journal   |   photos   |   hobbies   |   projects   |   about
San Diego Picture Post
October 18, 2007

On Wednesday morning, I flew to San Diego to take part in a workshop on silicon reverse engineering. I intentionally took the early flight out, leaving at 0600h and arriving in California at 0930. This left most of the rest of the day to hang out with Ben, a friend who I hadn't seen since college. He had the day off from work, which apparently involves oncology, so the two of us drove up into the mountains and did a quick hike up to the summit of Mt. Gardner.


Colson at the summit. The coastal fog/low clouds got right up to where we were and then disappeared.

I hiked briefly on the Pacific Crest Trail, the views were great, and there was a lot of wind.


A LOT of wind.

Today was the workshop, during which we examined how one might attack a "cryptographically secure" EEPROM to retrieve the wooo secret contents (actually, in this case, we were writing to the password-protected memory region). The chip in question for this exercise was an Infineon (formerly Siemens) part frequently used in smart cards.


Like this one, for instance.

The course instructors, one of whom was Bunnie, a friend of mine from MIT, had taken the liberty of cutting up a few smart cards, retrieving the dice, and rebonding them into 8-pin DIP packages to make them easier to work with. But first, they took some ultra-high resolution photographs of the die and blew them up into posters for us to examine closeup.


All the CMOS you can eat.

We did a quick crash course on how to identify different types of gates in photos of dice like this, how they go about decapsulating a die from its package, and how you might go about finding and exploiting security weaknesses based on what you see. The end result for this particular chip was that you could write to it if you had the right password, and by grounding a particular trace on the die, the chip would always think you had the right password--furthermore, it would allow you to read the memory locations that held the password. A very simple (and ghetto) apparatus was assembled to apply ground to the correct location:


Not expensive.

The little probe needle is less than one micron across at the end. A 3D micrometer positioning system was used to get it into the correct spot while looking down at the die through a microscope.


Teeny.

Grounding the right pad triggered the correct nMOS transistor which, in turn, signaled the data latch that the chip was in a mode that should allow the reading of the password memory address. Then we just passed the normal commands to the chip through the serial interface pin (rigged up with an 8bit Atmel MCU to act as a poor-man's smart card reader), and the chip happily spit out its secret encrypted password. At that point, it was possible to remove the probe and write to the card as normal, since we now had the correct password. In the case of the Kinkos/FedEx copy card that this chip came from, the lack of real security could result in... <dramatic chord> stolen photocopies. But consider that chips like this are also showing up in your credit cards, and perhaps you'll have a moment of pause.



All content © 1995-2005 Mouser Williams / mouser.org