RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | March 20, 2011

Blackhat TPM Talk Follow-up

Since speaking at BlackHat DC 2009, there have been several inquiries in regards to the security of the SLE66PE series smartcard family. Here are some issues that should be pointed out: We have heard, “..it took 6 months to succeed..“ The reality is it took 4 months to tackle obsticles found in any <200nm device such as: Capitance/load of probe needles when chip is running.Powering the device inside the chamber of a FIB workstation.Level-shifting a 1.8v core voltage following what we learned in #1 above.Cutting out metal layers without creating electrical shorts.Other more…

Cesar Cerrudo
Blogs | INSIGHTS | August 9, 2010

Atmel ATMEGA2560 Analysis (Blackhat follow-up)

At this years Blackhat USA briefings, the ATMEGA2560 was shown as an example of an unsecure vs. secure device.  We have received a few requests for more information on this research so here it goes… The device did not even need to be stripped down because of designer lazyness back at Atmel HQ.  All we did was look for the metal plates we detailed back in our ATMEGA88 teardown last year and quickly deduced which outputs were the proper outputs in under 20 minutes. Atmel likes to cover the AVR…

Cesar Cerrudo
Blogs | INSIGHTS | August 7, 2010

Parallax Propeller P8X32A Quick Teardown

Parallax has a really neat 8 core 32 bit CPU called the ‘Propeller’.  It’s been out for a few years but it is gaining popularity.  There is no security with the device as it boots insecurely via a UART or I2C EEPROM.  None the less, we thought it was interesting to see an 8 core CPU decapsulated! One can clearly see 8 columns that appear almost symmetric (except in the middle region).  The upper 8 squares are each ‘cogs’ 512 * 32 SRAMs as described in the…

Cesar Cerrudo
Blogs | INSIGHTS | August 6, 2010

Echostar v NDS appellate court ruling update

Normally, I would not mix non-technical with the blog however I thought this deserved a little more attention that it has received. The ruling which states that NDS has won the lawsuit, vindicates myself and puts Echostar owing NDS almost 18,000,000.00 USD has come down as of 2 days ago. As well I thought it nice to mention that neither Flylogic nor myself works for/or with Echostar, Nagra, NDS or any other conditional access company in any way or form. I wish all persons whom this lawsuit  effects the best…

Christopher Tarnovsky
Blogs | INSIGHTS | February 14, 2010

Infineon / ST Mesh Comparison

Given all the recent exposure from our Infineon research, we have had numerous requests regarding the ST mesh architecture and how Infineon’s design compares to the ST implementation. Both devices are a 4 metal ~140 nanometer process.  Rather than have us tell you who we think is stronger (it’s pretty obvious), we’d like to see your comments on what you the readers think! The Infineon mesh consists of 5 zones with 4 circuits per zone.  This means the surface of the die is being covered by 20 different electrical circuits. The ST mesh…

IOActive
Blogs | INSIGHTS | February 12, 2010

We are now on Twitter too!

We probably should have been tweeting (sic?) for some time now but we are finally doing it! You can join/follow us here: http://twitter.com/semiconduktor As well, you can always get to Flylogic through Semiconduktor.com or Semiconduktor.net :).

Blogs | INSIGHTS | December 5, 2009

Volunteers to help cleanup WordPress problems?

Whenever the blog is enabled, spammers are able to deface the main pages index.html file replacing it with hundreds of spam links to software. The only way we can stop it is to stop the blog. We’ve tried cleaning the blog up but they still get in somehow through WordPress :(. If you think you can help us, please email tech at flylogic.net Thanks!

IOActive
Blogs | INSIGHTS | January 13, 2009

Blackhat USA 2009 Poll – Rev Eng Class

During last years Blackhat and Defcon conferences, several individuals asked me about possibly giving classes on the security model of commonly found microcontrollers.  Jeff Moss’ group setup a poll here.  Given today’s Silicon technology has become so small yet so large, it would be best to determine which architecture and which devices everyone is most interested in.  The current poll will determine which brand micro to target (Atmel AVR or Microchip PIC) and after this is decided, we will need more input to narrow the…

IOActive
Blogs | RESEARCH | January 8, 2009

Intel 4004

Before going deeper into the analysis of today’s chips, we will take a quick journey to where it all began: the Intel 4004, world’s first widely-used microprocessor. The 4004 and most other antiquated chips differ from modern chips in two main characteristics: They only use a single type of transistor (PMOS or NMOS) and each logic gate is custom-designed to best utilize the available area — an inevitable optimization for chips built from transistors about 150x larger than those used in their modern descendants. Each of the gates is composed…

IOActive
Blogs | INSIGHTS | September 13, 2008

Reverse-Engineering Custom Logic (Part 1)

Today we are taking you one step deeper into a microchip than we usually go. We look at transistors and the logic functions they compose, which helps us understand custom ASICs now found in some secured processors. To reverse-engineer the secret functionality of an ASIC, we identify logic blocks, map out the wiring between the blocks, and reconstruct the circuit diagram. Today, we’ll only be looking at the first step: reading logic. And we start with the easiest example of a logic function: the inverter. To read logic, you first…

IOActive