RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | February 14, 2010

Infineon / ST Mesh Comparison

Given all the recent exposure from our Infineon research, we have had numerous requests regarding the ST mesh architecture and how Infineon’s design compares to the ST implementation. Both devices are a 4 metal ~140 nanometer process.  Rather than have us tell you who we think is stronger (it’s pretty obvious), we’d like to see your comments on what you the readers think! The Infineon mesh consists of 5 zones with 4 circuits per zone.  This means the surface of the die is being covered by 20 different electrical circuits. The ST mesh…

IOActive
| INSIGHTS | February 12, 2010

We are now on Twitter too!

We probably should have been tweeting (sic?) for some time now but we are finally doing it! You can join/follow us here: http://twitter.com/semiconduktor As well, you can always get to Flylogic through Semiconduktor.com or Semiconduktor.net :).

Blogs | INSIGHTS | January 13, 2009

Blackhat USA 2009 Poll – Rev Eng Class

During last years Blackhat and Defcon conferences, several individuals asked me about possibly giving classes on the security model of commonly found microcontrollers.  Jeff Moss’ group setup a poll here.  Given today’s Silicon technology has become so small yet so large, it would be best to determine which architecture and which devices everyone is most interested in.  The current poll will determine which brand micro to target (Atmel AVR or Microchip PIC) and after this is decided, we will need more input to narrow the…

IOActive
Blogs | INSIGHTS | February 13, 2008

Atmel CryptoMemory AT88SC153/1608 :: Security Alert

A “backdoor” has been discovered by Flylogic Engineering in the Atmel AT88SC153 and AT88SC1608 CryptoMemory. Before we get into this more, we want to let you know immediately that this backdoor only involves the AT88SC153/1608 and no other CryptoMemory devices. The backdoor involves restoring an EEPROM fuse with Ultra-Violet light (UV).  Once the fuse bit has been returned to a ‘1’, all memory contents is permitted to be read or written in the clear (unencrypted). Normally in order to do so, you need to either authenticate to the device or…

IOActive
Blogs | INSIGHTS | January 22, 2008

Security Mechanism of PIC16C558,620,621,622

Last month we talked about the structure of an AND-gate layed out in Silicon CMOS.  Now, we present to you how this AND gate has been used in Microchip PICs such as PIC16C558, PIC16C620, PIC16C621, PIC16C622, and a variety of others. If you wish to determine if this article relates to a particular PIC you may be in possession of, you can take an windowed OTP part (/JW) and set the lock-bits.  If after 10 minutes in UV, it still says it’s locked, this article applies to your…

IOActive
Blogs | INSIGHTS | December 29, 2007

AND Gates in logic

As we prepare for the New Year, we wanted to leave you with a piece of logic taken out of an older PIC16C series microcontroller. We want you to guess which micro(s) this gate (well the pair of them) would be found in. After the New Year, we’ll right up on the actual micro(s) and give the answer :). An AND gate in logic is basically a high (logic ‘1’) on all inputs to the gate. For our example, we’re discussing the 2 input AND. It should be noted that…

IOActive
Blogs | INSIGHTS | November 3, 2007

Safenet iKey 1000 In-depth Look Inside

We received a lot of  attention from our previous article regarding the  iKey 2032. We  present to you a teardown of a lesser, weaker Safenet, Inc. iKey 1000 series USB token. We had two purple iKey 1000 tokens on hand that we took apart-Cypress 24 pin CY7C63001/101 type USB controller is a likely candidate underneath the epoxy above   Cypress’ USB controllers run from a 6 Mhz oscillator and an 8 pin SOIC EEPROM might be beneath this smaller epoxy area   Once we took our initial images…

IOActive
Blogs | INSIGHTS |

In retrospect – A quick peek at the Intel 80286

We thought we would mix the blog up a little and take you back in time.  To a time when the fastest PC’s ran at a mere 12 Mhz.  The time was 1982.  Some of us were busy trying to beat Zork or one of the Ultima series role-playing games.  You were lucky to have a color monitor on your PC back then. We happen to have a 1982 era Siemens 80286 If anyone is interested in donating any old devices such as an i4004 or i8008,…

IOActive
Blogs | INSIGHTS | October 30, 2007

Safenet iKey 2032 In-depth Look Inside

Chances are you have probably seen one of these little USB based tokens made from  Safenet, Inc. The one we opened was in a blue shell.   Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, and digital signing applications.” As well, the brochure the link above takes you too states,  iKey 2032s small size and rugged, tamper resistant construction, make it easy to carry so users can always have their unique digital entities with them.” Now we’re not really…

IOActive
Blogs | INSIGHTS | October 26, 2007

Decapsulated devices

Recently at Toorcon9 (www.toorcon.org), some individuals asked to see images of decapsulated parts still in their packages. I dug around and came up with some examples. Click on any of the pictures for a larger version.     Above: Dallas DS89C450     Above: Microchip dsPIC30F6013 Using our proprietary procedures, all parts remain 100% functional with no degradation after exposing the substrate.

IOActive

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)