Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc.
The one we opened was in a blue shell.
Safekey says, iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, and digital signing applications.”
As well, the brochure the link above takes you too states, iKey 2032s small size and rugged, tamper resistant construction, make it easy to carry so users can always have their unique digital entities with them.”
Now we’re not really sure what tamper resistant construction has to do with making things easy for a user to carry around but let’s get down to the good stuff.
We carefully decapsulated the epoxy covering the die buried inside the 24 pin SOIC part. What did we find? We found a Cypress CY7C63613
! We suspected it might be this part because of the pinout. This is why scratching off the top of the part does not always help. Even with the silkscreen scratched away, there are only a few possible candidates using this pinout. Additionally, this CPU is very common used in USB applications.
Once the CPU was decapsulated, we performed some tests on the device. After executing some tricks, the software contained internally was magically in our hands.
We looked for some type of copyright information in the software but all we found was the USB identifier string at address offset $3C0: i.K.e.y. .22.214.171.124
Now that we successfully analyzed the CPU, the protocol for communications to whatever is present under the epoxy is available to us. At this point, we believe it’s more than a serial EEPROM because this CPU is not strong enough to calculate asymmetric cryptographic
algorithms in a timely manner.
Next we carefully removed the die-bonded substrate from the PCB:
With the die-bonded device removed and a little cleanup, we can clearly see the bondout pattern for a die-bonded smartcard
IC. We can see VCC, RST, CLK, IO, and GND layed out according to the ISO-7816
standard which Flylogic Engineering are experts on.
After completely decapsulating the smartcard processor, we found a quite common Philips smartcard IC. We will call this part from now on the Crypto-Coprocessor (CCP).
The CCP fits into place on the PCB. It is glued down and then five aluminum wires were wedge-bonded to the PCB. Aluminum wedge-bonding was used so the PCB would not need to be heated which would help them cut down the time required on the assembly line.
In preparation for analysis, we had to rebond the CCP into a 24-pin ceramic dip (CDIP). Although we only needed five contacts rebonded, the die-size was too large to fit into the cavity of an 8-pin CDIP.
The CCP is fabricated by Philips. It appears to be a ~250nm, five metal layer technology based on the Intel 8051 platform. It contains 32k of EEPROM, two static ram areas and a ROM nested underneath a mesh made up of someone(s) initials (probably the layout designers).
This CPU (The CCP is also a CPU but acting as a slave to the Cypress CPU) is not secure. In fact, this CPU is also all over the globe in GSM SIM cards. The only difference is the code contained inside the processor.
Some points of interest:
Point #1- The ‘mesh’ protecting probing from the ROM’s databus outputs is NOT SECURE!
Point #2- A quick search on the internet and we came across a public document from when Philips tried to get this part or a part very close to this one common criteria certified. The document labels this assumed to-be part as a, “Philips P8WE5033V0F Secure 8-bit Smart Card Controller.“
Reading over this document, we find a block diagram on page 8.
“Security Sensors” as a block of logic. That’s ironic considering we opened a gaping hole in their “mesh” over the ROM and the processor still runs 100% functional.
Point #3- For such a “secure” device, Philips could have done a lot more. The designer’s were pretty careless in a lot of areas. Simply reconnecting the two tracks together will definately be helpful to an attacker. A Focused Ion-Beam Workstation can make bond-pads for those two tracks that we can then bond out to the CDIP. This way we can short or open this test-circuit.
Now ask yourself if you are a potential customer to Safenet, Inc Would you purchase this token?