RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | February 7, 2008

AT90S8515 – Legacy!

Some people asked for some of those older Atmel parts after seeing the MEGA88 and ATMEGA169 teardowns. Here’s a quick one on the AT90S8515. It’s still very popular even though it’s been replaced by the MEGA8515. It’s built on a larger process and it’s not planarized (.50um and below are planarized but you may find some .50um non-planarized) 8KB Flash, 512 Byte SRAM, 512 Byte EEPROM with 32 working registers. That’s sooo nice! 4x faster than the typical PIC. There was a mistake in the above picture too when we…

Blogs | INSIGHTS | January 24, 2008

ATMEGA88 Teardown

An 8k FLASH, 512 bytes EEPROM, 512 bytes SRAM CPU operating 1:1 with the external world unlike those Microchip PIC’s we love to write up about :). It’s a 350 nanometer (nm), 3 metal layer device fabricated in a CMOS process.  It’s beautiful to say the least;  We’ve torn it down and thought we’d blog about it! The process Atmel uses on their .35 micrometer (um) technology is awesome. Using a little HydroFluoric Acid (HF) and we partially removed the top metal layer (M3).  Everything is now clearly visible for our…

IOActive
Blogs | INSIGHTS | January 22, 2008

Security Mechanism of PIC16C558,620,621,622

Last month we talked about the structure of an AND-gate layed out in Silicon CMOS.  Now, we present to you how this AND gate has been used in Microchip PICs such as PIC16C558, PIC16C620, PIC16C621, PIC16C622, and a variety of others. If you wish to determine if this article relates to a particular PIC you may be in possession of, you can take an windowed OTP part (/JW) and set the lock-bits.  If after 10 minutes in UV, it still says it’s locked, this article applies to your…

IOActive
Blogs | INSIGHTS | December 29, 2007

AND Gates in logic

As we prepare for the New Year, we wanted to leave you with a piece of logic taken out of an older PIC16C series microcontroller. We want you to guess which micro(s) this gate (well the pair of them) would be found in. After the New Year, we’ll right up on the actual micro(s) and give the answer :). An AND gate in logic is basically a high (logic ‘1’) on all inputs to the gate. For our example, we’re discussing the 2 input AND. It should be noted that…

IOActive
Blogs | INSIGHTS | December 17, 2007

ST201: ST16601 Smartcard Teardown

ST SmartCards 201 – Introduction to the ST16601 Secure MCU This piece is going to be split into two articles- The first being this article is actually a primer on all of the ST16XYZ series smartcards using this type of Mesh technology.  They have overgone a few generations.  We consider this device to be a 3rd generation. In a seperate article yet to come, we are going to apply what you have read here to a smartcard used by Sun Microsystems, Inc. called Payflex.  From what we have gathered on the internet, they are used to control access to…

IOActive
Blogs | INSIGHTS | December 1, 2007

Infineon SLE4442

The SLE4442 has been around for a long time.  Spanning a little more than 10 years in the field, it has only now began to be replaced by the  newer SLE5542 (We have analyzed this device too and will write up an article soon). It is basically a 256 byte 8 bit wide EEPROM with special write protection.  In order to successfully write to the device, you need to know a 3 byte password called the Programmable Security Code (PSC).  The code is locked tightly inside the memory area of the device and if you…

IOActive
Blogs | INSIGHTS | November 15, 2007

The KEYLOK USB Dongle. Little. Green. And dead before it was born!

We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI). Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating. The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(. The backside consists of two tracks…

IOActive
Blogs | INSIGHTS | November 13, 2007

Atmega169P (Quick Peek)

We were curious if Atmel has finally shrunk the AVR series smaller than the current 350nm 3 metal layer process. Their main competitors (Microchip) have began showing 350nm 4 metal layer devices and Atmel has a few new product lines out (CAN, Picopower, and USB featured devices). We chose to examine their picoPower line of AVR’s since they claim true 1.8v operation. The only picoPower device in stock from Digikey was the ATMEGA169P. We used the 64 pin TQFP package for…

IOActive
Blogs | INSIGHTS | November 3, 2007

Safenet iKey 1000 In-depth Look Inside

We received a lot of  attention from our previous article regarding the  iKey 2032. We  present to you a teardown of a lesser, weaker Safenet, Inc. iKey 1000 series USB token. We had two purple iKey 1000 tokens on hand that we took apart-Cypress 24 pin CY7C63001/101 type USB controller is a likely candidate underneath the epoxy above   Cypress’ USB controllers run from a 6 Mhz oscillator and an 8 pin SOIC EEPROM might be beneath this smaller epoxy area   Once we took our initial images…

IOActive
Blogs | INSIGHTS |

In retrospect – A quick peek at the Intel 80286

We thought we would mix the blog up a little and take you back in time.  To a time when the fastest PC’s ran at a mere 12 Mhz.  The time was 1982.  Some of us were busy trying to beat Zork or one of the Ultima series role-playing games.  You were lucky to have a color monitor on your PC back then. We happen to have a 1982 era Siemens 80286 If anyone is interested in donating any old devices such as an i4004 or i8008,…

IOActive

Commonalities In Vehicle Vulnerabilities

With the connected car becoming commonplace in the market, vehicle cybersecurity continues to grow more important every year. At the forefront of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity threats today’s vehicles face.

Access the White Paper