INSIGHTS | May 15, 2012

#HITB2012AMS: Security Bigwigs and Hacker Crème de la Crème Converge in Amsterdam Next Week

By IOActive

Hi guys! We’re less than a week away from #HITB2012AMSand we’re super excited to welcome you there!

HITBSecConf 2012 – Amsterdam, our third annual outing in Europe will be at the prestigious Hotel Okura Amsterdam and this year marks our first ever week-long event with what we think is a simply awesome line-up of trainings, speakers, contests and hands-on showcase activities. There should be pretty much something to keep everyone happy!

The HITB crew is pretty excited and there’s very little else we talk about these days, so when IOActive invited us to write a blog post with complete free rein – we can’t help but name a couple of event highlights the crew are particularly looking forward to and we think you’ll be equally excited about.

Here’s a ~~little~~ lot of what’s in store in less than T minus 7 days’ time:

Hands on Technical Training Sessions

May 21st – May 23rd: Training Day 1, 2 & 3

As always, we kick things off with our hands-on training days. This year, trainings stretch across a three-day period and will feature all new 1-day-only courses covering a gamut of topics from wireless security, SQL injection attacks and mobile application hacking. This will be followed by several 2-day intensive hands-on classes featuring some of our popular trainers. Laurent Oudot will be Hunting Web Attackers alongside Jonathan Brossard who’ll be conducting a course on Advanced Linux Exploitation Methods. Next door Shreeraj Shah will be running his ever popular Advanced Application Hacking training. As usual, trainees come braced for intense headache filled days with these hands-on courses crammed to the brim with real-life cases plus new, next-gen attack and defense tools and methods.

Quad Track Conference – The Pièce de résistance

May 24th – May 25th: Conference Day 1 & 2

Big Ideas – Big Picture…

It’s always hard selecting keynote speakers – especially at HITBSecConf, where our audience expects nothing but absolutely killer content filled with awesome! Andy Ellis, CSO of Akamai we feel will deliver a talk that fulfills that and will be kicking off Conference Day 1 with a keynote on Getting Ahead of the Security Poverty Line – sharing a behind-the-scenes look at Akamai’s in-house security program and how it has evolved over the years to protect over 105,000 servers in 78 countries.

On Day 2, a man who needs no introduction and who has the rare distinction of having delivered keynote at all the locations of HITBSecConf events held around the globe, Bruce Schneier, CISO of BT Counterpane will deliver the second keynote. Bruce’s talk on Trust, Security and Society will deliver a big picture look at how in any system of trust, there will always be abuses. Understanding how moral systems, reputational systems, institutional systems, and security systems work and fail in today’s society is essential in understanding the problems of our interconnected world.

An Apple a Day…

One of the indisputable highlights this year and perhaps the one item the HITB Crew is most looking forward to is the first ever appearance by the full four-member iOS Jailbreak Dream Team (@p 0 sixninja, @pod 2 g , @planetbeing and @pimskeks) plus world famous, iPhone Dev Team member @MuscleNerd .

They will be rocking Amsterdam with three talks (and maybe a new jailbreak?), two of which will primarily focus on the detailed inner workings behind the Corona (A4) and Absinthe (A 5) jailbreaks. Apple fans and jailbreak enthusiasts will be well pleased to hear the team plans to cover pretty much everything a jailbreaker would want to know including:

iOS security basics

iOS format string attacks

iOS kernel heap overflows

iOS profile command injections

iOS application sandbox escape

How to bypass ASLR & DEP for all exploits listed above

In the third and separate talk, MuscleNerd will dive into the inner workings and most recent changes to the iPhone baseband comparing it against its earlier hardware and software incarnations. His presentation will cover everything baseband related – from baseband ROP to activation and baseband tickets: The mechanism Apple uses to authorize use with specific carriers and authenticates software updates to the baseband. He will also look at the current attack surfaces comparing iPhone4 vs iPhone4S hardware-based protection mechanisms. Tasty.

I want my MTV…

And here’s another personal crew favourite – Adam Gowdiak . Is .
Back. The man who first brought Microsoft Windows to its knees in 2003 as part of the LSD Group and later became the world’s first to present a successful and widespread attack against the mobile Java platform is back at HITBSecConf! This time he will demonstrate the first ever successful attack against digital satellite set –top –box equipment implementing the Conax Conditional Access System with advanced cryptographic pairing function. Yes, we’re talking major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide.

More Labs / More Signal Intelligence

Forming our third track in our quad-track line up, only a maximum of 75 attendees will get to experience these intensive, mini training sessions, so get to the doors early if you wanna join in. Audience interaction is expected so bring your laptops with you! What kind of brain mashing kungf00 can you expect?

Hacking Using Dynamic Binary Instrumentation by Intel’s Gal Diskin promises an insight into extracting metadata and other hidden goodies from public documents using FOCA 3 and bad nasty things one can do with malformed portable executable (PE ) files and Didier Stevens, Security Consultant, Contraste Europe NV will be talking about the reverse of the kind of shellcode we all know and love – White Hat Shellcode : Not for Exploits.

Still hungry for more bytes? Grab your coffee, real world bites and head into the SIGINT sessions – our version of lightning talks which run for 30 minutes during coffee and lunch breaks. The SIGINT sessions this year are twice as long as usual as we want you to truly savour the appetising morsels we’ve lined up.

24TH MAY 2012

12:30 – 13:00 – Pastebinmon .pl & Leakedin .com – Xavier Mertens

13:00 – 13:30 – Third Party Software in Your Baseband – Ralf-Philipp Weinmann

15:30 – 16:00 – Hack To The Future – Marinus Kuivenhoven

25TH MAY 2012

12:30 – 13:00 – Integrating DMA Attacks in Metasploit – Rory Breuk & Albert Spruyt

13:00 – 13:30 – Close –Up of Three Technical Hackerspace Projects – Elger ‘stitch’ Jonker

Lawfully intercepting your packets…

After 2 days of conference awesomeness, Ms . Jaya Baloo , Verizon ’s in –house lawful interception expert and our first-ever lady closing keynoter will wrap things up in a yet to be announced keynote.

We’re not done yet …

If it isn’t already difficult enough to pick which talks to go to, we’ve got even more things lined up to keep you busy outside of the main conference tracks – With an expanded technology showcase area, our all new CommSec Village is going to be packed to the brim with more hacky-goodness than you can shake a Kinect at!

CommSec Village

Last year, LEGO Mindstorm robots ruled the roost and this year, the HITB CommSec Challenge is bringing the world of motion capture into the tinkering hands of Benelux hackerspaces. Seven hackerspaces from Belgium and the Netherlands will work with Microsoft ’s all new Kinect for Windows platform and battle head to head to translate their body movements into words at the highest rate of character output. Yep – expect to see lots of physical action here as the various participants battle it out for the grand prize of EUR1000.

HackWEEKDAY

HackWEEKDAY : Turbo Edition will see code junkies and working over a 12 hour period on this year’s theme of ‘Browsers and Extensions’ – Sponsored again by Mozilla and organized by the HITB.nl Crew, participating developers stand a chance to walk away with a prize of EUR1337 for the best coder!

Capture The Flag – Bank0verflow

Capture The Flag : Bank 0 verflow will see eleven teams – 5 home grown teams from The Netherlands: Mediamonks and four Vubar teams battle it out against French team C.o.P. Also, for the first time two Russian teams will be joining the battleground including the much ‘feared’ winners of #CODEGATE2012’s Capture The Flag – Leetchicken

Lock Picking Village by TOOOL.nl

The ever popular Lock Picking Village returns this years with crowd favourite TOOOL.nl at hand to showcase best and latest picking, shimming, bumping and safecracking techniques. Hands on as usual, come with deft fingers and your own locks to see how (in)secure that house or fiets lock of yours really is!

Sogeti Social Engineering Challenge

This year for the first time Sogeti is introducing Sogeti Social Engineering and CTF Challenge(#SSEC2012). This will be HITB’s first ever social engineering game so we’re pretty excited to say the least! Participants will be flexing their wit and wits against the top 100 Dutch companies via in-live-studio phone calls and conference attendees plus members of the public can check out the game in progress via the Listening Post. Blag for swag – and the best ‘wit-hacking’ engineer walks away with a swanky new iPad 3 sponsored by Sogeti!

Hackers On The Far Side of the Moon with Microsoft and IOActive

It would not be a proper HITBSecConf if there was no killer party to cap things off. This year we plan to blast off to the dark side of the moon with IOActive’s Keith Myers providing the choons!

Sponsored as always by Microsoft, conference hackers, heroes, dudes and dudettes will make their way to the Wyndham Apollo Hotel for three solid hours of food, music and of course, copious amounts of alcohol thanks to additional alco_pwn support by the kind folks at IOActive! o/

IOActive’s DJ Keith Myers will be delivering the ear pounding dance floor madness with a warm up set by Roy Verschuren of Elevator Passion – all this at the only spot in Amsterdam where the city’s five famous grachts meet!

Bring. On. The. Madness.

See you next week!

– The HITB Crew

INSIGHTS | January 24, 2008

ATMEGA88 Teardown

By IOActive

An 8k FLASH, 512 bytes EEPROM, 512 bytes SRAM CPU operating 1:1 with the external world unlike those Microchip PIC’s we love to write up about :).

It’s a 350 nanometer (nm), 3 metal layer device fabricated in a CMOS process. It’s beautiful to say the least; We’ve torn it down and thought we’d blog about it!

The process Atmel uses on their .35 micrometer (um) technology is awesome.

Using a little HydroFluoric Acid (HF) and we partially removed the top metal layer (M3). Everything is now clearly visible for our analysis. After delaying earlier above, we can now recognize features that were otherwise hidden such as the Static RAM (SRAM) and the 32 working registers.

As we mentioned earlier, we used the word, “awesome” because check this out- It’s so beautifully layed out that we can etch off just enough of the top metal layer to leave it’s residue so it’s still visible depending on the focal point of the microscope! This is very important.

We removed obscuring metal but can still see where it went (woot!).The two photos above contain two of the 30+ configuration fuses present however it makes a person wonder why did Atmel cover the floating gate of the upper fuse with a plate of metal (remember the microchip article with the plates over the floating gates?)

We highlighted a track per fuse in the above photos. What do you think these red tracks might represent?

INSIGHTS | December 29, 2007

AND Gates in logic

By IOActive

As we prepare for the New Year, we wanted to leave you with a piece of logic taken out of an older PIC16C series microcontroller. We want you to guess which micro(s) this gate (well the pair of them) would be found in. After the New Year, we’ll right up on the actual micro(s) and give the answer :).

An AND gate in logic is basically a high (logic ‘1’) on all inputs to the gate. For our example, we’re discussing the 2 input AND. It should be noted that this is being built from a NAND and that a NAND would require 2 less gates than an AND.

The truth table is all inputs must be a ‘1’ to get a ‘1’ on the output (Y). If any input is a ‘0’, Y = ‘0’.

There are 2 signals we labeled ‘A’ and ‘B’ routed in the Poly layer of the substrate (under all the metal). This particular circuit is not on the top of the device and had another metal layer above it (Metal 2 or M2). So technically, you are seeing Metal 1 (M1) and lower (Poly, Diffusion).

It’s quickly obvious that this is an AND gate but it could also be a NAND by removing the INVERTER and taking the ‘!Y’ signal instead of ‘Y’.

The red box to the left is the NAND leaving the red box to the right being the inverter creating our AND gate.

The upper green area are PFET’s with the lower green area being NFET’s.

After stripping off M1, we now can clearly see the Poly layer and begin to recognize the circuit.

This is a short article and we will follow up after the New Year begins. This is a single AND gate but was part of a pair. From the pair, this was the right side. We call them a pair because they work together to provide the security feature on some of the PIC16C’s we’re asking you to guess which ones 🙂

Happy Holidays and Happy Guessing!

INSIGHTS | December 17, 2007

ST201: ST16601 Smartcard Teardown

By IOActive

ST SmartCards 201 – Introduction to the ST16601 Secure MCU

This piece is going to be split into two articles-

- The first being this article is actually a primer on all of the ST16XYZ series smartcards using this type of Mesh technology. They have overgone a few generations. We consider this device to be a 3rd generation.
- In a seperate article yet to come, we are going to apply what you have read here to a smartcard used by Sun Microsystems, Inc. called Payflex. From what we have gathered on the internet, they are used to control access to Sun Ray Ultra Thin Terminals. Speaking of the payflex cards, they are commonly found (new and used) on eBay.

The ST16601 originated as far back as 1994. It originally appeared as a 1.2 um, 1 metal CMOS process and was later shrunk to 0.90 um, 1 metal CMOS to support 2.7v – 5.5v ranges.

It appears to be a later generation of the earlier ST16301 processor featuring larger memories (ROM, RAM, EEPROM).

The ST16601 offers:

- 6805 cpu core with a few additional instructions
- Lower instruction cycle counts vs. Motorola 6805.
- Internal Clock can run upto 5 Mhz at 1:1 vs 2:1.
- 6K Bytes of ROM
- 1K Bytes of EEPROM
- 128 Bytes of RAM
- Very high security features including EEPROM flash erase (bulk-erase)

Although it was released in 1994 it was being advertised in articles back in 1996. Is it possible an ‘A’ version of the ST16601 was released without a mesh? We know the ST16301 was so anything is possible.

Final revision of the ST16601(C?). The part has been shrunk to 0.90um and now has ST’s 2nd generation mesh in place. The newer mesh still in use today consists of fingers connected to ground and a serpentine sense line connected to power (VDD).

Using our delayering techniques, we removed the top metal mesh from the 1997 version of the part. The part numbering system was changed in 1995 onward to not tell you what part something really is. You have to be knowledgable about the features present and then play match-up from their website to determine the real part number.

As you can see, this part is clearly an ST16601 part except it is now called a K3COA. We know that the ‘3’ represents the entire ST16XYZ series from 1995-1997 but we’ll get into their numbering system when we write the ST101 article (we skipped it and jumped straight to ST201 to bring you the good stuff sooner!).

Above: 1000x magnification of the beginning of the second generation mesh used ont he 1995+ parts. This exact mesh is still used today on their latest technology sporting 0.18um and smaller! The difference- the wire size and spacing.

In the above image, green is ground, red is connected to power (VDD). Breaking this could result in loss of ground to a lower layer as well as the sense itself. The device will not run with a broken mesh.

Flylogic has successfully broken their mesh and we did it without the use of a Focus Ion-Beam workstation (FIB). In fact, we are the ONLY ONES who can open the ST mesh at our leisure and invasively probe whatever we want. We’ve been sucessful down-to 0.18um.

Using our techniques we call, “magic” (okay, it’s not magic but we’re not telling 😉 ), we opened the bus and probed it keeping the chip alive. We didn’t use any kind of expensive SEM or FIB. The equipment used was available back in the 90’s to the average hacker! We didn’t even need a university lab. Everything we used was commonly available for under $100.00 USD.

This is pretty scary when you think that they are certifying these devices under all kinds of certifications around the world.

Stay tuned for more articles on ST smartcards. We wanted to show you some old-school devices before showing you current much smaller ones because you have to learn to crawl before you walk!

INSIGHTS | December 1, 2007

Infineon SLE4442

By IOActive

The SLE4442 has been around for a long time. Spanning a little more than 10 years in the field, it has only now began to be replaced by the newer SLE5542 (We have analyzed this device too and will write up an article soon).

It is basically a 256 byte 8 bit wide EEPROM with special write protection. In order to successfully write to the device, you need to know a 3 byte password called the Programmable Security Code (PSC). The code is locked tightly inside the memory area of the device and if you try to guess it, you have 3 tries before being permanently locked out forever (well forever for some, we can always perform magic on the part).o above is a picture shows the entire substrate.

There was still some dirt on the die but it didn’t effect our interests. The geometry of the device is pretty big (> 2 uM). It has one polysilicon layer and one metal layer fabricated using an NMOS process.

Note: Just because the device is big does not constitute ease of an attack but it does make execution of an attack easier for an attacker without large amount of expense.

A successful attack on this device means an attacker knows the PSC which enables write operations to the device under attack or the ability to clone the device under attack into fresh new target who can act like the original device. We’ll discuss the PSC in more detail below.We have pr identified all the important areas listed on the Page 7 diagram in the above picture.

We can see again a test circuit that has had its enable sawn off during production. We can see the enable line looping back for the die that was placed to the right of this die. Notice the duck? Hrmmmm… Seems to be pointing at 2 test points. We’ll just say that the duck probably knows what he’s looking at 😉

We removed the top metal (the only metal layer) and you can now see the diffusion and poly layers. You can literally take these two pictures above and create a schematic from them if you understand NMOS circuits.

Possible attacks on the device:

- Electrical glitches: Fed through VCC / CLOCK line are possible. The circuit latches are all toggled from the serial clock provided by the user.
- Optical Erasure: UV seems to clear cells of the EEPROM to zero. Masking of the EEPROM except for the 3 PSC bytes would result in a PSC of $00,$00,$00 for that particular device. However note this is not a favorable attack as the device would probably become rejected by the host that this device belongs too.
- Optical glitches: These give strange results. An optical glitch in the right area might produce readback of the PSC code through command $31 (Read Security Memory).
- Bus attacks: Sitting on the databus will show you the PSC of the device. This method is effective but not easilly accomplish by most.
- PSC Control logic: Find the right signal in this area and you can make the device believe a valid PSC has been previously given allowing readback of the PSC through command $31. This is our prefered method, just ask the duck ;).

The security model used on this type of device is one in which the host-environment is trusted. This is a risky way of thinking but ironically, it has been used a lot (Fedex/Kinko’s payment cards(SLE4442, SLE5542), Telephone cards in use worldwide (ST1335, ST1355), laundry machine smartcards (AT88SC102).

Proof of failure of this trust model has been shown in places such as:

- Phone card emulation in Europe. It became so bad, metal detectors were placed inside the phones smartcard area to deter eavesdropping.
- Fedex/Kinko’s was successfully compromised by a man named Strom Carlson. He demonstrated the abuse of the SLE4442 in use by Kinko’s at the time.

INSIGHTS | November 15, 2007

The KEYLOK USB Dongle. Little. Green. And dead before it was born!

By IOActive

We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI).

Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating.

The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(.

The backside consists of two tracks and a large ground plane. The circuit is very simple for an attacker to duplicate.

With the devices removed, a schematic can be created literally within minutes. The 20-pin version of CY7C63101A can even be used in place of the smaller SOIC 24-pin package (which is difficult for some to work with). The 20-pin is also available in a dual-inline-package (DIP) making it a great candidate for an attacker to use.

Red pin denotes pin 1 on the device.

We performed some magic and once again we have success to unlock the once protected device. A quick look for ASCII text reveals a bunch of text beginning around address $06CB: .B.P.T. .E.n.t.e.r.p.r.i.s.e.s…D.o.n.g.l.e. .D.o.n.g.l.e. .C.o.m.m.<
.E.n.d.P.o.i.n.t.1. .1.0.m.s. .I.n.t.e.r.r.u.p.t. .P.i.p.e.

Ironically, they say, “There are many advantages to using a hardware “based security solution AKA, a Dongle. There are even more advantages however to using KEYLOK Dongles over other competing solutions.”

Statement’s such as the one above are the reason Flylogic Engineering started this blog. We have heard this just one too many times from companies who are franckly pushing garbage. Garbage in, garbage out. Enough said on that.

This dongle is the weakest hardware based security token we have ever seen!! The outer physical protection layers ease of entry places this dongle last on our list of who’s hot and who’s not!