RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | November 15, 2007

The KEYLOK USB Dongle. Little. Green. And dead before it was born!

We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI). Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating. The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(. The backside consists of two tracks…

IOActive
Blogs | INSIGHTS | November 13, 2007

Atmega169P (Quick Peek)

We were curious if Atmel has finally shrunk the AVR series smaller than the current 350nm 3 metal layer process. Their main competitors (Microchip) have began showing 350nm 4 metal layer devices and Atmel has a few new product lines out (CAN, Picopower, and USB featured devices). We chose to examine their picoPower line of AVR’s since they claim true 1.8v operation. The only picoPower device in stock from Digikey was the ATMEGA169P. We used the 64 pin TQFP package for…

IOActive
Blogs | INSIGHTS | November 3, 2007

Safenet iKey 1000 In-depth Look Inside

We received a lot of  attention from our previous article regarding the  iKey 2032. We  present to you a teardown of a lesser, weaker Safenet, Inc. iKey 1000 series USB token. We had two purple iKey 1000 tokens on hand that we took apart-Cypress 24 pin CY7C63001/101 type USB controller is a likely candidate underneath the epoxy above   Cypress’ USB controllers run from a 6 Mhz oscillator and an 8 pin SOIC EEPROM might be beneath this smaller epoxy area   Once we took our initial images…

IOActive
Blogs | INSIGHTS |

In retrospect – A quick peek at the Intel 80286

We thought we would mix the blog up a little and take you back in time.  To a time when the fastest PC’s ran at a mere 12 Mhz.  The time was 1982.  Some of us were busy trying to beat Zork or one of the Ultima series role-playing games.  You were lucky to have a color monitor on your PC back then. We happen to have a 1982 era Siemens 80286 If anyone is interested in donating any old devices such as an i4004 or i8008,…

IOActive
Blogs | INSIGHTS | November 1, 2007

Unmarked Die Revisions :: Part II

[NOTE- This article will describe a process known as “Wet-Etching“.  Wet-etching is a process that can be very dangerous and we do not recommend anyone reading this try it unless you know what you are doing and have the proper equipment. The chemicals required such as Hydrofluoric Acid (HF) attack bone marrow.  HF is painless until several hours later when it’s too late to take proper action so please be careful and be responsible. ] Previously we discussed noticing Microchip making changes…

IOActive
Blogs | INSIGHTS | October 30, 2007

Safenet iKey 2032 In-depth Look Inside

Chances are you have probably seen one of these little USB based tokens made from  Safenet, Inc. The one we opened was in a blue shell.   Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, and digital signing applications.” As well, the brochure the link above takes you too states,  iKey 2032s small size and rugged, tamper resistant construction, make it easy to carry so users can always have their unique digital entities with them.” Now we’re not really…

IOActive
Blogs | INSIGHTS | October 26, 2007

Decapsulated devices

Recently at Toorcon9 (www.toorcon.org), some individuals asked to see images of decapsulated parts still in their packages. I dug around and came up with some examples. Click on any of the pictures for a larger version.     Above: Dallas DS89C450     Above: Microchip dsPIC30F6013 Using our proprietary procedures, all parts remain 100% functional with no degradation after exposing the substrate.

IOActive
Blogs | INSIGHTS |

Unmarked Die Revisions :: Part I

We have noticed a few different die revisions on various Microchip’s substrates that caught our attention.  In most case when a company executes any type of change to the die, they change the nomenclature slightly.  An example is the elder PIC16C622.  After some changes, the later part was named the PIC16C622A and there was major silicon layout changes to the newer ‘A’ part. The PIC16C54 has been through three known silicon revs (‘A’ – ‘C’) and has now been replaced by the PIC16F54. However, we’ve noticed two different devices from them (PIC12F683…

IOActive

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)