#HITBLockdown D2 - Virtual Lab - Firmware Hacking With Ghidra - Thomas Roth & Dmitry Nedospasov

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome so this is all a bit rush so I apologize if there any rough edges around this we basically decided on Friday night that we will be doing this but welcome to our virtual lab bare metal reverse engineering and hardware hacking we will look a bit at reverse engineering over metal firmware and then Dmitry will take over and talk a bit about doing a hardware attack to bypass a chip security measure now okay I also just learned that I'm in the wrong slack channel but basically I just hosted the crack need that we will reverse engineer into slack so if you want to join at home feel free to download to download it and also download deidre and SVG loader and then you'll be able to to do what I do basically and also if you have any questions please just post them into slack I'll try my best to answer as soon as I see them so let's start by talking about bare metal devices so we all worry about smart phones and so on which have very powerful processors but there are a lot of devices around us that have less powerful processors in them and such as Hardware wallets or general IOT devices fitness trackers and even in cars of you take a car apart you probably find 200 different processors that are they don't run a real operating system so let's talk a bit about what bare metal means we are all on the same page so on a normal computer or on a smartphone an application that you write will run on top of an operating system and this operating system will then use drivers to talk to the actual hardware now on a bare metal device our application runs directly on the hardware there's no real operating system there's no large hardware abstraction and so on instead for each hardware we run on we have to to ship all the drivers and all the stuff that we need to talk to the hardware with our application now the best example in our circles for an embedded device that is not bare metal is probably the raspberry pie kiss in most cases it runs Linux even though you can program it bare metal only a few people are crazy enough to actually do it and then on the bare metal side the most popular example is probably just the Audrina now today we will look at bare metal devices based on ARM processors and arm has a lot of different classes of processors for example we have the cortex a we have the cortex and we have the cortex R and so on and the cortex a are the the big processors that you have for example in your smartphone the cortex are are the processors for real-time applications such as industrial automotive controls and then we have the cortex M which is the microcontrollers and today we will only look at cortex and devices now what makes a quat XM device is that it has no memory management units so there's no virtual memory there's no real way to run a real operating system with like process isolation and so on on it and also compared to a cortex a they are very slow so they start at like 20 megahertz or so and go up to a couple of hundred megahertz and they have very small amounts of flash and Gramps so for example in most cases you have a couple of kilobytes of RAM LEDs so there's not a lot of space on most of these devices also most of the ones that are on the market right now our single core even though dual core and even more cores are getting more and more common now it wouldn't be armed if there weren't a hundred different versions of cortex amps and say for example there are cortex n0 + 0 + m1 m3 m4 and so on and so forth and wikipedia has this great graphic this great table that shows you what's what and basically we as hackers we don't really care about the differences between these these processors but for example the instruction pipeline is different and even the computer architecture and so for example all the smaller cortex and 0s and so on are based on the phenomenon architecture while the m3 m4 and so on are Harvard based but we don't really care but one more thing to note is that the ARM architecture so the instructions that you can use on these is also different and so for example on DM zeros you need to use an MD 6mm sm / and on the m3 you need an RV 7 but today we don't really care about that if you've ever written code for older or bigger ARM processors you probably know that the or the original instruction set is fixed with 32-bit instruction set this instruction set is not supported on ARM Cortex and devices instead they only support the thumb and thumb v2 instruction sets so that you have 16-bit instructions and sometimes with thumb v2 even smaller 32-bit instructions now let's look at a specific processor and so today we will look for example at at the stm32 from STMicroelectronics the SCM facility is super common in a lot of devices and what's nice about it is that you can get breakout boards such as these for like 16 dollars shipped on Amazon and so on and so if you want to play around with with chips that are very well supported by open sourced food chains and so on the STM's are are really easy to work with compared to some of the others and basically this chip has a lot of peripherals integrated so we have general purpose input outputs which is basically just a pin so one of these gold small pins on here and you can do with those whatever you want you can turn the model after and so on it has hardware support for serial I squared C and so on and if you go on the stm32f4 in this case website you can see that it has a lot of stuff such as canvas a camera interface spi and so on and that it runs at 180 ma at 180 megahertz you can also see that only has 512 kilobytes of flash memory and only 128 kilobytes of RAM so there's not a lot of space for stuff on there but it still is able to drive a lot a lot a lot of different things how are these these peripherals such as I squared C or the camera interface implemented basically if you check the datasheet of the stm32f4 you can see that the that the pins on the device are organized in parts so for example here I've highlighted part a and we can configure each pin of these ports in this case for a has 6 infants to be for example the general purpose input output and then we can blink an LED so we would set it to output and then on or off and so on now we can also switch the boat of these pins to different - for example I squared C which would allow us to drive the display and so on and we have a lot of these ports for example on this chip we have Part A Part B and Part C and notably not always all pins of these parts are available so for example depending on how you configure the chip the pins on the Left might be used for the clock instead of being used for general purpose input outputs now how do we talk to these peripherals given that we don't have an operating system that we can use to to for example say hey open a file or hey turn on the display this is done using something called memory mapped peripherals or memory mapped i/o basically you have your flash your RAM and all your peripherals in a flat memory space and so for example your flesh on the sf32 will be at X 800 your RAM will be at hex 2000 and your peripherals will be at hex 4000 and if you want to find this for a specific process or just go into the datasheet and search for memory map and that will bring up this nice diagram going into a lot of details on which address ranges are for which peripheral or for flash and so on and so forth and for example if we zoom into the lower part right here we can see that the flash memory of our process all starts at hex 800 and that our RAM starts at hex 2000 and if we go back we can see that there's one big area reserved for peripherals which are extended on the right side and this Appa HP and so on just our different buses that are in the chip we don't really care how these works are what they do all but if we go if we search in the datasheet for for example HP one we get another memory map for all the things that are on this bus and so for example in this case on a HP one we can see that all the GPIO peripherals so all the things that we need to turn on the dolphin LED or so are on HP one and start at hex 4002 and so for example GPIO a is a just hex 4002 zero zero zero zero and if we go into the GPI register part of the datasheet we can see that basically there are thirty two-bit white registers in the memory that we can use to control it so for example if we want to control the mode of this of a GPIO we just go to the address offset zero so for example we know that gko a is at 4000m two plus zero and then we have the address of this mode register and we can now adjust the mode of whatever pinion we are interested in changing the motor by just writing to all of these two bits and you can see down here if we set one at mode R zero for example to zero zero it will be an input if we set it to one it will be an output we have 1 0 which is alternate alternate function mode which we need to use if we for example want to use I squared C or so and then we also have an analog mode where we for example can read analog data such as voltages and so on now let's say we want to set a pin to be an output all we have to do is set the least significant bit of this address to one and so for example we will just write 1 2 hex 4002 now to turn this pin on because so far we've only said it to be an output we haven't turned it on or off yet for that we need to use the output data register and again we have the output data register we can see that it has for each pin in the port we have 16 pins per board we have a single bit that we can set either 2 1 or 2 0 and we again can calculate the address so this register would be at hex 4000 2 and 14 and if we want to turn on pin 0 and pin 1 we simply write the the least significant bit and the second bit just by writing for example 3 to this part and if we want to turn it off we just write 0 now how do we do now how do we analyze a firmware in giedrius so basically I've created a small crack me if you're in the side channel you will find it there you can download it and if we drag the this file into inter caetera we get the import dialog now if you would load a regular binary so for example if I were to load for example if I were to load just let's say the copy executable you could see that Guidry would detect it as a macosx mewho binary but in the case of a bear firmware it's just a random binary file and gujarat doesn't know how to analyze it and how to load it and say if i drag it in the format will just be raw raw binary this means that we have to tell Deidre about the language that this file is written in and in our case this is a firmware for these stm32 breakout boards and so in our case I know that we are loading a cortex program and so I have to open the language dialog type in for example cortex and there are two options here big endian and little onion now if you read the cortex-m processors that are big endian but in the wild you will see that basically they do not exist like nobody will be like basically you will never encounter a big endian cortex and chip most probably and so we just like little double click it hit OK and now we also need to set the load address now we just saw in the datasheet that basically there are if we go to the datasheet of this chip the flash memory is at x0 800 now we know that our firmware will probably be loaded into flash and sorry let's set the load address that we go we will use 2 hex 800 hit ok hit OK again and double click this file now oops this is coming up on the wrong screen now Piedra will ask you whether you want to analyze this file now we absolutely do not want to analyze this file yet because we first want to finish setting up deidre to to know about the process of we are using and so we hit know right here and then we go back to the to the datasheet of our processor and we can see that the flash memory is as a tax you are eight hundred our ram is at hacks two thousand but we also see that at hex 0 0 0 0 that these addresses will be mapped either to flash system memory or SRAM now in most cases where the former is regularly running this will be at will be mapped to flash and so we have to make Dedra aware that our flash is not only at X 800 it's also at HEC 0 0 0 and we also want to make sure that we have our SRAM memory block mapped and so on and so in Hydra you can do all of these things by going to 2 tools sorry to window memory map and that's coming up on the wrong screen and here we can see that our flash the binary we just loaded was loaded at hex 800 and so on and we can create a new memory block and so for example we're going to call this flash lower it will be at address 0 it will have the same length as the flash that we just loaded so to be Oh C will be executable and we will initialize it with the fire byte so it will have the same contents we hit ok and now we have that now we also want to create a block for drums we have our M it starts at hex 2000 and let me check the datasheet how long is the RAM it goes up to 1 F F F F F F F so let's copy that in also step is to execute and volatile the volatile flag is important in this case because Ram might change under use or without you noticing as you want to make sure that the D compiler is aware that that Ram we always can change so it doesn't optimize some stuff away and we just leave this to an initialized and hit OK alrighty and now we are ready to go now we can actually analyze our file and so I'm gonna go to analysis and hit ultra analyze and now with firmware the problem is that it doesn't have a structure like an entry point or so and in most cases so for example if you wrote an elf binary it has a defined entry point and then the entry point will jump to your main function and so on we don't really have that in in firmware we often have a reset vector of which we know the address we often have interrupt vectors where we can guess the other vs. and so on but deidre also has an analyzer called an aggressive instruction finder and this one is really really useful because basically allows you to allow ski drop to try to find instructions anywhere in the binary and so it will just go through the binary and see how does this look like I'm code if yes it will mark it as code and so this is really useful and so let's check it and hit analyze and we can see on the bottom right a lot of stuff happens we can see a lot of colors changing here on the right side and that's already it we are done and and before we start analyzing it I want to show you what this correct me actually does I should have done this earlier apologies so basically I have I've put a small correctly on this device and if I hit if I hit reset you can see it says heck in the Box bare-metal correct me enter the correct combination of signals and press the button and if we just press the button on here it will just say unlock criteria are not met try again and so our goal will be to reverse engineer this check and oh I'm just gonna got a question so we just hit the button we can see our criteria are not met and so we want to reverse this correct me and figure out what exactly is going on and what does it want us to do now we could go for example to address zero and we can see the full reset vector here and so so we can see that our on reset our CPU jumps to this function which does something and so on but in a lot of cases where I look at from where I I try to figure out what would be the best point to figure out where to start and in our case we we just saw that it has some strings and so let's see what are those strings used and that will probably bring us very close to where we need to look to to reverse the cracking and so let's go to the strings window just click on window and you have defined strings and you can see indeed we have the enter the correct combination of signals we have the flag which unfortunately in the binary we got is censored we have this the string we just saw and you can also see that these are here twice this is because we have the flash Mowatt and so it will be twice in memory once at 0 0 0 and once at 0 800 so let's just click on one of these strings and see if we get any references to it and here in the listing view you can see that indeed our string h ITB bare-metal crackme is used at two addresses which are actually the same and we can just double click this if you jump here and we we get into this nice function where we can see our string is used enter the correct combination and then we also see this success message and so on now when I reverse engineer something I really like let me answer a question on slide real quick H I TV will lock down let's see apologies I'm just trying to do this alright okay and so if I see this and I know this string is output to the serial console I will just blindly call the function that I'm I would just call it for example probably serial.print because whoops let's fix the typo just because it looks a lot like this is probably the function that prints something on cereal now I could go ahead and click on it and see if this is actually true and so on but I mean do you really have to I'm a hacker I'm lazy but let's still go up and see what these functions do maybe we need to know and so here if we click on this we can see some strange numbers going on and we can see that this basically will write something to four thousand two three eight zero zero zero also and now we could what we could do is go into the datasheet and figure out what looks figure out what's at five thousand three to two what works the full and four thousand three three eight zero zero yeah three eight zero do we have it here and we can see our this sets up the RCC which is the peripheral clock management and so on but the problem is if you do this over and over and over again and manually see a number go back to the datasheet figure out what what it does and so on it gets all really quickly and burns a lot of time but luckily there's something called SVD files system view description files and these are basically files that that contain a description of all the profiles of the chip and so for example in this in the SVG file we would have the address of our GPS we would have the address of the you our driver and so on and I wrote a script called SVG loader for Diedre which you can find out on github which allows you to load these as we defy us and what's nice is that for example Kyle gives us SVD files for hundreds and hundreds of chips and so if we go into Vedra I'm just going to call this as we know as you see something and go back to the function we came from sampler here we see some more addresses that are probably in the peripheral range but that we don't know yet but if we lose this script called oops so I just go to the scripts window level on security if you don't see your script in this list you have to add it to you the script path so click this button and then at whatever directory you Clint SD loader to and then we just double click it and it will ask us to select an SVD now there I have a lot a lot of as released there's this nice synthesis as we need github repository where you can find hundreds of different almost thousands I guess SVG files and in this case I even happen as we file for the STM f4 for six that I'm using on this port and so I'm just gonna double click this and it will take a while total to them I should've put a a jeopardy sample on here oops hello ah there we go okay took a while I'm not sure why but anyway now you can see that the red address here turned into GPIO SC and so now we know that whatever red vs. was is now GPIO C and if we for example check out what's behind this so we can see that this data here that is put into this function is actually a pointer and so if we hit P we can convert this into a pointer and we can see oh okay this hopes this configures GPIO a if we do the same here we can see this is probably a pointer this confuse the UART and so on and now without even touching the datasheet we already know that okay this is like that's something so us a RT is the serial column it's the the serial port we know that this is also use out some things we can call yourself something to you and so on I'm not going to label all of these because we don't really need it and then we also have GPIO s so this probably configures the GPA or a port or whatever and but let's go back to what we actually want to reverse which is the cracker and we can see that the actual correct me is is happening in here so we can see enter the correct combination of signals and then this happens now let's see what's behind this if we double click a data point we get we jump to it and we can just hit P to convert it to a pointer or you can click or you can do a right click and set data to pointer and we can see that this actually points to the GPIO CPU PDI register let's see what exactly the PPI registers on the datasheet so as always there are always two documents for trip that you need to be aware of there's the data sheet which is 200 pages and then there's the reference manual which has 1,300 pages and so it's huge and so let's just search for QPR and we can see okay pupae are just sets the pull-ups and pull-downs on on the gpio that's some electrical stuff we don't we are not really bothered by it but let's just call this keep the sea slugs and we can see another right here this time whoops and we can see that this sets GPIO SC to zero now if we go back to the datasheet we can see that this basically just sets the pin direction of GPIO LC to be inputs because we earlier saw two zeros we mean inputs this just sets the entire GPIO will see to be in input and then we can see that the flops are activated and so a nice trick if you see 0xaa but we want to see it as binary is that you can in the listing view right click it and convert it to binary and we can see okay this for the one two three four for the first four pins this will enable pull-ups if we go to the datasheet we can see this up sorry pull down so it basically sets for can zero one two and three it sets that you via pulldown and so we know what this does and we can go into into the actual loop now the first variable here is pew vr1 and so let's strike back and see what this does again we can books we can convert this to the cue punker and name this okay this is the V PLC input data this will basically always hold whatever input state we have on GPIO C so if we go into the datasheet again we can see that I DRS the input data register and if we have a pin configured as an input we can just repeat the single bits to see whether for example the button connected to it is pressed or not pressed and so on now to to make this a bit easier I can tell you that this basically just reads the button and so it basically waits for a button press and because as we saw earlier in the console if we press the button books we get the try again message and so this just waits for the button whoops and if we open what's going on here sorry my computer is a bit leggy Here I am and so whoops criteria good it's saying this a lot criteria we can see that it waits for the button press and then it checks the condition and if this condition is not met it says oh Allah criteria is not met please try again and we have to start over and say our crackme content is in this year and this basically just reads the GPA I will see input data and then checks whether the least for the least four bits of it are equal to two this basically just means that what we have to do is is somehow on the GPIO will see input set the second pin to to true and suddenly our part knee will be solved and so for example I can do this by using a simple jumper wire so I've checked in the datasheet in the datasheet of the board where my pin 2 is and I just apply some voltage to it press the button and we've reversed the correct knee and so now this is obviously a very simple example on how you can reverse on something in Mitra but this can this can be done on a lot of things and so for example if we if we checked a different processor the LPC 1 3 3 4 it has something the CRP which is the code read protection and so this basically is a piece of code that checks whether the checks worth of the debugger interface that gives you access to for example reads of Flash Rita Ram and so on is available to be used or whether it's locked down and so for example on a hardware wallet you would try to to lock this down and on a on a deaf board you would leave it open if possible and what's a nice attack is if we could somehow re-enable this code read protection and so this code read protection on the LPC is implemented by writing to a certain address in flash and so again we can check the reference manual and basically the Cauvery protection works by checking whether a specific pattern is in flash in this case address it checks address to FC and so what i've done is i've loaded into Hydra the utrom of the lp food ship and if we go to and if we go to the alert 0x to FC and i've already set up the memory maps and so on you can see this you can see this right here i've already set up flash at on and so on and you can see that we can actually by loading the the boot rom we can see where this corporate protection is wrecked and so for example we can see if we click here we can see that there's some code that works on the code weak protection and so on and we can start reverse engineering the boot ROM and try to figure out how exactly does it work how can we potentially bypass it and how can we find vulnerabilities and now this will take a lot of time but there's a nice other trick because we now know as we FS we have the boot ROM which is executed on each start of the chip as we know that it's read from flash each time the chip boots we can do something called a glitching attack or fault injection attack and so basically if you look at the power supply of a chip if you managed to somehow interrupt the power supply for a couple of nanoseconds precise time you're able to change the behavior of the chip and so this is called glitching and what you can do with it if this for example skip instructions are cropped flash weeds and right right scrubbed register rights and so on and what we can do and as we know that the chip is reading this front flash on every boot this means that well what we could do or my camera just died second this means I hope you can see me again this means that what we can do it means that what we can do is basically it's basically try to do the skill chain this voltage glitch at a very precise point in time on every single boot and I'm going to give over to my colleague Dimitri who will explain the details of that so it really get perfect so yeah so now we're going to take a look at glitching and so the specific device that we're gonna look at is I have in front of me on this table so let's switch to that so we're gonna take a look at this guy right here so this is an LPC 1343 development board and will actually be triggering the glitch using this right here which is an RT a digital an RT fpga board but let's just briefly take a look so I'm gonna share the slides just with oops hi sorry it's another corner and I'm assuming they will be right back sorry I unfortunately forgot to give Chrome the rights to share my screen so let's try one more time so I'm going to share my screen and hopefully let me just check really quickly so everything else looks good all right so let's just take a quick look so I'm gonna switch to keynote and let's just take a quick look at this so basically this is our board right here then we're gonna take a look at and like Tomas already explained so what we want to actually do as glitch the bootrom so with something like with something like with GUID robe we can actually go and we can analyze and find vulnerabilities in the Skookum so like Thomas said turns out on this specific microcontroller it only checks it only checks the the value one time during boot and so that actually means that it's very easy to trigger so all we need to do is reset the board we can perform a glitch which we'll take a look at in a second and then we can recycle everything and try again and and during every single boot up of the microcontroller we can actually look and check is it is it working or is it not working etc so basically so basically there's a couple I mean in terms of the glitch theory a lot of people ask about this so you have to think of overclocking is the example that I always use and I think especially hackers are familiar with overclocking so if you want to run something at a higher frequency it needs more voltage so we're gonna do the exact opposite we're dropping the voltage which means that running at the same frequency of the system actually becomes less stable so I mean that's a gist of what we're doing and so what does that mean less stable old data is actually going to get corrupted so that means that for example instead of reading on a 32-bit bus instead of reading let's say all F's it's going to read an ISA more where instead of reading all the zeros it's going to read a single bit that's one and depending on what the actual comparison is that's happening in the microcontroller firmware in the boot that'll affect essentially the security of the device so in this case I mean Thomas already said it and I said a couple times it's gonna be just a single a single check that happens and unfortunately unfortunately unfortunately I mean this guy boots off of an external or from an internal RC oscillator which has the I mean disadvantage that we can't control it somehow externally but fortunately it'll still work but we do have to make some modifications it's basically this what we're doing we have we have a reset that happens at some point in time that's the N reset signal and that's green and at some later point in time what's actually happening is where we're gonna trigger the glitch so we're gonna drop the voltage for a very short amount of time and basically go from there so so how does this look like in practice specifically with this chip so it turns out the security is based on a magic value that gets stored at UFC and so this is something that Thomas was already showing in the in the in the actual manual for this microcontroller so it turns out there's exactly four values that apply security to the chip and those values are and this is not a joke 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1 etc if it's not one of those values that reset is unlocked and you can verify this just by reading the document that that nxp will provide for you so basically you have to think of it like 4 values lock the device and since we're talking about arm 32 bits that means 2 to the 32 minus 4 values unlock the device so chances are very good that we can actually unlock this voice so to secure the device the user again has to explicitly write a specific magic value and since 1 2 3 4 5 6 7 8 or 8 7 6 5 4 3 2 1 since these patterns are not valid arm op codes I mean I guess the assumption is that nxp made one designing this is that you'll never accidentally put code there that'll lock the device so let's take a look at what it's like to talk to a bootloader because we're talking about the bootloader the boot rom so basic if you look very carefully it'll say the if if the so another thing that you commonly have is that you might actually have more than one group learner and if you ever even the choice you always pick the most simple interface available to you and in this case that happens to be that your interface so that means we can just connect with a serial console and talk to the bootloader and play around with it and that's basically one of the first things that we'll try to do then we're actually we can go and set the security of the bootloader and essentially then we can go from there okay so this again I just show you the slide just because this is that what we actually have to implement on the FPGA so I'm not going to go into a huge amount of detail on how that's done but basically we need to generate a delay and a width and so essentially after a certain amount of time ie the delay which has is a 16-bit value we need to do something for an 8-bit value so 0 to 255 and this these are all units its units these are clock cycles of the FPGA so when we're actually doing inside the FPGA is we're building counters that actually control all of this and how do we actually switch and manipulate the voltage well you can grab an analog multiplexer like this one the max 4619 and so ioud VCC and V which those are just two arbitrary input voltages I mean you can see this device actually normally runs at 3.3 but we're taking it down all the way to 1.6 because why did we take it that low because it's less stable at that point when we when we start a glitch it it's already running at the bare minimum and we can go from there so let's pretty much let's pretty much get into it so last thing just this is I'm not going to go into a huge amount of detail but this is as simple as the logic is inside the FPGA so we have the command module which is the module that actually processes the commands that we can then send from a nice scripting language like Python so we'll actually use Python to configure the FPGA and configure the glitch and then we need to reset the board after we reset the board we need to wait for it and after the delay is up we can pulse and toggle the voltage so let me switch back because let me switch oops sorry my escape wasn't working so let me switch to my when we switch to the camera so let's talk about this one more time so here's the fpga board this is the microcontroller board so and we're gonna be using a power supply and this is something that i already had a chance to rig up which is a a multiplexer which we'll discuss in a second but basically this is just gonna match the schematic that i had on the previous screen so let's take a lift the first thing that we can do is we can just try to talk to the bootloader on here so there's one modification that we have to make at the very beginning which is we actually have to be able to get into the bootloader for that we need one more connection on on this board and this is actually described in the datasheet so let's go for it so let's modify it so I'm gonna grab my soldering irons which are over here to the side so we'll just need one for this part and I'm just going to add a connection and we'll need a male-to-female wire for this and I'm just gonna connection to the microcontroller right here and this connection like said it's documented if you read the datasheet and it's going to be the fourth pin over here it's going to be the second column over and the fourth pin and this pen we either connect to ground fortunately we have this jtag connector right here and that'll actually this jtag connector has almost all the signals that are ground a bunch of them are unused so we can actually use that and connect connect the signal there so I'm going to unplug it obviously because you can short something soldering so I'm going to leave it there and so I'm going to solder this connection so four and two I'm just checking one more time and should be this one looks good so obviously if you have the choice always use leaded solder for this kind of stuff oops sorry I think the other ones the one that's heated up yes alright so that connection we have we're good to go so now I can all I need to do is to connect this to a ground pin and like I said fortunately almost everything is a ground pin on here because we have this jtag connector and on an arm JTAG most of the signals are down so I'm just going to pick like number four over here and then we can test it and we can test it by connecting it to power again and also setting the jumper so we can see now it's set a bootloader mode how do I know because the default firmware that's currently on the board which would normally run will toggle the LEDs so that's not happening so we know we're probably in the bootloader so now we're going to do is connect the FPGA and actually try to talk to the board so let's take a look at how that works so on on this board on this FPGA specifically what we have is so we have the we have an FTDI right here which is connected to the FPGA which then we can implement logic to talk to any of these pins but I've already configured the last two pins on this header to be to essentially pass through the signals that are normally connected to the FTDI directly to this board which means that I can directly communicate with the board once I have it connected there so I'm gonna grab two more connections two more male to female and connect them connect them up so it's going to be on pins so these I'm going to connect them to the UART pens of this guy so the TX and the Rx of this guy I'm just going to connect right here and then I'm actually so wait I might have the same problem so I'm actually going to switch to another machine so let's see if it works it looks like it's working and here I have VMware running so which means that I should be able to login to this VM where if I don't miss type the password alright so basically right now we can actually connect using Pico comm so if I look there's Pico comm I can connect over to this device and we can actually try to talk to it so what's the problem so I think I need a let's reconnect the FPGA just in case let's make sure we connect it to the VM and we have to now unfortunately do one more thing which is we have to flush the FPGA so I'm going to auto connect to the FPGA let's do it so we're going to connect we're gonna sew it's gonna output into here and we're gonna program it and then we can actually play around with P go home okay so I don't have it on the screen but if you were to read the documentation the first thing that we actually have to send the board is a question mark so let's try that and if it doesn't work that means that we might have TX and rx wrong so let me just check that I'm am typing it correctly just in case so let's check if we have TX and rx wrong I'll restart this one more time let's try it one more time no so it's not working so let's swap these two so I'm gonna swap these two alright so there we got synchronized so now if I actually type synchronized without making any typos so if you look really closely let me make this larger if you look really closely what you will see is that s and the y and this bottom line the S and the Y and this bottom line are gonna get overridden just because the board doesn't send a newline back for whatever reason so I'm gonna type synchronize so it's sent back okay so that command was fine so now I need to give it a frequency for the crystal I mean this is also just straight from the datasheet will tell it ten thousand this doesn't really matter but we needed as a command to actually initialize the bootloader okay so it's happy so now I can actually go ahead and read and write to send read and write commands so in this case the commands want to return something they'll actually buu encoded so ignore that for now I mean it's not super important it's just the encoding that NXT selected for this chip so I'm gonna send R 0 4 and you'll actually see I get something back so I'm actually able to read and write this chip so this chip is not currently locked so that's problem so let's do it one more time so in the meantime I'm gonna quickly just by I'm just quickly gonna switch screens again and this time we'll use terminal so what I'm gonna do is share this one now actually let's do application window let's go to oops alright so let's go to this one right here so let's share the terminal window alright so here's the terminal window now all I'm gonna do so the cool thing about this boot loader I told you that there's a u at polar there also happens to be a u s-- people order and they use people that are super nice for the USB boot loader so wait let me see the boot the USB boot loader is super nice for for flashing this guy so what I'm gonna do is I'm gonna hit reset and now if I actually look or if you know Mac OS run under volumes we'll see we should see this guy pop-up so let's do Wilma con let's see it said still not there so let's go - let's just go to volumes so all right actually is there so it's it's called CRP disabled in this case so what I can actually do if I go back is if I copy for example CRP with binary I can actually go to volume CIP disabled and I can right over right from what happen so now if I do that and I hit reset one more time what actually happens on the host is this will come up and this will no longer be CRP disabled this will be CRP enabled and if we actually try to read the firmware that's on there now so I'm buddy I probably should have shown you before you can see everything zeroed so clearly the security has been implemented correctly on this chip so you'll see we can't read any values even though I just wrote a binary and trust me this binary is not all zeros it's not it's not letting you see it more of our so now if we switch over to the other machine again so if I stop this guy right here if we switch over to the other one and switch back to VMware and now we do the exact same thing so I'm gonna reset it I'm gonna reconnect the connection that I need to be in the u.s. bootloader I'm gonna send a question mark again we can see synchronized I'm going to type synchronized I'm gonna do 10,000 and so right now the CRP 1 it basically enables all the security but the bootloader the boot rom code is still there so we can actually communicate with a debug and play around with it etc don't ask me I mean technically we'd still be able to update the form on but we can't read it off of there so let's pretend this is some super important binary and we actually want to pull it off of this device so let's try to do it so I'm going to do our 0 4 and if you look we got a 19 code as a return value so that if you look before the value that we got was a 0 so if you look up in the datasheet a zero means the command success and a 19 actually means so this value right here the night the 19 if I could click the 19 at the beginning of that line what it actually means is where we were unable to read because this chip is actually has protections enabled so next step is actually to modify so let's let's talk about the strategy real quick so I have a script already ready I have the logic ready for the FPGA as well so if we actually try to run the script that I have right now so I add with this Python script right here so let's try to run it so you'll see what this Python script is actually doing is it's running against the the binary there and it's just checking is trying to reset it is checking like are you good are you good can I read can I read and you'll see that every single time it's getting it's getting values back where the device reports back that it's locked so it's not working so we need to make a modification so we actually need to implement the the glitch so yeah so we need to make a couple more modifications to the board so I'm going to stop sharing this screen and let's go back to the camera so to set the actual boards so we need to make a couple more modifications for that and let's do so the first thing that gonna do is we're gonna remove any filter capacitors that we might have on the on the board so let me just make sure it the video is good so that everyone sees it so I'm gonna disconnect everything so we need to make a couple more modifications so first modification is going to be also let me make sure my irons are hot the first modification we're gonna make it is we're gonna remove two capacitors so we actually have a capacitor right here and this is you see if I can get just a little bit more zoom no unfortunately I can't so we have a capacitor right here and we also have a capacitor right here that we want to remove so for this I'm just gonna move this out of the way and I'm gonna move the other a cable out of the way I mean for this if you're asking me the easiest way to do it is always just to use two ions for removing the capacitors and after we do that we actually have these are these shunt pads which we have on this board right here so you'll see once labeled 3.3 volt I owe and the other ones labeled 3.3 volt core so these are two pads if we cut with using a for example a scalpel or even a Swiss Army knife is what I usually end up using if we kind of between between there what ends up happening is we've disconnected this entire chip from the outside world so that means we can now directly inject the voltage onto onto this board so if you wanted to you could actually go and connect this to a breakout board so I can't see I thought I might have some right here but I don't seem off the top of my head but I don't see one right away but basically it turns out it's easier to modify this board than it is to to actually desolder the chip coating onto a blank board and go from there so that's what we're gonna do so let's do it so I'm gonna cut I'm gonna take a knife real quick so let's also use the the multimeter that I have right here so we're going to go into a continuity mode let's check the connections that they're still there so between this guy and this guy so you can hopefully hear the beep on the stream so it's beeping which means there's a connection there and there's connection there so now let's cut through those and we'll have separated a power supply from the rest of the board so I'm just gonna grab a short knife like this one and so people that have tried playing it playing along and doing this as well people always ask me how do you know if you've done it correctly and the answer is if you hear a crunching noise then you're probably deep enough to have cut through the wire so you can actually I mean you can't feel it on the stream but trust me you can feel the connection right there so let's take a look so I'm going to leave the knife right there and now let's take a look with our multimeter again let's make sure there's no more connection there because now we'll have separated a power supply so it sounds good so if I tap this there is a connection but if I tap the pads there isn't so one more time all right we're good to go so now we can actually solder two wires on ER there and make the all the necessary modifications so with su let's remove the capacitors first I'll for that I'm gonna use I'm gonna make sure both my irons are hot they both seem to be warm and so I'm gonna use two irons for this you should you should always get two nice irons and then it turns out that stuff like this is super easy so I'm just gonna warm it up on both sides and remove it that way and same thing on on this guy right here just warm it up on both sides and it should come right off so we're good to go so now remove the capacitors because of course anyone who remembers their University lecture on capacitors capacitors work as filters as well and so that's why we wouldn't want them that's why we want to get them out of the way so capacitors removed let's try now we need a solder to water there's not in there so fortunately while Thomas was doing his part I've already prepared the wires so I took a regular jumper wire I cut it in half I cut it in half and basically braided them just simply by twisting thing like this and now they're pretty much good to go so for that I will still need one of the irons to actually be able to prepare this and also need the solder of course so if you're doing something like this it's also always nice to have flux because flux always makes your life easier so I have this nice rubber pad so we can just prep it with some flux I mean it doesn't really matter if it's if it's too much if you pour a little puddle it would be fun so I'm also going to prep the places where I'm going to start it in a second and let's go for it so I'm gonna go like this and I'm just gonna prepare my tip and then I'm gonna take one of these guys and I will just get this entire edge filled would solder okay and you saw it's so much that it even some of it even fell off the tip but it doesn't matter because we just need solder around there so now let's do the second tip this is the tip of the second wire and so if you ever watch I mean if you solder enough you will also eventually you might end up noticing that sometimes this solder it doesn't latch on to it doesn't hold on to the end of the braided wire as well so it's usually a good idea if you have the chance to cut off the tips because usually there's no solder there so that's what I'm also gonna do so again for this our trusty Victor onyx cyber tool so I'm just looking for the scissors so there we have the scissors so I'm just going to cut off a little piece of this I'm gonna cut off a piece there and I'm also going to cut off a piece here okay and so now well so now we actually want to make this on here so let's try it so we're gonna create a pad so I'm gonna hold this onto here and try to some solder down to create a pad and I also need a connection on this other pad so exact same strategy so you see I'm not trying to put too much solder down just enough just enough for me to be able to to connect everything there so let's go and so how do you know if it's there if you can drag the board by it then you're probably good and finally let's do the second one so I have to bend it a little bit just because I want to make sure I don't have any excess tension there and that wasn't good enough all right but the second one was so last check let's check if it beeps because we don't want a short otherwise it'll be hard to actually perform the glitch so wrong mode all right we're good because you can see so I'm holding the one side of the wire I'm holding the probe the probe there and I'm also holding connecting the probe to the other side so if I touch the pad it's good but the other side is not connected and this side is good and the other side is not connected so we're good so basically just with that quick modification when we've eliminated is all this all these electronic components that are otherwise on this board which would have just made our life slightly more miserable alright so now we need a couple more connections so let's take a look at this guy right here so all this is I had this in the slides is a multiplexer board so if you look really closely let me try to unwind it a little bit just by moving it like this so here's some collection board so if you look really closely you'll quickly realize that almost everything is actually connected so almost everything so all these dark and more or less neutral colors except for the green wire are actually connected are actually connected to ground so I have a bunch of ground connections here and so these are just ground so whenever you have an analog device you want to make sure that you don't use any of the inputs that are not part of the circuit essentially so everything that I'm not using I'm getting rid of so I still need to connect the TX and rx of the board so I still need to connect the TX and rx and so I'm going to connect them right there and that's where the TX and rx are exposed so these orange wires all want to connect to the actual output of this multiplexer so if you look I mean this is if you look wherever we have this yellow wire is where the output is going to be according to the schematic of the of the in the datasheet for this multiplexer so what I actually need to do is I want to make sure that I don't have any bad connections ie I want to make sure that I don't work I want to make sure that I don't accidentally break the soldering words that we just did some grab a let's grab to Neil we're sorry to me Oh female jumpers and we're gonna connect them right here so we're gonna connect them to this guy and we're gonna connect them to this guy let me zoom out a little bit just because getting intense so we have these two connections going on now so these yellow wires are our actual voltage signals so I'm going to connect them to where we have the yellow wire over here and let's connect the second one as well all right so we should be more or less good to go so one more important thing is of course we need ground so where's let's check ground on this guy Oh so for that alright do this alright let's try to connect the ground I just need one more male/female let's go for it and I mean we can also take a look down here so the ground pretty sure it's the outer one that's the ground plane if I remember this board correctly so let's connect this guy to ground so we can also connect to the FPGA so we have ground pins over here and so we should be good to go and now we still need to connect this guy right here so what this guy is is this is actually these really nice Chinese power supplies you can get nowadays so everyone in my family would ask me why I don't throw away the Linksys power supplies so you just feed a bear jack into this guy and you can essentially generate any voltage you want so let's just for now for testing purposes let's set the voltage to for example oh so I actually have it if you look up top you'll see I have one point six two votes as the limit and then we also have a current limit of twenty milliamp set this is more than off so let's set the output to go high and we can see no short because the the current there's no current so let's connect these guys so I'm going to connect one to ground just like we did with this guy and I'm going to connect the second one to let me take a look so I'm going to connect the second one to this guy right here so this red cable is going to be our second input and afterwards we should be good to go all right so hopefully it focuses now so everything's connected so we should be good to go so power supply let me turn it up hopefully you can see it there we go so hopefully you can see it there on the screen so I'm going to just a quick test sanding check so we can see it's all good power supplies good so nothing shorted there's no current going through so last sanity check I would actually do is to take the multimeter and check the voltage so let's try to do that and right now the voltage should be whatever we are outputting from the power supply so let's take a look so for that I have this guy right here let's connect it over here and let's connect this one over here so it's slightly off the screen and 4-channel with my lamp it's coming off so you'll have to take my word for it but we're getting the 1 point 16 volts on the output so we should be good to go so let's connect we also fortunately have an oscilloscope for this and we can make sure that everything's working so first thing I'm going to do is so one more important step is I need one more male or female to connect the reset so let's take a look at the there should be a reset pin right here and let's share the screen on our VM we're missing and let's switch over there and we should be able to take a look from VMware so the only thing that I unfortunately don't remember exactly so let's take a look just to be on the safe side is which pin that I use for the reset so I'm going to open up what's known as the constraint file so this the file the maps signals from one pin to the other so we can see then I spin the third pin on this header is the actual reset pin so I'm going to connect it there so last thing I'm gonna try is it's a let's do one more thing so I'm going to reconnect this guy I'm going to we're going to make sure we can program the device and last thing I'm just gonna do is check that the TX and rx are fine so I'm gonna try Pico con one more time set a question mark so right now I don't see anything so let me make sure it's not the TX and rx being connected backwards so let's try to reset let's do one more time it's a stole nothing so one more so here let me try one more thing so let me just make sure yeah so this is going to be the ground so oh I see the issue we actually lost this connection Rieger so let's fix that really quickly so unfortunately our irons both turned off so I'm gonna also can unplug this guy and I'm also going to unplug this guy just to be on the safe side so let's do it let's fix it so which one did we lose you lost the one over here so now the wires are getting in the way a little bit so let me turn this around and do it from here all right but unfortunately I mean so let's try it one more time so let's get this guy connect this guy over here let's boot this guy up so this guy's good to go so now let's connect reconnect the USB USB should be good to go so we're reconnecting this guy to this VM let's set it to remember this is complaining that the hardware shut down let's try it one more time program and so that part worked so let's try P comm one more time and I'm going to send a question mark so nothing so maybe the TXN are our X we're not backwards oh I actually see what the we forgot one more connection which was we didn't supply the connection to the power supply so let me get that right so let's try one more time and if it's not this it's gonna be the TX and rx being backwards so let's try a long time all right so there we go we have synchronized so what does that mean so all the connections are good so I'm actually powering it at the lower voltage which I showed you before on the power supply and so now we can actually take a look and of how this runs and let it run and basically watch the oscilloscope instead so what I'm going to do is I'm going to connect my oscilloscope really quick and I'm going to connect it to the output wire which is going to be this guy over here and I'm also going to so I also will need a ground for the oscilloscope so let's connect that and finally so we have the ground good to go and finally we also probably want to connect a reset so for that we'll also want a ground and we'll make sure the other signal is blue just to just to be nice and matching so let's connect it and so let me show you these connections were real quick just cuz I'll start the that I'll start the Python script that part is not all that exciting so I'm gonna connect the ground so let's just use the grounds that we have right here on the FPGA because they're easy to get to and finally we need to connect this and reset signal so the reset signal is this white wire right here I'm gonna be lazy I'm gonna extend this reset wire basically make it longer I'm gonna add another male-to-female to it and that means that in between I can clip on I can clip on the probe so let's connect this guy right here to the reset signal so should be good to go so now let's switch to the Soraa scope and let me actually start the script so that we see stuff so I'm going to hit control ax but I'm just gonna start the script all right so now let's configure our trigger really quickly so let's get rid of this guy in this guy because we know there's nothing there and let's set our mode to auto initially and let's make sure that let's figure out which channel we're actually triggering on so we're triggering off a channel for let's set it to let's do it to channel let's do it on channel 2 channel 2 and so now let's figure out where our level is so here we go so what is that let's get rid of this money right here and we can see the trigger right there so now if we zoom in we can see so the blue signal right now on the screen the blue signal is is the reset signal so hopefully that's coming coming across a little bit so it is I am I am moving it around so let's switch back I think the compression was was killing it so so it is it was still running so let's make sure we didn't lose it so there we go so it should be should be updating on the on the screen so let's go back there we go so it's something on the screen so you can see just the little bit of jiggling that it's doing it means it's actually it's actually updating so let's take a look so we show also have the glitch signal so the now the glitch signal currently we still haven't connected the we still haven't connected we're missing a limb or signal which is the actual VCC select so that's on pin 34 so I'll show you me connecting that signal right here so right now we're going to connect this green wire we're going to connect to pin 34 so 34 fortunately is this get it right here should beat this guy on the second header so let's take a look so let me just make sure so yeah I owe 30 4 so that should be good and there you go I already see it so we're gonna head over to here on the oscilloscope we're gonna head over to here and so if you look the blue signal you'll see there's a dip and that's the reset and this is our actual glitch signal so you can see right here so what's happening is the Boyd's power cycling and then we're dipping the voltage at different points in time and just letting them run and so you can actually see this going across the screen we can move this guy down a little bit make it a little bit bigger just so that everyone can see it so you can see the voltage it's dipping from approximately 1 point 6 volts to lower and we're just going across and so let me just briefly for completeness I'll show you what the Python script is doing as well because once you've seen the glitch actually work on the oscilloscope you actually want to see a Python script running so let's go over to here and you'll see the Python scripts running the entire time so let's even go to a full screen so one thing that you can actually do so I'm not going to touch it so much but one thing to actually do is you can lower the voltage and just see where the limit of the system is so I'm gonna start lowering the voltage a little bit and you'll see that at some point it'll we'll just get complete garbage and so essentially right there that means we've gone too low on the voltage otherwise we'll just let it run so usually with this kind of board the values where it's successfully well we'll succeed a glitch the board will be about fifty four hundred something like that I mean it depends on the voltage a little bit but right around that value very rarely do you have to run multiple times for it to actually for it to actually output something or for it to actually crash but essentially you just let it run like this and eventually it finds the correct position so I'm going to check the chat which I haven't been doing during this session and let's take a look so I mean if there are any questions I'd be welcome to to entertain some otherwise we'll just take a take a look at this running so whichever I don't know it's more interesting the Python output so maybe I'll just comment on the Python output really quickly so the first number is the actual delay in clock cycles of the FPGA the second number is the width so that's how many clock cycles were holding the line low and we're iterating over this many times in a row and just letting it run until we find the correct position so I'm very rarely we might have missed it at the beginning where we didn't have all of the connections but I'm pretty confident we're still gonna this is still gonna succeed it just hasn't hit the right value yet so we're just gonna let it run and it will eventually succeed and this is a so I saw so there we go you see expected one so what it's actually checking is this checking the UI output of the device is checking the you write output that it gets back from running this script against the device every single time it says shooing a read command and checking whether it got a zero or one because we know that the case where it succeeds it will actually return a zero and wherever it fails it will return at 19 but 19 of course starts with or one so that's the output that we're checking so if I was to connect over Pico calm right now I could do are 0-4 fortunately I also have a script it's called dumb PI so this just a script which actually converts the UU encoded data and dumps lets us dumb the the binary that's on there so I'm going to run it and you can see we're dumping the binary it's working so we've succeeded to boot the chip in such a mode where we've defeated its security and now we're able to pull the firmware off of there so if this was I mean so basically when we just did is we took a device which had no security set we set the security and we kind of practiced the attack against this family of microcontrollers and we did it all in however many minutes have been going but so essentially we've done our homework so now if we ever come across an NX PL PC and I can tell you from experience this applies to NXT LPC 17 m XP LPC 13 I mean basically every NXT LPC is susceptible to this because they all share this low-level code in the boot ROM which and this little vulnerability that you can find using for example goodra to figure out what's going on inside of there and so I mean I can show you the most interesting thing is if I hit ctrl C and I scroll back if you recall the values that we are actually setting are 1 2 3 4 5 6 7 8 8 7 6 5 4 3 2 1 so in this case it should be 1 2 3 4 5 6 7 8 because I set it to CRP 1 so I programmed I put a binary on there that is 1 2 3 4 5 6 7 8 so if I go to 2 FC we can check which word is actually written to that location and oh I scrolled past it so here you go right here so you can see at 2 FC we have 1 2 3 4 5 6 7 8 so even though this device is secure even though the actual physical context of flash have the correct value at the moment a time at which would booted byte toggling by playing with the voltage and ensuring that that the system rooted in an unstable state we did is we made sure that the single read word checks that value in the bootrom it read something else so what might have written read from the flash well maybe it would 0 2 3 4 5 6 7 8 something like that maybe it corrupted the 8 I don't know which bit it corrupted all I know is that it read some value which was not one of the 4 values that walked advice and how do I know that because the device managed to boot in a state where we were able to get into it and dump its contents so we somehow corrupted this value at the one point of time at which it gets read during boot so yeah so I think that's like a very short intro to glitching I did see there's a couple questions in chat so I'm gonna switch to that really quickly so let me let me do that so I'm gonna stop sharing and then switch back to the camera if you guys have any any questions for me so I did see the first question so let me let me grab just because I had slack open on this machine so so the first question was the 49:19 so I'm using the I believe it's I always forget this is a 46:17 I think is what I'm using I'll get back to you in the chat if you I'm I'm unsure right now and what the like it's I can't read directly off the chip but it does have so the question was it has quite a bit of resistance and so the answer is yes it does have quite a bit of resistance but this actually isn't an issue for glitching because all we need to do is to make sure that the power that's actually arriving at the device is so low that it's corrupting this I mean it's corrupting the value all you're going to do is to make sure that we're pulling the low voltage low enough to where it fails to read this single value correctly so even though it has a high resistance something like a microcontroller since it pulls so little current it won't actually have a issue or running it won't actually have an issue with something something like this so not to worry and then finally the so there was another question you have the fpga connect to the reset pin to the power supply by the multiplexer with a Python script you interface with a FPGA over you are and very good delay of the width of the glitch so yes all parts of that statement were correct so when you can actually do with the FPGA so if I switch so what's actually happening is I'm implementing I'm implementing on the FPGA on the on the actual FPGA I'm implementing a state machine which is parsing its command which sets the delay in the width and but basically we have the good fortune of the microcontroller so the red board were actually glitching this red board is so this red board actually has so this red board also uses york so all we need is UART to communicate to the FPGA and can communicate to the to the microcontroller board so moreover in our case the microcontroller board actually has a additional feature which is it only uses because it uses you your encoding you'll see that there's no binary data that falls into essentially valid encoding so what that means is you can send data directly through the FPGA as long as it's it has essentially a non printable bite in front of it and then you can process these special bytes to issue commands to the FPGA to basically tell the state machine hey this is a configurator the next two or three bytes are configuration bytes take that configuration load them into the registers of the state machine and basically how about it so I mean this is kind of getting into the kind of stuff that we teach in some of our classes I mean this is this is an assignment that we would normally do from scratch and let everyone implement this and and basically do it but just to give you a feeling for it using the correct programming language ie very log this is only let's say maybe 50 lines of code something like that so it's a very little code that you actually need to implement and the PJ just because it's essentially a state machine with two counters so would the nxp PN five four seven visas have to willabus so I'm not familiar with that one I mean this is really the the issue here is that nxp uses this I mean which is typical for a company making embedded microcontrollers they a lot of times so let me just set that aside a lot of times they'll use the exact same bootrom across multiple devices so though right at once and then use it in every single member of the family and so that's the biggest issue that we're seeing right here so basically every on xbl PC doesn't matter whether it's automotive whether it's used in planes what-have-you they're all gonna be susceptible to this I mean I've seen there's a substantial amount of like you speed devices that also use them I mean they're not as popular as the STM 32s but they are popular nonetheless so those kinds of devices have them as well yeah I mean so but if you're looking at larger devices I mean there's it's it's an interesting question so if you're talking about something like an SOC ironically ironically the more complex the system is the easier it is to pull off an attack like this so if you look I mean some people think that even the iPhone glitches were initially found using glitching similar to what we're doing here additionally there's been work for example against the stm32 so the stm32 is actually an interesting example because the stm32 uses an internal power supply which is in that sense it's fairly similar to what you would see on larger devices so let's say an armed SOC or something like that so basically you also have to deal with all the things related to having an external power supply and internal power supply I mean ultimately that's the the biggest issue that you'll you'll have when you're glitching or China applied this attack to two larger devices so if you are actually looking to try this out against something like an SOC or something like that I recommend you start with I mean that seemed xxx is probably the best example we've come across just because they assume thirty-two especially the f2 I mean the f2 I can say just because Thomson I did a talk at CCC about glitching the stm32 f2 with Ellen's particularly easy once you know all the tricks but it's also very close to what you would see in a larger device like a SOC so let me check chat one more time but if not I think that pretty much covers it so at least a second ago is the last question so yeah so that's pretty much it so I so if if you guys are interested in this stuff I mean whether whether that's doing stuff on the FPGA so doing stuff on the FPGA or so whatever yet so if you guys are interested in this stuff whether that's doing it on the FPGA or it's doing it doing the kind of stuff that Thomas was showing in goodra then make sure to check us out so and you guys can feel free to use hack in the box as a discount code or register for some of our classes I will be happy to see you there and to show some of this stuff when you're when are you doing one of our classes and specifically I mean whether that was the stuff that Thomas was showing today with SPD loader or this kind of stuff I mean that's what that's the kind of what you're we cover in our trainees so thank you for listening in on this one cool thank you very much

Info

Channel: Hack In The Box Security Conference

Views: 4,076

Rating: undefined out of 5

Keywords: hitb, hitbsecconf, hackinthebox, ghidra, hitblockdown, livestream, virtual lab, thomas roth, Dmitry Nedospasov

Id: U70unElrYbs

Channel Id: undefined

Length: 90min 36sec (5436 seconds)

Published: Sat Jun 06 2020