We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI).
Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating.
The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(.
The backside consists of two tracks and a large ground plane. The circuit is very simple for an attacker to duplicate.
With the devices removed, a schematic can be created literally within minutes. The 20-pin version of CY7C63101A can even be used in place of the smaller SOIC 24-pin package (which is difficult for some to work with). The 20-pin is also available in a dual-inline-package (DIP) making it a great candidate for an attacker to use.
Red pin denotes pin 1 on the device.
We performed some magic and once again we have success to unlock the once protected device. A quick look for ASCII text reveals a bunch of text beginning around address $06CB: .B.P.T. .E.n.t.e.r.p.r.i.s.e.s…D.o.n.g.l.e. .D.o.n.g.l.e. .C.o.m.m.<
.E.n.d.P.o.i.n.t.1. .1.0.m.s. .I.n.t.e.r.r.u.p.t. .P.i.p.e.
Ironically, they say, “There are many advantages to using a hardware “based security solution AKA, a Dongle. There are even more advantages however to using KEYLOK Dongles over other competing solutions.”
Statement’s such as the one above are the reason Flylogic Engineering started this blog. We have heard this just one too many times from companies who are franckly pushing garbage. Garbage in, garbage out. Enough said on that.
This dongle is the weakest hardware based security token we have ever seen!! The outer physical protection layers ease of entry places this dongle last on our list of who’s hot and who’s not!