Cracking Hardware

2

What is hardware

● Silicon die● Transistors● Memory cells● Other stuff● Wires

3

Why crack hardware?

● Steal firmware to make clones● Rewrite certain values● Steal user data● Use free firmware● Intercept IoT communications● Hijack quadcopters● Fun

4

Myths

● High difficulty● High equipment cost● High time consumption● (proper defence turns myths into reality)

5

ChipWhisperer - 200$

6

A few revelations

● Pointers exist● Data buses exist● Power lines exist● Clocking exists● Hardware executes programs● Code does not exist outside of hardware

7

Attacks

8

Physical manifestations of codeNon-intrusive attack vectors

● Time consumption● Power consumption● Radio emission● Photon emisison● Electron storage

➞ Timing attacks

➞ Power analysis

➞ Van Eck phreaking

➞ Microscope

➞ Memory retention

9

Timing attacks

● Commonly used algorithms take shortcuts● Most algorithms use branching● Can be executed remotely

● Easiest target: Naive password● Best target: HMAC● Tricky target: RSA

10

Power analysis

● Transistors consume power when they switch● Wires have capacitance and inductance● Simple operations utilize less transistors

● Targets: any software crypto implementations● Tricky targets: any hardware crypto

implementations

11

Simple power analysis

● Timing attack, but visualized● Easily prevented with proper implementation● Allows reverse-engineering to some degree

12

SPA on exponentiation in RSA

13

Differential power analysis

● Usually, many traces can be taken● Traces can be time-aligned with each other● Operations use different amount of power on

different input● Differences can be statistically analyzed● Proper crypto implementation would not help

14

Photon emission

15

Electron storage

● External memory can be read by anyone● Volatile memory is not so volatile● Memory content is usually preserved on resets● Cells have limited resource

16

Software defence

● Random data - best crypto● Use only proper crypto● Write attempts before checking● Use hashing, if possible● Constant time comparison● Corrupt before write● No naive writes● No naive branching

17

Clock glitching

18

Power glitching

19

EM-pulse

● Requires some knowledge of topology● Can be precise and reproducible● Low level of intrusion

20

Decapping

21

Optical fault injection

22

Voltage contrast & Microprobbing

23

Hardware defence

● Know your vendor● Decapping-proof cases● Use modern technology● crack ur self● Make your own hardware!● Decap your own chips and remove redundant stuff!● Cover your PCB in a self-igniting material!

24

Dumb stuff

● Backdoors● Memory protection routines● Using external memory● FPGA bit streams

25

Everyone is vulnerable

● X-Box 360 — HMAC, memcmp timing attack● Yubikey 2 — RSA key leakage, DPA ● Atmel XMEGA — AES hardware implementation, DPA● AMD — forgot to add header length for SMU firmware

signing● ProASIC3 — thought nobody could break their

backdoor key● Apple — FBI cracked that encrypted phone

26

Conclusions

● Customer hand — enemy land● Hardware developer should be paranoid● Proper crypto implementation is not enough● Surviving long enough is enough● Consider making your firmware free

27

KOHCTPYKTOP: Engineer of the People

28

TIS-100