ST201: ST16601 Smartcard Teardown
ST SmartCards 201 – Introduction to the ST16601 Secure MCU This piece is going to be split into two articles- The first being this article is actually a primer on all of the ST16XYZ series smartcards using this type of Mesh technology. They have overgone a few generations. We consider this device to be a 3rd generation. In a seperate article yet to come, we are going to apply what you have read here to a smartcard used by Sun Microsystems, Inc. called Payflex. From what we have gathered on the internet, they are used to control access to…
Infineon SLE4442
The SLE4442 has been around for a long time. Spanning a little more than 10 years in the field, it has only now began to be replaced by the newer SLE5542 (We have analyzed this device too and will write up an article soon). It is basically a 256 byte 8 bit wide EEPROM with special write protection. In order to successfully write to the device, you need to know a 3 byte password called the Programmable Security Code (PSC). The code is locked tightly inside the memory area of the device and if you…
The KEYLOK USB Dongle. Little. Green. And dead before it was born!
We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI). Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating. The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(. The backside consists of two tracks…
Atmega169P (Quick Peek)
We were curious if Atmel has finally shrunk the AVR series smaller than the current 350nm 3 metal layer process. Their main competitors (Microchip) have began showing 350nm 4 metal layer devices and Atmel has a few new product lines out (CAN, Picopower, and USB featured devices). We chose to examine their picoPower line of AVR’s since they claim true 1.8v operation. The only picoPower device in stock from Digikey was the ATMEGA169P. We used the 64 pin…
Safenet iKey 1000 In-depth Look Inside
We received a lot of attention from our previous article regarding the iKey 2032. We present to you a teardown of a lesser, weaker Safenet, Inc. iKey 1000 series USB token. We had two purple iKey 1000 tokens on hand that we took apart-Cypress 24 pin CY7C63001/101 type USB controller is a likely candidate underneath the epoxy above Cypress’ USB controllers run from a 6 Mhz oscillator and an 8 pin SOIC EEPROM might be beneath this smaller epoxy area Once we took our initial images…
In retrospect – A quick peek at the Intel 80286
We thought we would mix the blog up a little and take you back in time. To a time when the fastest PC’s ran at a mere 12 Mhz. The time was 1982. Some of us were busy trying to beat Zork or one of the Ultima series role-playing games. You were lucky to have a color monitor on your PC back then. We happen to have a 1982 era Siemens 80286 If anyone is interested in donating any old devices such as an i4004 or i8008,…
Unmarked Die Revisions :: Part II
[NOTE- This article will describe a process known as “Wet-Etching“. Wet-etching is a process that can be very dangerous and we do not recommend anyone reading this try it unless you know what you are doing and have the proper equipment. The chemicals required such as Hydrofluoric Acid (HF) attack bone marrow. HF is painless until several hours later when it’s too late to take proper action so please be careful and be responsible. ] Previously we discussed noticing Microchip making changes…
Safenet iKey 2032 In-depth Look Inside
Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc. The one we opened was in a blue shell. Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, and digital signing applications.” As well, the brochure the link above takes you too states, iKey 2032s small size and rugged, tamper resistant construction, make it easy to carry so users can always have their unique digital entities with them.” Now we’re not really…
Decapsulated devices
Recently at Toorcon9 (www.toorcon.org), some individuals asked to see images of decapsulated parts still in their packages. I dug around and came up with some examples. Click on any of the pictures for a larger version. Above: Dallas DS89C450 Above: Microchip dsPIC30F6013 Using our proprietary procedures, all parts remain 100% functional with no degradation after exposing the substrate.
Unmarked Die Revisions :: Part I
We have noticed a few different die revisions on various Microchip’s substrates that caught our attention. In most case when a company executes any type of change to the die, they change the nomenclature slightly. An example is the elder PIC16C622. After some changes, the later part was named the PIC16C622A and there was major silicon layout changes to the newer ‘A’ part. The PIC16C54 has been through three known silicon revs (‘A’ – ‘C’) and has now been replaced by the PIC16F54. However, we’ve noticed two different devices from them (PIC12F683…