple smart battery action is called power management package you download it it has like some cool source in it but it doesn't build like they don't they give you enough just to like say that's open source but not enough to actually use it so but the cool thing is it has a bunch of header files and you can start to read some interesting stuff about like some of the commands that that this firmware upgrade is doing so what's the firmware upgrade ooh well based on that header file I can see it does things like it looks at the device name and compares it to a list of things to see whether it this is something it should be upgrading looks at the firmware version looks at the packet code again making sure it's something you know the right one to upgrade and then some things that it's not and the header files I don't know what those things are and then I came across this and I was like that's weird it doesn't look like the rest of the program instead of just calling that function over and over it's got these like weird numbers like 4 1 4 & 3 6 7 2 like these stick out to me yeah like I wonder what that is so I was like well you know I don't know I'll Google so you google that number and the very first thing is it's like the default is 3 6 7 2 0 4 1 4 and it's like this is entered by sending the data for one for to address 0 and it's like look back in here look that's what it's doing and then I was like and then immediately after sending 3 670 that's exactly what it's doing so what does it mean then you can look down a little bit and it's like the default code is set to unsealed to full and it's like talking about like you know all sorts of stuff and so you Google a little bit more and I come across this document from Texas Instruments that talks about you know the unsealed key is this magical number I see I was like oh okay it's like you know I'm stealing the battery and then there's like oh look there's this other thing called full access key that sounds even more important and it's it's ffffff I was like well let me try that hey it worked so so this is basically the whole talk is this slide is you know you know they use this chip and you can download the spec and they didn't change the passwords on it so it allows it allows you to and this is on every Apple laptop I've ever seen and I have a bunch of them and apparently there's a bunch of other computers that use the same chip but I don't know if they've actually changed the password so I mean like the chips okay it's just Apple is stupid to change passwords so anyway so now I was like sort of in business because hey I know kind of I know it comes from Texas Instruments because that's where I got the doc from I know apples done but I already kind of knew that and then uh that's that's where I'm at right now so I'm feeling pretty good but I still don't know exactly what chip I just know it came from Texas Instruments so I had to figure out what that was and you should know by now that like you know I could have just like open the battery looked at the chip but I'm totally scared to touch stuff so I'm still wanted to find a software way to do it and so I did was there's a way you could query the battery for particular types of data with these different what they call subclass IDs and so I just did that I said okay give me your data for psych class ID 0 1 2 3 4 and would give me a certain amount data for each one and all the Texas Instruments chips they have documentation on what that's supposed to return and each one returns something a little bit different and so I just you know saw what mine was and I've looked at every single doc to see which one had sort of the same kind of in return the right amount of data and I find that what chip it was by doing that it's a Texas right here I won't give away the store yet so anyway this is what my return 0 was 22 bytes so you can see like what kind of stuff this is this is the kind of stuff like you're messing with now that you probably shouldn't be so it says like first level safety is subclass ID 0 so returns 22 bytes so I'm class ID one is personal safety current the other one was was voltage and then keep going then you got like second-level safety then you know single safety current setting a little safety bolt and so on and it turns out it matches exactly this Texas system is chip called ti BQ 2080 and it's all the MacBook and MacBook Airs MacBook Pros and all these have some sort of chip really close to this not they're not all necessarily the 20/80 but all the stuff I'm talking about all works on all all of them ok so that was my like totally weenie way to figure out what it was and then eventually my guy he was like well I should at least get my hands a little bit dirty so I took a battery and I ripped it apart and so if you take a battery out of your computer it looks like this and there's these little screws so you unscrew it and then you just like rip off the plastic part and this is what you see on the inside so you got six lithium polymer cells and then on the end I go over here it's like we're all the electronic stuff is so then you rip that off and it's like whoa there's a lights on and I'm touching it it's like for a software got really just creepy so there's like chips and stuff then you can open it up even more then you can start to read the labels on the chips so there's one that's called BQ 2 9 3 1 2 you can download information about that but its job is basically it does safety stuff and then so you know let's this talk you know there was in the newspaper and all that stuff and Travis good speakers like it's a little hardware nut just because he's curious he takes one of his batteries and he you know rips apart the the chips he puts an acid bath and x-rays and this is this is some pictures he did just because he's he's super curious guys this is what the chip looks like under x-ray and then on the other side of that board you got the BQ 2080 which is the brains of the operation and then this other chip 29 for 1/2 which is another one of these chips that does safety checks so and then here is the beefy 2080 thanks to Travis for these pictures pretty cool so anyway uh so the BQ 20 is the main brains that's the chip you can talk to through that driver the other two chips you can't talk to directly they're in charge of some safety stuff but what you can do is you can set the parameters in the 20s dat and it will push out those parameters to the other chips you can configure those other chips you just can't talk to them directly but that's all you really need so like you can say oh yeah you're in charge of the second level safety suite yeah yeah don't go off until you're at like you know 5 million degrees and then then everything's bad but until that's cool so so you can still mess with those those other chips up so I skip this slide so this is so again like it took me that long to figure out we'll catch it was actually if I would have pay attention the actual header file they tell me exactly what it was yeah well that's why you know that's why we do it and that's why it took me seven months instead of my normal project which is like two weeks all right so so where am I at now so I know you know I actually took it apart so I know what kind of hardware it is I can download information about it I know sort I can see how that this firmware updater talks to it so I can you know probably figure out how to talk to it but I don't really know like what what kind of things to say to it so back to this document the smart battery specification it describes exactly how this sort of communication works so there's three components there's the battery which is in the middle and that's what we've talked about so far there's the charger which is this thing that that you know decides somehow how much charge to deliver to the battery or not to charge it and and then there's the host which is like the computer right the thing that needs to get power so uh basically this is the way they can commute they can communicate it's on this bus the SN bus and that's some bus is based on ITC which Steven Ridley gave this like really cool talked about there's lots of things in the electrics were based on ITC anyway uh so they talk to each other and it's sort of complicated but but I I wrote this API that makes it easy to talk to the battery so and I released it you can download it and play with your battery but just be careful that you don't break it alright at least don't blame me you can break it if you want so anyway so you can do things now like read a word like read the serial number from the thing you can unseal it if you know the password which we do you can write a word so you can change what the manufacturer date was you can change the device name which is I'm doing here then you can read data flash which is like all that that stuff I was talking about about getting the ID and stuff so here I'm reading some data flash 50 whatever 57 was I don't know which one does the time I had then you can get full access which I'll talk about a minute which is like the it's the equivalent of like you know route or whatever on the battery and then you can seal things back up when you're done okay so so what kind of things can you can you know a computer or can we say to the battery so that there's this document that says exactly what to do so there's these things called standard commands which is the first column you can do things like ask it was temperature as well as voltages how much charge it wants stuff like that and then there's in the next time extended commands so these are things like a little more complicated czar the things you need more privileges to do Slyke you can set passwords you can control the FETs which is the little thing that that decide you know that the physically closes to make electricity run into the battery and then you know keys and all that kind of stuff then there's this data flash this is all just like data like that you can configure the device with so there's lots of like interesting things you could imagine playing with right so you can you know change the chemistry you can change the you know all these thresholds were like bad things are supposed to be happening and so I did that right you know the first thing I do is like you know how about over voltage protection let's change that but what happens is the battery still just you know it gets its charge and it knows when it's done and it stops I'm so just changing those thresholds those are like safety features when things go wrong but if you don't make things go wrong somehow then then you don't need those thresholds or not ever they're not ever hit so you have to do something more so so you know what we talked about how we can unseal it and then we can get full access but there's there's other modes or even more powerful so there's like bootrom mode which I'll talk about in a second and that gives you like very low level access like you're sitting near the TI guy sitting in the factory so these are all the different modes that you can put the battery in so steel that's how it supposed to ship from them from the factory let me see if I have slides yeah I'll just go in so I can remember because so the problem with this talk is it was a blackout it was 75 minutes and now it's 50 minutes and I can't remember for sure what I cut so bear with me I guess so sealed I guess I thought this was really important I didn't cut it so it comes from the factory you're not supposed to mess with it this is how your batteries are supposed to behave you can't change anything you can't configure it you can't do anything so you can only do the standard commands which was that first column and even there you can only read them you can't write to those so you can't set anything if you unseal it which is what the firmware upgrade did so in a sense it wasn't bad that they use the default unsealed command because I could just reverse engineer anything they chose the bad thing is a day they sort of gave me the idea to try the default for the full access and then they didn't change that anyway so in the unsealed mode you can then access the some of the extended commands you can read the data flash and write the data flashes at that point you can start to do some some real configuration of the thing and this is again what the battery firmware upgrades go to so full access mode then you have all SPS commands so again this is like route all SBS commands you can write to any of them that allow you to write you can enter these other like super privileged access modes bootrom in configuration mode and the Apple farmer upgrades don't even need to access that so one of the modes is called configuration mode and this is basically the way that you can configure all the little internal sensors and stuff so you know the little internal sensor might think you're sent it has you know mm I don't know so it measures you know the amount of current passing into it and it thinks it's 20 milliamps but really it's 22 and so you tell it that and then it reconfigures itself to know that oh yeah that was 22 and so you can imagine definitely screwin with it in this mode I didn't mess with that mode so the things you can configure our number of cells so that means like 6 in this case current how much current and you're giving how much voltage it has on when its temperature is so these are the things that this document I found tells you to do as like gee I wonder if there's any other calibrations you can do besides those because it sounds like really fun and you know I don't know and you know it turns out if you Google like what other calibrations for BQ 2080 besides temperature voltage you know like Google actually doesn't help in that case so I just went to the store so I asked the Texas Instruments people so I said it's Isis so I get on the board and I'm like hi yes you know can I do anything besides this and this like really nice employee named Jackie writes back she's like nah only current voltage and temperature like okay thanks and the others I put this up is I think it's really cool because they have these these message boards there and you earn points and it's like a video game and like I have 105 points at this point in this game and it says I'm a prodigy and I like that the game realized that you know while I don't know much about batteries I have a lot of potential so I felt really good about that okay so so then the other mode that I deal with a lot it's called boot ROM mode and this allows low level access and in the regular document that talks about SBS it doesn't talk about this at all because really you're not supposed to be doing this unless you know what you're doing and obviously I don't so I had to buy some hardware to help me out so and again this is some of my budgets to help figure out things you don't actually need this to do all the the sort of attacks I talked about say I bought this evaluation module and it's it's the same exact thing that's on the battery except it's like a big board you can look at it you can play with it and the most important thing is it comes with Windows software that talks over USB to the chip and lets and you know will like program it and stuff and so I can just sort of emulate what it does so this is what it looked like at my house sitting on my like dusty floor and then you'll also notice there's this Radio Shack you know device that I bought there and I was like well I'm a child of the 80s or whatever so I was like those dudes at Radio Shack they know a lot so I went in there and I was like so I was sort of hint around at my project you know look man you know I worked for a consulting company and we're evaluating the safety of batteries and tell me about batteries and what do I need to test batteries and the guy was like you can I interest you in a mobile phone you know so not helpful at all so yeah and then yeah it was amazing but there's a lot of people that still shop there sprightly so anyway this is what the software looks like and this is where I got the little guy for the title screen I think it's really cool they have them they have like a you know mascot for battery technology so I go it's like Clippy with a backpack on so this is what the screen looks like and this allows you like the raghu e to change all the SBS commands and it shows you all the you know bit fields and what they mean and stuff and you know so here's the data flash and you know again it tells you what each one means what they open what the value is what to change it to but of course the first button that I push when I when I see it is the pro button right so it says like this this screen is only for advanced users and you know I'm certainly an advanced user so it lets you do things like send raw commands and then the best thing is unless you flash the firmware which is something I really want to do so so then what I would I wanted to do is see how it's doing all these things and then write some you know write a driver or something for OSX to let me do it unfortunately some windows program and I'm trying to do things on Macs but anyway the valuation kit comes with this SREC file which is has the firmware on it and so I want to I want to reprogram the thing and sniff what it does to know how to how to talk to it on this little level because there's no documentation I've seen yet that tells you that so I googled look around and there's this s rack file it says it's an encrypted or the SEC file that's the en c is for encrypted so it's an encrypted SREC file and so like i reverse-engineered the encryption it's like XOR but you know to give it you know some some some credit it's not just actually with a byte it's like X or with a byte and the previous byte so it's like sort of fancy anyway the the firmware file has header header stuff it has all the data flash so those are all the configuration parameters has all the instructions and then a bunch of check sums and stuff so I wrote a PI debug script to intercept the USB traffic and then I could see exactly the sorts and then by comparing it to the things I saw when I would just do a single byte right and all that kind of things in the GUI I could I could figure out sort of what was going on it's like for example I figured out like Oh to read a word apparently you're sending the command 8 to write a word you send the command 4 and so on so so then I'm back to Google right so I saw at Google SM bus boot ROM eight right four so I was like I don't know how anyone did any research before Google and now Google did not pay me for this talk I should have tried you know just I said you had Microsoft pay me I could say yeah I used Bing Bing did it for me so anyway I came across this document that talks exactly about like how it to do talk in the bootrom level and also I talked about how the firmware the instructions were laid out so that was like really useful too so now when I sniff the reprogram and I see this these are the steps it does so it erases everything instructions in the data and then I can see like how much data it expects then reprograms row by row the data then reprograms the instructions so there's 300 X 300 rows of instructions cool and then I can see the data too so like I could piece together by the data it's sending what the firmware looks like so I pretty much understand now how to write in bootrom to reprogram it just by sniffing I could probably figure out how to read you know how to dump the firmware but I at this point in the story I have it I could get the data flash and but the problem is so I could I either have the firm I could either probably dump the firmware or I could just watch the firmware being uploaded from the S track file but I don't know like what the hell is in there so that's the next thing I want to do so I want to disassemble it and like reverse-engineer see how it works but the problem is I don't know what kind of chip it is all right I know Texas insurance makes it I don't know what kind of like you know assembly it takes so you know I do the stupid thing which is I loaded in the Ida Pro and I select each processor one by one and see what happens and they all suck so it's none of the ones that are in Ida Pro so I'm back to asking Texas Instruments so I'm like hey does anyone know what kind of you know kind of processor this is you know thank you and I tried to be like really nice and I'm like you know and I'm not lying I'm saying I'm Charlie Miller you know they Google they'll see Who I am and you know so I'm just my approaches to be nice and hopefully Jackie will give me a nice answer but instead Jackie this time I get this named Doug Williams and he's he says proprietary that's it one-word answer I'm like don't you know I'm a prodigy so so anyway I'm like I'm like oh thank you for your kind response can you give me a little more information like do you mean this is something you just don't want to tell me or do you mean like you made this in your basement and like no one knows what the hell it is and he says he says this is the first thing we have customers you know Apple probably who create their own firmware but we don't disclose this data because we want to protect our intellectual property sorry so I'm like well okay I'll just steal your intellectual property so so I just take the binary I stick it into a hex editor and I just start staring at it right well this is the worst job in the world and actually someone asked me about this part and when I gave this talk at blackhat and they're like you're like wow you like some kind of genius for looking at this I'm like no this is the beauty of like you know the cooking show where the guy like throw as much stuff to ku6 in the oven or like it's done right so like this was like really hard but in the slide deck it's like oh yeah it was this is so obvious right but this was actually like doing me like a week it was really hard but you know for your benefit it looks like really cool like I'm awesome so anyway so so what do you notice in this anyone want to want to beat me to the punch so is there anything special can you read the the bytes at all anything stick out oh I already said and then don't look at that bullet if you want to play my game all right so you'll notice there's there's threes right that's the only thing that you really notice is there some threes okay cool threes and anyone notice the really like you know something special about the threes sorry well they're spread out a certain amount so it turns out the threes are separated by two bytes each so it's like a level that's sort of interesting so so that's like well maybe then it's aligned somehow on you know three byte widths so you know adjusted the hex editor a little bit and then you start to look hey look sure enough if you look down those columns there's there's this this feature that the the high nibble of the third byte is always zero one two or three okay so maybe and then you can see this is true for all the columns so maybe this is a 22 bit word so there's so I got to find some sort of chip that has 22 bit length instructions and maybe I'm in good shape and you know that's probably pretty rare okay and then the final clue is I looked at the end of the firmware and so what you see here is the very last so there's lots of these things at the end that say three ffffff and the very last thing before that is 23 ffffff so here's the 23 ffff okay anyone like what would you think would be the very last instruction and something that you disassembled see I am smart I knew the answer I don't think I've heard the right answer yet keep keep on what's at the end of like big functions little functions return right so I'm like well maybe this is a return because you know that's how I end my functions and then any guesses what three FFF is what's that oh I heard it so so like what do you put at the end when you don't want to do anything no ops so that's what I'm thinking right so no not so let's see if I'm right so so the first thing to see if I have if i maybe I'm just like totally crazy so I was like well let's search for this thing that might be returned in the whole file okay so there's 410 times it shows up cool and they're all sort of like randomly spread about we're all so cool and and also I'm very happy to say that they didn't like encode or encrypt the firmware that would have really made this sort of analyzing in a hex editor harder so anyway that you know I'm pretty sure this thing's returned by now and those other things are no ops I know 23 bit instructions so probably that might be enough to go back to my best friend Google but my Google foo was weak I could not find it but my coworker diablos Akos he came up with a Google search that did work so he searched for 23 F F of F 3 F F of F 22 bit I don't know why I didn't think of that so anyway I come across this document you know to be fair to show how hard this research was it wasn't the top hit it was the second hit so you see things like it says bla bla 3 FFF is a no op you know return is 23 ffff so like this is this is pretty much business so you look in there and it says something about cool risk and then you google for that and you come across a document and you find out that the BQ 2080 is a cool risk see 816 chip or at least something so close that it doesn't matter at this point we're in good shape so I can read all about it and yeah I did so who saw hackers last night it's a great movie and you know this is the best line I think from it Angelina Jolie talking about RISC architecture is like a total awesome thing so anyway so this particular chip its 8-bit it has this Harvard RISC architecture you can see the data flash 64k 64 K flash instructions each 22 bits there's 8-bit registers and of course Ida Pro doesn't support it so you know this is what the registers look like and luckily since it's risk and risk is going to change everything but there's not too many instructions and so there's this is what there are there's like you know 40 or something and so basically all you have to do if you like Ida Pro like me is go in and you can you can write in Python adder pro processor script and tell it what each of these instructions means and what it looks like and then it can disassemble it that's what I did so this is you know another two weeks of my life in one slide so you just go in this table in the document it explains exactly what the bits are you translate it into Python then you've got a new setting on your Ida Pro that says text system is gas gauge BQ 20 C 80 and I'm really this is all released too so you can download it and disassemble and see how these things work now oh I'm sorry you can't there proprietary so so anyway now if you if you pop in at a pro you you it's risk so you have to make a separate data section for it and then and you're good to go this assemble but the problem is that it didn't do that great job but I just can help it out so I know that it's you know the instructions are fixed length they're all going to be you know three bio lines so I just want a Python script to go through and disassemble every single instruction because I know that can be any data because of the RISC architecture so then now I'm in business this is some of the whole thing pretty much and I can start reading it and seeing what how this how this is you know code on the battery what it does so if you can if you can see that oh so so basically this is some some function that takes in those SBS commands that you can ask I for the temperature and stuff it does the operation and it sends it back to the computer so this is exactly what we would kind of expect to see so this one if you can see so on the one on the left it says you know so it's SBS command 21 so which is the device name so it does some calculations and then sends it back this one is 20 which is like the manufacture name sends it back and so forth ok cool so so where are we now I can I can disassemble the firmware I know what's going on the battery but turns out things are going to go wrong for me very soon so I can just assemble it I can I can dump the the flash cool what else can I do oh so then I start to dump the flash right and I noticed that I'm not getting identical results when I flatten when I dump the flash each time and you know that's sort of weird but and whatever and then the bad things started to happen right so then I like well so let's let's make some changes to the firmware that's really what I want to do I do it the battery doesn't work anymore so that's bad the other thing wasn't so bad but this is bad if I try and sound like well maybe you have to do exactly what the Texas Instruments like gooey does so I did exactly what it does bricked so you know I'm sort of stuck and so I started you know I get on the Apple Store and I start ordering these batteries because I'm going through them so quick like faster than they can ship them to me I'm breaking them so and they're like $129 are pretty expensive so is I have a ton of these things and this I have just piles of them in my house and don't work anymore so it's a very expensive hobby lucky I have a corporate credit card so I had one idea I was like hey I got an idea they have like on eBay they have they sell these batteries that you know some dude in China makes in his basement and you know they out let's buy one maybe it's the same thing and then it'll be cheaper so I bought it and yeah I looked at it it's got the Texas mischief as far as I can tell it's pretty much the same but he changed the password on it so I couldn't I couldn't hack it yes anyway so the $40 battery was was like super safe I was like well well okay so so to start to fix my problems and stop buying batteries like I wondered if like the Apple store like Traxxas is like this guy is bought like 10 batteries what's he doing and then like you should have a special like and he's Charlie Miller you know he hates Apple he's up to something so uh so anyway it turns out my experimentation I found out that when I do the reads from the firmware they're not always reliable and they don't air out or anything they just return like random crap sometimes and so what I did is that I just have a changing API that I wrote to like it reads it a few times and make sure that it always agrees then and then it's okay and so once I do that then everything starts to go much better for me so I can I can you know consecutive dumps of the firmware like agree so this is this is good alright so then the next problem oh by the way this is like the worst thing that ever happens to me in my research if you can see it the little X on the battery so when you see that that means you're screwed so so that means you bricked your your your battery well if you're doing my stuff it otherwise it just means you probably don't have it plugged in quite tight enough now the only thing so it's speaking of the Apple Store before I so the one thing you can do from this research oh I didn't blow up batteries but I know how to like manipulate them so if ever anyone has a battery that isn't covered under warranty anymore I can hook you up so I can you can go in and you can change when it was manufactured you can change how many cycles it scene so you you can make it look like it's like five days old you're like dude I just bought this battery like five days ago and it's not working I don't know what the problem is it's kind of good so I help out the community when I can all right so so then I start so now I'm confident I can read firmware and I can write firmware but still is not working I'm getting this stupid ex that says I've done something wrong and so I look at the traffic and I figure out what it is and it turns out that it's this particular flag is set the data flash failure flag total failure so you read it blah blah blah and it's like number one after a full reset the instruction flash checksum does not verify crap there's a checksum I've messed it up so I need to figure that out but luckily I have the firmware it's like a reverse engineer how they do that so it turns out that there's these particular functions that I can't change that are in the ROM and one of them is in charge of computing the checksum so I just need to figure out who's using that function in an Ida Pro there's only two references to it one is to some s PS command that Google will tell you has something to do with checksumming and the other one is some function I haven't seen yet so that's that's my candidate so I checked that out if you look at the ina Pro dump of that it does something like it reads in and you know four bytes from data flash and then it compares it if it's zero these four bytes are zero then it just goes to the end the function otherwise it switches the ND in this calls the checksum and then compared his bike for byte if it's true and if it's not true it goes to the bad code and if it is true if they do agree then it goes to the end of the function so anyone have an idea what we should set the those four bytes in memory to zero right so if you set it to zero then it doesn't compute the checksum anymore and you can make any changes you want but then so that was the older version of firmware some of the newer version of the firmware like they got tricky and they encode or they probably would say they encrypt the checksum and really I think they just did this because you might accidentally get zeros there someday but you wouldn't actually get this weird value so they do some encoding of the thing but the same basic and principle applies that if you if you set these four bytes instead of the zero to an encoded zero then it won't check the checksum anymore so you can just do a raw data flash right to the device to zeros for this four bytes and it won't check the checksum anymore and but since I'm totally scared to go into bootrom mode with all my dead batteries I figured out a way to do it without going to boot round mode you can just figure out that there's there's this undocumented subclass 57 you can read and the checksum is actually in there so you can change those four bytes just with using extended SPS commands so now I can just freely patch the firmware and do whatever I want so what do I want to do well I can make it lie so now when you ask for the temperature I can make a return anything I want but what I need to do is understand what things are asked of the battery and what things you know so those are I mean even know what to lie about so I bought some more stuff plugged it in and I was like okay now I'm going to sniff to traffic the battery has these six little grooves and there may be a couple of little spots where there's wires two of these are got to be has some bus I don't know which two so I just I was like well I know I'll buy these little probes I'll hook them up between the things and you know I'll monitor what's going on this was a disaster so I did this and I must have touched the wrong thing at some time the computers didn't work anymore so apparently I short shorted something on the main logic board and so I had to take it into the Apple store which I do this a lot I go to the Apple store and I'm like yeah this isn't working anymore and you're like they're like what you do I was like I don't know I just turned it on and it doesn't work so they replaced the logic board and then everything was good again so we I never tell them what I do okay so then I have I said well the problem was you know all these loose wires and stuff so I'm gonna build my own special cable that connects the battery to the computer and so you know for someone who doesn't do any hardware this is like a big deal it took me like five days soldering and you know all this stuff I plugged in it didn't work it's a piece of piece of crap so that didn't work so finally I figured out the right way to do it is you just move the keyboard a little bit the battery can be sitting where it's supposed to sit you can still see the wires you can hook little you know approach to it this is this is the right way to go so then I hook up this there's logic analyzer and I can see exactly which cables have the SM bus traffic and then you can actually have ask it to decode it and you can see the actual SM bus right so it's like a write of eight which is temperature and then it reads the values so be 73 so I can see what the temperature response is and then you know that's cool for just like show but then there's another thing called a beagle that will record all this information for a long time you get like cool GUI like this and you can see still that some bus traffic you can record it for like an hour while you're charging your battery and see all the things that are ever asked on the battery and so these are the exact things that the with the computer off and a charging and asked for battery stats temperature charging current current voltage battery mode relative state of change remaining capacity full charge capacity and of those only five ever changed so the rest of them are just like yeah everything's cool or whatever so temperature changes but probably that's not so important current which is the amount of current delivering well okay then voltage remaining charge or main capacity in relative state charge so these are the things that you could guess the Chargers asking for in order to figure out how much charge to deliver it so I'm going to lie to about those things so I got to wrap this up quick but basically these are the things I can imagine doing now I'm so where am I at I can make the battery do anything I want so so what could what you know so what right so breaking the battery is super easy I'm a expert at it I'm I'm not even just a prodigy I'm a full-blown expert so here is some code that with my API you can do that all this does is erases all flash you're definitely not going to recover from that so you can make firmware changes like we've been talking about so you can change all the things that are query tool I so like no matter how much charge it gets you always like hey I'm 50% full keep it coming maybe something bad would happen there so this is basically like a function that deals with SBS commands and I want to change the ones like so like remaining capacity which is SBS command F instead of F I'm going to say you you want to know F I'll tell you one B that's manufacture date and same thing if you ask me for full charge capacity I'll tell you the serial number so you just make changes to the firmware and the reason is because manufacture date and serial number are both words which is the same thing as we're really capacity full charge capacity but they're never queried and you can send them any value one so then you can control exactly what the battery is reporting and you can do this live while the battery is charging you know without any wires or anything just remotely with root access so this is what the code look like that handles that case and then here's the the API call to patch the firmware and then it just all it changes that code to this code which just changes the SPS command and then jumps to the other case so now when i query remain capacity you know surprisingly it's exactly the same as the manufacture date and same thing full charge capacity you know coincidentally is exactly the same as serial number okay so now I don't show it here but I go through and I have a white paper that goes in way more detail than I can here but I go and I've changed the firmware to lie about every single thing that's queried so now over time it doesn't it doesn't change what I want to I can change it on the fly and I did verify that you know these changes that I make do affect how much current delivered to the battery but I'd like some sort of weird non like super obvious way so this is where I like it started to get scared and I you know I tell the story that I was driving you know to a soccer game or something and I saw I just like fire trucks and stuff going the other direction I was like holy as I was just like mess with this stuff when I left it's like I call home and you know my wife answers I'm like well that's good she answered the phone and then I was like you know that computer upstairs in my office can you go and plug that so she did that anyway so I mentioned that there's there's various layers of defense besides this chip that I'm like owning is the main guy in charge of safety but there's other things that may prevent the big explosion so there's these like thermal cut-offs and you see so it's like these little cells that think it hot they they melt and then you can't get electricity to the cells anymore but you know the good thing about that batteries I can't mess with it the market what the banding is I didn't see these little things on the market battery the other the other thing you could imagine again is attacking the kernel from the battery so this would be like a way to have persistent malware for example I didn't look for a particular bug again like knowing Apple it's hard to imagine there's not a bug there so you can imagine writing a pleasure in cool risk assembly and changing the firmware and having the battery literally fuzzing the OS that is crazy but it would be awesome on the easier ways you just would hardware just hook wires in there and emulate the fuzz and Travis Goodspeed is talking about he already has something that basically does that so then if you know I don't really think there's much risk of anything bad happening to you from this without someone else doing something you know a lot more work but if you're the super paranoid type which probably 90% of people in this room are pretty paranoid I did I released a tool called gun which basically goes in and changes the passwords to values nobody knows the source code basically looks like this is just like yeah it gets full access changes the password and that's it so here's all the people who helped me on this talk you know I'm such a hardware noob that I couldn't get very far so thanks to all those guys here's where you can download the paper or the slides the tools I have Ida Pro scripts I have the firmware IDB files everything you want to like learn and play with and that's it thanks a lot

Info

Channel: Christiaan008

Views: 81,858

Rating: 4.8607349 out of 5

Keywords: DEF, CON, 19, Hacking, Conference, Presentation, By, Charlie, Miller, Battery, Firmware, Hacking, Slides

Id: AEjJhnL02bE

Channel Id: undefined

Length: 49min 1sec (2941 seconds)

Published: Wed Oct 26 2011