0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/847 Thanks! 1 00:00:14,870 --> 00:00:17,389 All right, now, it's my very 2 00:00:17,390 --> 00:00:19,159 great pleasure to introduce Dominique and 3 00:00:19,160 --> 00:00:21,049 Kate, who are going to talk about open 4 00:00:21,050 --> 00:00:23,569 and closed systems with college kids, and 5 00:00:23,570 --> 00:00:25,069 they brought a bunch of interesting 6 00:00:25,070 --> 00:00:26,719 looking electronics with them. 7 00:00:26,720 --> 00:00:28,849 And I'm very curious to hear 8 00:00:28,850 --> 00:00:30,739 how they are going to help us liberate 9 00:00:30,740 --> 00:00:32,508 all our devices. 10 00:00:32,509 --> 00:00:34,189 So please give a warm welcome to 11 00:00:34,190 --> 00:00:35,190 Dominique and Kate. 12 00:00:41,960 --> 00:00:42,960 Thank you. 13 00:00:43,800 --> 00:00:45,009 There we go. 14 00:00:45,010 --> 00:00:46,199 All right, I'm Dominic. 15 00:00:46,200 --> 00:00:47,939 This is Kate. 16 00:00:47,940 --> 00:00:49,439 These are our faces 17 00:00:50,610 --> 00:00:51,779 and Twitter handles. 18 00:00:51,780 --> 00:00:52,780 If you want to 19 00:00:54,180 --> 00:00:57,239 live, tweet about how terrible this is. 20 00:00:57,240 --> 00:00:58,139 Right. 21 00:00:58,140 --> 00:00:59,999 I work for Guarisco gadgets and mostly I 22 00:01:00,000 --> 00:01:02,099 work on software and firmware 23 00:01:02,100 --> 00:01:04,469 for embedded devices, things like Hacker 24 00:01:04,470 --> 00:01:05,909 Great Fat over to 25 00:01:07,260 --> 00:01:08,579 explain who you are. 26 00:01:08,580 --> 00:01:09,629 Hopefully the microphone is working 27 00:01:09,630 --> 00:01:12,149 perfect. So I'm not 28 00:01:12,150 --> 00:01:13,619 really in the infosec scene. 29 00:01:13,620 --> 00:01:14,999 I'm more of a reverse engineer. 30 00:01:15,000 --> 00:01:17,189 So I maintain projects especially 31 00:01:17,190 --> 00:01:18,599 that lets you get more information about 32 00:01:18,600 --> 00:01:20,279 systems and see inside them. 33 00:01:20,280 --> 00:01:22,319 I especially love things that help people 34 00:01:22,320 --> 00:01:24,629 to learn about different 35 00:01:24,630 --> 00:01:26,669 systems and kind of get a foot in the 36 00:01:26,670 --> 00:01:28,049 door in various things. 37 00:01:28,050 --> 00:01:30,229 Face cancer, for example, is something 38 00:01:30,230 --> 00:01:32,159 I maintain the newer version of and that 39 00:01:32,160 --> 00:01:34,319 lets people get their fingers into USB 40 00:01:34,320 --> 00:01:36,629 great. We both maintain 41 00:01:36,630 --> 00:01:38,009 and that's a multi tool that lets people 42 00:01:38,010 --> 00:01:39,239 get their fingers into all different 43 00:01:39,240 --> 00:01:40,289 kinds of things. 44 00:01:40,290 --> 00:01:42,359 So we're coming up this 45 00:01:42,360 --> 00:01:44,429 talk from the perspective 46 00:01:44,430 --> 00:01:46,830 of people who really are 47 00:01:48,450 --> 00:01:50,399 neither of us really are infosec people. 48 00:01:50,400 --> 00:01:51,719 I think you say you write software for a 49 00:01:51,720 --> 00:01:52,799 living. Yeah, exactly. 50 00:01:52,800 --> 00:01:54,389 I do reverse engineering, which is kind 51 00:01:54,390 --> 00:01:56,129 of on the periphery of the core, like 52 00:01:56,130 --> 00:01:58,379 hacking culture kind 53 00:01:58,380 --> 00:01:59,339 of thing. 54 00:01:59,340 --> 00:02:01,469 And really what we're here to talk about 55 00:02:01,470 --> 00:02:03,269 today is a tool that we built that helps 56 00:02:03,270 --> 00:02:05,189 people do things like reverse engineering 57 00:02:05,190 --> 00:02:06,299 and learning about systems more 58 00:02:06,300 --> 00:02:07,649 effectively. 59 00:02:07,650 --> 00:02:09,799 So most of what we build is is 60 00:02:09,800 --> 00:02:11,789 interesting tools to to open up things. 61 00:02:11,790 --> 00:02:13,289 And then we we rely on the idea that 62 00:02:13,290 --> 00:02:15,329 other people will pick up those tools and 63 00:02:15,330 --> 00:02:17,039 do really interesting security things 64 00:02:17,040 --> 00:02:18,300 with them. So 65 00:02:19,620 --> 00:02:20,699 naturally, if we want other people to 66 00:02:20,700 --> 00:02:22,649 pick up our tools, it seems to make sense 67 00:02:22,650 --> 00:02:24,629 that we make most of them open source and 68 00:02:24,630 --> 00:02:25,799 available to people. 69 00:02:25,800 --> 00:02:27,959 And in that spirit, that we'd like 70 00:02:27,960 --> 00:02:29,629 a couple of people up front, 71 00:02:30,720 --> 00:02:33,509 Mike or Elizabeth Scott Scanline. 72 00:02:33,510 --> 00:02:35,279 She does some fantastic reverse 73 00:02:35,280 --> 00:02:37,439 engineering work and is very 74 00:02:37,440 --> 00:02:38,969 good at explaining things. 75 00:02:38,970 --> 00:02:41,189 If you haven't seen her streams and 76 00:02:41,190 --> 00:02:42,389 YouTube videos and things, you should 77 00:02:42,390 --> 00:02:44,249 absolutely check them out. 78 00:02:44,250 --> 00:02:46,079 And there's some stuff in this 79 00:02:46,080 --> 00:02:47,819 presentation that that was directly 80 00:02:47,820 --> 00:02:49,769 inspired by her work. 81 00:02:49,770 --> 00:02:51,749 Colin O'Flynn has done an awful lot of 82 00:02:51,750 --> 00:02:53,489 really interesting glitching work and 83 00:02:53,490 --> 00:02:54,869 taught people about that over the past 84 00:02:54,870 --> 00:02:55,870 couple of years. 85 00:02:56,580 --> 00:02:58,779 And also we should think great school 86 00:02:58,780 --> 00:03:01,079 gadgets, because they do 87 00:03:01,080 --> 00:03:03,089 enable us to come and attend events like 88 00:03:03,090 --> 00:03:04,589 this and spend all time working on these 89 00:03:04,590 --> 00:03:06,239 things. Right. And so in this talk, we're 90 00:03:06,240 --> 00:03:08,099 not really the you know, the brilliant 91 00:03:08,100 --> 00:03:09,539 people doing anything that's absolutely 92 00:03:09,540 --> 00:03:11,009 earthshattering. We're not coming up with 93 00:03:11,010 --> 00:03:13,079 new, you know, techniques 94 00:03:13,080 --> 00:03:14,789 that enable you to, like, sit on the 95 00:03:14,790 --> 00:03:15,719 cutting edge of science. 96 00:03:15,720 --> 00:03:17,489 But instead, we're tool builders. 97 00:03:17,490 --> 00:03:19,409 We build things that let you do cool 98 00:03:19,410 --> 00:03:20,309 things. 99 00:03:20,310 --> 00:03:22,349 And so we kind of have like the 100 00:03:22,350 --> 00:03:23,939 foundational people who have, you know, 101 00:03:23,940 --> 00:03:25,889 kind of started blazing some of these 102 00:03:25,890 --> 00:03:27,209 past forward. And we're building on a lot 103 00:03:27,210 --> 00:03:28,289 of their work. 104 00:03:28,290 --> 00:03:29,459 So, yeah. 105 00:03:29,460 --> 00:03:31,589 And I mean, the reason that the first 106 00:03:31,590 --> 00:03:33,029 to enlist is people who are smarter than 107 00:03:33,030 --> 00:03:35,219 us is I try to I actually try 108 00:03:35,220 --> 00:03:36,629 to pick up Cohn's work and it's 109 00:03:36,630 --> 00:03:38,099 fantastic. 110 00:03:38,100 --> 00:03:39,319 His ship was really cool. 111 00:03:39,320 --> 00:03:40,649 The software is kind of great. 112 00:03:40,650 --> 00:03:42,959 And I knew nothing about glitching. 113 00:03:42,960 --> 00:03:44,969 And I think we got into a conversation 114 00:03:44,970 --> 00:03:47,099 about, like, this stuff's really 115 00:03:47,100 --> 00:03:49,229 cool. But like, wouldn't it be great 116 00:03:49,230 --> 00:03:51,419 if someone who's not a genius, 117 00:03:51,420 --> 00:03:54,569 like someone like me can pick it up and 118 00:03:54,570 --> 00:03:56,069 like Glimcher system. 119 00:03:56,070 --> 00:03:57,599 And so that's that's kind of where this 120 00:03:57,600 --> 00:03:58,589 project came from. It's just trying to 121 00:03:58,590 --> 00:03:59,789 make those things just a little bit more 122 00:03:59,790 --> 00:04:00,989 accessible, a little bit easier for 123 00:04:00,990 --> 00:04:03,179 everyone to use so much 124 00:04:03,180 --> 00:04:04,349 right now. A lot of this came out of 125 00:04:04,350 --> 00:04:06,269 conversations with those first two 126 00:04:06,270 --> 00:04:07,769 people. So, yeah, it's really awesome. 127 00:04:07,770 --> 00:04:10,019 I really appreciate the foundation 128 00:04:10,020 --> 00:04:12,279 they built. So kind of give you 129 00:04:12,280 --> 00:04:14,069 background for why we're doing this kind 130 00:04:14,070 --> 00:04:16,289 of thing. This is a 131 00:04:16,290 --> 00:04:17,879 circuit board for an HDMI switch. 132 00:04:17,880 --> 00:04:20,009 Nothing super special about it other than 133 00:04:20,010 --> 00:04:21,328 the fact that I was using it a few months 134 00:04:21,329 --> 00:04:24,509 ago. And it was incredibly 135 00:04:24,510 --> 00:04:26,399 it had an incredibly irritating flaw in 136 00:04:26,400 --> 00:04:28,019 that. Sometimes when you're doing 137 00:04:28,020 --> 00:04:29,549 something like playing a video game or 138 00:04:29,550 --> 00:04:31,439 watching TV, it would sometimes flicker 139 00:04:31,440 --> 00:04:32,849 on and off. 140 00:04:32,850 --> 00:04:35,069 And so naturally, I did what anyone 141 00:04:35,070 --> 00:04:37,349 does when their electronics stop working 142 00:04:37,350 --> 00:04:38,339 and they took it. 143 00:04:38,340 --> 00:04:40,259 You know, I took it apart, figured out 144 00:04:40,260 --> 00:04:41,189 what the problem was. 145 00:04:41,190 --> 00:04:43,079 In this case. It was all the little 146 00:04:43,080 --> 00:04:45,209 signals, the plug to plug detect 147 00:04:45,210 --> 00:04:46,349 signals that tell you whether they're 148 00:04:46,350 --> 00:04:47,350 HDMI cables, 149 00:04:48,570 --> 00:04:50,069 what the cables are present and plugged 150 00:04:50,070 --> 00:04:52,139 in. The signals 151 00:04:52,140 --> 00:04:53,969 that indicated presence actually had a 152 00:04:53,970 --> 00:04:55,979 little bit of noise on them and the 153 00:04:55,980 --> 00:04:57,689 system wasn't properly compensating for 154 00:04:57,690 --> 00:04:59,879 that noise. So every once in a while, a 155 00:04:59,880 --> 00:05:01,529 cable that didn't put it, that didn't 156 00:05:01,530 --> 00:05:03,479 have a cable plugged in, would suddenly 157 00:05:03,480 --> 00:05:06,089 see a cable for just a split second 158 00:05:06,090 --> 00:05:07,589 and it would try to automatically switch 159 00:05:07,590 --> 00:05:08,590 over to that input. 160 00:05:09,360 --> 00:05:11,639 And this device happens 161 00:05:11,640 --> 00:05:13,799 to be driven by an intel 1851 162 00:05:13,800 --> 00:05:15,869 are equivalent microcontroller, a 163 00:05:15,870 --> 00:05:17,339 derivative microcontroller. 164 00:05:17,340 --> 00:05:19,079 And if I had the firmware for that 165 00:05:19,080 --> 00:05:21,149 microcontroller, it would have been 166 00:05:21,150 --> 00:05:23,279 probably ten minutes of work to, 167 00:05:23,280 --> 00:05:24,989 you know, put a little bit of bouncing, 168 00:05:24,990 --> 00:05:26,849 put a little bit of noise filtering into 169 00:05:26,850 --> 00:05:28,979 that system and be able 170 00:05:28,980 --> 00:05:31,109 to have fixed this and have this work. 171 00:05:31,110 --> 00:05:34,049 But without the firmware and without this 172 00:05:34,050 --> 00:05:35,039 kind of thing, it's the kind of thing we 173 00:05:35,040 --> 00:05:37,379 have to start off by rewriting 174 00:05:37,380 --> 00:05:40,229 the firmware from scratch or 175 00:05:40,230 --> 00:05:41,659 coming up. With some other hacks, some 176 00:05:41,660 --> 00:05:43,309 analog filtering under to make this thing 177 00:05:43,310 --> 00:05:45,679 work, or as I did by a slightly 178 00:05:45,680 --> 00:05:48,019 better HDMI switch, yes, 179 00:05:48,020 --> 00:05:49,819 sometimes the solution is to build a 180 00:05:49,820 --> 00:05:51,199 glitching framework, and sometimes the 181 00:05:51,200 --> 00:05:53,419 solution is to spend 50 bucks and 182 00:05:54,560 --> 00:05:55,600 really play with each other both. 183 00:05:57,890 --> 00:05:59,119 Here's another device that 184 00:06:00,170 --> 00:06:01,489 I was messing around with a little while 185 00:06:01,490 --> 00:06:03,559 ago. This device is the inside of a 186 00:06:03,560 --> 00:06:05,809 thermal camera, so it's the third 187 00:06:05,810 --> 00:06:07,829 on 65. It's a relatively inexpensive 188 00:06:07,830 --> 00:06:10,279 something like 200 or 300 USD 189 00:06:10,280 --> 00:06:11,539 thermal camera. 190 00:06:11,540 --> 00:06:13,219 And it's actually a really cool piece of 191 00:06:13,220 --> 00:06:15,319 electronics. It's got an 192 00:06:15,320 --> 00:06:17,479 SD card and my credit card that 193 00:06:17,480 --> 00:06:19,699 it captures pictures onto, it's got a USB 194 00:06:19,700 --> 00:06:21,559 port that it uses only to upload these 195 00:06:21,560 --> 00:06:23,509 pictures to computers. 196 00:06:23,510 --> 00:06:25,369 And then it's got a pretty powerful, 197 00:06:25,370 --> 00:06:27,739 pretty large microcontroller on there. 198 00:06:27,740 --> 00:06:29,359 And it would be really lovely to use a 199 00:06:29,360 --> 00:06:31,189 board like this for all kinds of, you 200 00:06:31,190 --> 00:06:33,589 know, experiments where you could take 201 00:06:33,590 --> 00:06:36,349 in thermal data and pass it to a PC. 202 00:06:36,350 --> 00:06:38,419 But the designers of this didn't 203 00:06:38,420 --> 00:06:40,339 really think about that use case, didn't 204 00:06:40,340 --> 00:06:41,869 identify that as a use case they were 205 00:06:41,870 --> 00:06:42,799 interested in. 206 00:06:42,800 --> 00:06:44,059 And so despite the fact that you have 207 00:06:44,060 --> 00:06:46,249 this giant microcontroller with 512 208 00:06:46,250 --> 00:06:47,689 kilobytes of flash, of which it was only 209 00:06:47,690 --> 00:06:50,179 using something about 100 kilobytes, 210 00:06:50,180 --> 00:06:52,429 there's without the firmware that 211 00:06:52,430 --> 00:06:54,259 is on this device, you can't really do 212 00:06:54,260 --> 00:06:55,260 that much. 213 00:06:55,790 --> 00:06:57,979 And so luckily, this particular device 214 00:06:57,980 --> 00:07:00,109 has its firmware in a 215 00:07:00,110 --> 00:07:01,759 accessible format because it takes 216 00:07:01,760 --> 00:07:03,679 firmware updates over USB. 217 00:07:03,680 --> 00:07:05,389 And if you look at the file that they 218 00:07:05,390 --> 00:07:07,639 upload onto the onto 219 00:07:07,640 --> 00:07:09,859 this device, it has what looks 220 00:07:09,860 --> 00:07:11,569 very clearly like an arm cortex and 221 00:07:11,570 --> 00:07:13,429 vector table at the beginning. 222 00:07:13,430 --> 00:07:14,689 But that's not the only thing that's in 223 00:07:14,690 --> 00:07:16,669 this file. There's also some metadata in 224 00:07:16,670 --> 00:07:17,809 the beginning and scattered throughout 225 00:07:17,810 --> 00:07:19,939 this file. And unless you want 226 00:07:19,940 --> 00:07:20,929 to sit there guessing at what the 227 00:07:20,930 --> 00:07:23,059 metadata means, you know, like what kind 228 00:07:23,060 --> 00:07:24,619 of checksum is this? What kind of CRC 229 00:07:24,620 --> 00:07:25,549 could this be? 230 00:07:25,550 --> 00:07:27,469 Is this, you know, a length here that 231 00:07:27,470 --> 00:07:28,909 describes how much firmware there is 232 00:07:28,910 --> 00:07:30,289 before there's another blob? 233 00:07:30,290 --> 00:07:31,849 Unless you want to guess at those kind of 234 00:07:31,850 --> 00:07:33,559 things, you're kind of not even able to 235 00:07:33,560 --> 00:07:35,859 upload new firmware to the bootloader. 236 00:07:35,860 --> 00:07:37,969 Right. The bootloader itself that on 237 00:07:37,970 --> 00:07:40,159 there, that's not contained in those 238 00:07:40,160 --> 00:07:41,269 firmware update images. 239 00:07:41,270 --> 00:07:43,909 It knows what is used to 240 00:07:43,910 --> 00:07:46,069 actually talk to it and to upload 241 00:07:46,070 --> 00:07:47,479 things onto there. 242 00:07:47,480 --> 00:07:49,429 And so if you have this bootloader, if 243 00:07:49,430 --> 00:07:51,739 you're able to get the order out somehow, 244 00:07:51,740 --> 00:07:54,109 then you can easily go reverse engineer 245 00:07:54,110 --> 00:07:56,059 the code and figure out what the actual 246 00:07:57,770 --> 00:07:59,899 structure that metadata is. 247 00:07:59,900 --> 00:08:02,089 And though I didn't actually 248 00:08:02,090 --> 00:08:03,889 get the letter out by glitching, 249 00:08:03,890 --> 00:08:05,239 eventually I figured out the format was 250 00:08:05,240 --> 00:08:07,519 able to find another vulnerability 251 00:08:07,520 --> 00:08:09,679 and then get the bullet out via 252 00:08:09,680 --> 00:08:11,599 some simpler exploits. 253 00:08:11,600 --> 00:08:13,099 This device was able to be hacked and 254 00:08:13,100 --> 00:08:14,119 there's tools for it. 255 00:08:14,120 --> 00:08:16,039 And it would've been a lot easier to do 256 00:08:16,040 --> 00:08:17,419 that if we had the ability to get the 257 00:08:17,420 --> 00:08:19,579 bullet out almost immediately. 258 00:08:21,500 --> 00:08:22,639 I'm going to you slightly here now. 259 00:08:22,640 --> 00:08:24,469 Oh, wow, I get to play with this very 260 00:08:24,470 --> 00:08:25,369 responsibility. 261 00:08:25,370 --> 00:08:27,559 Excellent. All right, click, click, 262 00:08:27,560 --> 00:08:28,639 click. 263 00:08:28,640 --> 00:08:30,889 So not all, but 264 00:08:30,890 --> 00:08:33,709 many, many security 265 00:08:33,710 --> 00:08:35,989 issues that we have come from us making 266 00:08:35,990 --> 00:08:37,819 assumptions and those assumptions not 267 00:08:37,820 --> 00:08:40,219 being valid, such as, 268 00:08:40,220 --> 00:08:41,629 oh, let Dominic wrote the code. 269 00:08:41,630 --> 00:08:43,609 He knows how to code that assumption. 270 00:08:45,170 --> 00:08:47,779 Things like string copy, like 271 00:08:47,780 --> 00:08:49,789 string copy is like generally known to be 272 00:08:49,790 --> 00:08:51,109 a pretty bad idea. 273 00:08:51,110 --> 00:08:54,169 If you're not giving it a Lynnfield, 274 00:08:54,170 --> 00:08:56,479 if you if you use that like 275 00:08:56,480 --> 00:08:58,009 you have no way to know how long your 276 00:08:58,010 --> 00:08:59,509 input was and it's going to just be 277 00:08:59,510 --> 00:09:00,529 copied all over your stack. 278 00:09:00,530 --> 00:09:02,239 And I hear from some hackers that that's 279 00:09:02,240 --> 00:09:03,240 bad. 280 00:09:04,160 --> 00:09:05,839 On the right hand side here, there's a 281 00:09:05,840 --> 00:09:08,089 paper by Serguei 282 00:09:08,090 --> 00:09:10,399 and Jilian about Pulsers. 283 00:09:10,400 --> 00:09:12,589 And we have this concept 284 00:09:12,590 --> 00:09:14,869 that if we design a file format, that 285 00:09:14,870 --> 00:09:17,239 those the two people build a parser 286 00:09:17,240 --> 00:09:19,009 for that very well defined file format, 287 00:09:19,010 --> 00:09:20,419 that those policies will treat things the 288 00:09:20,420 --> 00:09:22,159 same way. And it turns out people are 289 00:09:22,160 --> 00:09:24,319 very bad at coming up with unambiguous 290 00:09:24,320 --> 00:09:26,419 file formats. And so and I pulsers 291 00:09:26,420 --> 00:09:28,579 about now, 292 00:09:28,580 --> 00:09:30,289 it turns out you do exactly the same 293 00:09:30,290 --> 00:09:31,249 thing in hardware. 294 00:09:31,250 --> 00:09:32,719 One of the things you do is you have to 295 00:09:32,720 --> 00:09:34,849 make an assumption that if in 296 00:09:34,850 --> 00:09:37,009 the data sheet you say power 297 00:09:37,010 --> 00:09:39,289 this chip with a voltage of between 298 00:09:39,290 --> 00:09:41,089 this and this, you kind of have to make 299 00:09:41,090 --> 00:09:43,249 the assumption that that 300 00:09:43,250 --> 00:09:44,569 power supply is stable and that power 301 00:09:44,570 --> 00:09:46,129 supply is constant and the same goes for 302 00:09:46,130 --> 00:09:48,799 the clock. You make this assumption that 303 00:09:48,800 --> 00:09:50,929 as long as the clock speed is within 304 00:09:50,930 --> 00:09:52,759 your valid range, everything should 305 00:09:52,760 --> 00:09:53,659 should work properly. 306 00:09:53,660 --> 00:09:54,859 And you kind of have to make this assumption 307 00:09:54,860 --> 00:09:57,499 that the the clock is not going to, 308 00:09:57,500 --> 00:10:00,319 you know, go away or change dramatically 309 00:10:00,320 --> 00:10:02,269 or the power is going to increase or 310 00:10:02,270 --> 00:10:03,769 lower dramatically. 311 00:10:03,770 --> 00:10:05,959 And this is where glitching comes 312 00:10:05,960 --> 00:10:08,089 in, because what we do is we support 313 00:10:08,090 --> 00:10:09,739 those assumptions and are able to use 314 00:10:09,740 --> 00:10:10,740 them to 315 00:10:11,850 --> 00:10:14,119 to to change the behavior of a part. 316 00:10:14,120 --> 00:10:15,319 Right. And so we're able to secure 317 00:10:15,320 --> 00:10:17,509 systems usually by identifying 318 00:10:17,510 --> 00:10:18,979 the assumptions we make and constraining 319 00:10:18,980 --> 00:10:20,929 those assumptions so we can do things 320 00:10:20,930 --> 00:10:22,189 like, say, I'm not going to assume that 321 00:10:22,190 --> 00:10:23,659 the user is handing me a nice, null, 322 00:10:23,660 --> 00:10:25,189 terminated string that fits nicely in my 323 00:10:25,190 --> 00:10:25,799 buffer. 324 00:10:25,800 --> 00:10:27,889 It's a lot harder to build a chip that 325 00:10:27,890 --> 00:10:29,569 behaves correctly when you start pulling 326 00:10:29,570 --> 00:10:31,519 its power away for a period of time, it 327 00:10:31,520 --> 00:10:33,149 really drives up the cost of your chip. 328 00:10:33,150 --> 00:10:34,339 Same thing with the clock. 329 00:10:34,340 --> 00:10:35,779 You start having these kind of fundamental 330 00:10:35,780 --> 00:10:37,879 assumptions. It's really not worth coming 331 00:10:37,880 --> 00:10:40,039 up. Solutions are 332 00:10:40,040 --> 00:10:42,169 not worth constraining your device to 333 00:10:42,170 --> 00:10:43,699 necessarily have to work without power or 334 00:10:43,700 --> 00:10:45,259 without a stable clock. 335 00:10:45,260 --> 00:10:46,909 And so when you start subverting these 336 00:10:46,910 --> 00:10:49,069 assumptions, just like when you separate 337 00:10:49,070 --> 00:10:50,329 the assumptions of someone designing 338 00:10:50,330 --> 00:10:51,379 software, you get all kinds of 339 00:10:51,380 --> 00:10:53,059 interesting and potentially exploitable 340 00:10:53,060 --> 00:10:54,459 behaviors. 341 00:10:54,460 --> 00:10:56,419 Yeah, and I think at that point you 342 00:10:56,420 --> 00:10:58,219 touched on, which is that there are 343 00:10:58,220 --> 00:11:00,289 methods for for avoiding this. 344 00:11:00,290 --> 00:11:01,849 They absolutely exist, but they're 345 00:11:01,850 --> 00:11:04,009 expensive. They they 346 00:11:04,010 --> 00:11:06,259 add complexity to the to the part 347 00:11:06,260 --> 00:11:08,449 you're using. They add it cost. 348 00:11:08,450 --> 00:11:10,519 And what you end up with is much more 349 00:11:10,520 --> 00:11:12,709 expensive microcontrollers, which 350 00:11:12,710 --> 00:11:14,509 then means you're not going to get your, 351 00:11:14,510 --> 00:11:17,029 you know, dirt cheap AI, 352 00:11:17,030 --> 00:11:18,769 Internet connected camera or whatever 353 00:11:18,770 --> 00:11:20,959 other like cheap Iot 354 00:11:20,960 --> 00:11:23,119 rubbish that you buy is going to go 355 00:11:23,120 --> 00:11:25,189 up in price. And the manufacturers 356 00:11:25,190 --> 00:11:26,209 want to use the lowest cost thing. 357 00:11:26,210 --> 00:11:28,399 So like the vast majority 358 00:11:28,400 --> 00:11:30,169 of of parts that we see out there, like 359 00:11:30,170 --> 00:11:31,219 don't have any of those kind of 360 00:11:31,220 --> 00:11:33,259 protections on them, or can you just like 361 00:11:33,260 --> 00:11:34,309 like a kind of logo. 362 00:11:35,360 --> 00:11:37,429 So it's kind of quick show of 363 00:11:37,430 --> 00:11:39,469 hands who has like knows how glitching 364 00:11:39,470 --> 00:11:42,649 works, has glitched something before. 365 00:11:42,650 --> 00:11:44,749 I can't really see because they're a 366 00:11:44,750 --> 00:11:46,129 huge stage lights, but I don't think 367 00:11:46,130 --> 00:11:47,839 that's a huge percentage of the audience. 368 00:11:47,840 --> 00:11:50,239 So I was in everyone else's shoes 369 00:11:50,240 --> 00:11:51,589 up until very recently. 370 00:11:51,590 --> 00:11:53,629 And so I'm going to try and give you an 371 00:11:53,630 --> 00:11:55,489 explanation. And then when I do it badly, 372 00:11:55,490 --> 00:11:57,529 Kate is going to fill in the gaps. 373 00:11:57,530 --> 00:11:59,119 But essentially there are there are two 374 00:11:59,120 --> 00:12:00,799 key types that we're going to be talking 375 00:12:00,800 --> 00:12:02,329 about. And the the a lot of people use, 376 00:12:02,330 --> 00:12:04,519 one is glitching and the other is is 377 00:12:04,520 --> 00:12:07,189 power or voltage switching 378 00:12:07,190 --> 00:12:08,359 with with clock watching. 379 00:12:08,360 --> 00:12:11,289 What you do is you take this nice 380 00:12:11,290 --> 00:12:12,290 as one of these a laser. 381 00:12:15,760 --> 00:12:17,919 Well, that is almost invisible to me, 382 00:12:17,920 --> 00:12:20,049 so good luck to you, OK? 383 00:12:20,050 --> 00:12:21,249 What you have is you have these nice 384 00:12:21,250 --> 00:12:22,989 clock pulses that you can you can see on 385 00:12:22,990 --> 00:12:24,580 the slides. And they 386 00:12:26,350 --> 00:12:28,629 the the I think the way 387 00:12:28,630 --> 00:12:30,129 a lot of people visualize what happens 388 00:12:30,130 --> 00:12:32,559 inside a processor when 389 00:12:32,560 --> 00:12:34,329 the clock signal comes on, it's like 390 00:12:34,330 --> 00:12:36,009 everything happens as soon as that clock 391 00:12:36,010 --> 00:12:37,269 pulse happens. 392 00:12:37,270 --> 00:12:39,549 But realistically, what happens is 393 00:12:39,550 --> 00:12:40,749 those things happen in stages. 394 00:12:40,750 --> 00:12:42,639 So first of all, maybe we increment the 395 00:12:42,640 --> 00:12:44,769 program counter and then we go and decode 396 00:12:44,770 --> 00:12:46,269 the instruction that we're pointing to 397 00:12:46,270 --> 00:12:48,399 and then we work out what that's 398 00:12:48,400 --> 00:12:50,589 going to do and maybe implement like, you 399 00:12:50,590 --> 00:12:52,449 know, if an ad is not necessarily in 400 00:12:52,450 --> 00:12:54,129 stages. But in parallel, we have all the 401 00:12:54,130 --> 00:12:56,019 intermediary pieces of those computations 402 00:12:56,020 --> 00:12:57,099 coming together. 403 00:12:57,100 --> 00:12:59,529 Right. So here we get to see 404 00:12:59,530 --> 00:13:01,089 if we were to take a look inside the 405 00:13:01,090 --> 00:13:02,229 circuit. We see all these different 406 00:13:02,230 --> 00:13:04,479 pieces working kind of together, 407 00:13:04,480 --> 00:13:06,129 coming up with different pieces of the 408 00:13:06,130 --> 00:13:08,199 computation. And then finally, right 409 00:13:08,200 --> 00:13:10,449 before the next clock edge or some period 410 00:13:10,450 --> 00:13:12,159 of time before the next clock, everything 411 00:13:12,160 --> 00:13:13,929 resolves to a stable state. 412 00:13:13,930 --> 00:13:15,249 Right. 413 00:13:15,250 --> 00:13:16,250 Thank you. 414 00:13:17,580 --> 00:13:19,719 But but 415 00:13:19,720 --> 00:13:21,849 what happens if we if we shorten that 416 00:13:21,850 --> 00:13:24,699 clock posts and we we 417 00:13:24,700 --> 00:13:26,769 bring the clock line back down 418 00:13:26,770 --> 00:13:28,989 midway through that, can we can we make 419 00:13:28,990 --> 00:13:30,669 it so that maybe the sum of that 420 00:13:30,670 --> 00:13:32,199 conversation happens, but other parts 421 00:13:32,200 --> 00:13:34,209 don't happen? And spoilers, the answer is 422 00:13:34,210 --> 00:13:35,210 yes. 423 00:13:35,590 --> 00:13:37,779 And so we can do things like have the 424 00:13:37,780 --> 00:13:40,059 the instruction, the instruction 425 00:13:40,060 --> 00:13:42,189 point to increments and 426 00:13:42,190 --> 00:13:44,469 then the next the result of whatever 427 00:13:44,470 --> 00:13:46,599 the next piece of computation is, doesn't 428 00:13:46,600 --> 00:13:48,399 go anywhere. It just doesn't happen. 429 00:13:48,400 --> 00:13:50,499 And then on the next pulse, 430 00:13:50,500 --> 00:13:51,989 the program counter is exactly where 431 00:13:51,990 --> 00:13:53,049 where it was. But the previous 432 00:13:53,050 --> 00:13:54,129 instruction didn't happen. 433 00:13:54,130 --> 00:13:55,509 So if that previous instruction is a 434 00:13:55,510 --> 00:13:58,329 jump, we've now just moved over it 435 00:13:58,330 --> 00:14:00,399 in the code 436 00:14:00,400 --> 00:14:02,019 happy and move on. 437 00:14:02,020 --> 00:14:03,279 Excellent. 438 00:14:03,280 --> 00:14:04,689 This is the one that I don't know as 439 00:14:04,690 --> 00:14:05,679 well. 440 00:14:05,680 --> 00:14:06,680 Right. Volta's grouching. 441 00:14:08,620 --> 00:14:10,359 So inside the chip are a lot of 442 00:14:10,360 --> 00:14:11,469 transistors. 443 00:14:11,470 --> 00:14:12,639 Yeah. This is Mike. 444 00:14:12,640 --> 00:14:14,739 You know, I know a little bit 445 00:14:14,740 --> 00:14:15,740 more. 446 00:14:16,030 --> 00:14:17,139 I don't do hardware, 447 00:14:18,280 --> 00:14:19,299 so there's lot of transistors. 448 00:14:19,300 --> 00:14:21,039 And they when they're when they're 449 00:14:21,040 --> 00:14:23,349 stable, when they're not switching, they 450 00:14:23,350 --> 00:14:26,559 have they they draw very little power. 451 00:14:26,560 --> 00:14:28,629 Right. OK, I'm 452 00:14:28,630 --> 00:14:29,959 sorry that I have to keep checking it. 453 00:14:29,960 --> 00:14:31,929 I just don't want to get it wrong. 454 00:14:31,930 --> 00:14:33,369 But when they are switching, they draw, 455 00:14:33,370 --> 00:14:34,479 they draw a lot more power. And so the 456 00:14:34,480 --> 00:14:35,979 idea being that that they're fairly 457 00:14:35,980 --> 00:14:37,959 stable, if you can make it so that when 458 00:14:37,960 --> 00:14:40,059 they're switching, you rapidly 459 00:14:40,060 --> 00:14:42,189 change very briefly change 460 00:14:42,190 --> 00:14:43,509 the voltage that you're supplying to the 461 00:14:43,510 --> 00:14:45,699 chip, you will very 462 00:14:45,700 --> 00:14:47,589 great. You have a much better chance of 463 00:14:47,590 --> 00:14:50,439 influencing them in a way that 464 00:14:50,440 --> 00:14:51,440 does unintended. 465 00:14:52,870 --> 00:14:55,209 So if we suddenly drop the power 466 00:14:55,210 --> 00:14:57,279 on a chip as it's calculating, 467 00:14:57,280 --> 00:14:59,439 say, the final stage 468 00:14:59,440 --> 00:15:01,509 of a checksum or something like that. 469 00:15:01,510 --> 00:15:03,729 Yeah, but then it's 470 00:15:03,730 --> 00:15:05,259 much more likely that those values will 471 00:15:05,260 --> 00:15:06,999 come out incorrectly. 472 00:15:07,000 --> 00:15:08,769 Right. And so the take away here is that 473 00:15:08,770 --> 00:15:10,659 if you have a portion of the chip that is 474 00:15:10,660 --> 00:15:13,419 making some kind of computational 475 00:15:13,420 --> 00:15:15,489 change, then that's changing state. 476 00:15:15,490 --> 00:15:17,529 And you were to suddenly deprive the chip 477 00:15:17,530 --> 00:15:18,939 of the energy it needs. 478 00:15:18,940 --> 00:15:20,619 Those pieces are much more likely to be 479 00:15:20,620 --> 00:15:23,049 affected by the 480 00:15:23,050 --> 00:15:25,119 rapid brownout, the rapid dropping of 481 00:15:25,120 --> 00:15:27,279 voltage then pieces that 482 00:15:27,280 --> 00:15:28,869 are in steady state. 483 00:15:28,870 --> 00:15:30,219 Right. If the chips are not doing 484 00:15:30,220 --> 00:15:31,779 anything and you move its power supply 485 00:15:31,780 --> 00:15:33,459 around, it's not actually going to have 486 00:15:33,460 --> 00:15:35,229 that much effect. It's only the things 487 00:15:35,230 --> 00:15:36,129 that are changing right now. 488 00:15:36,130 --> 00:15:37,359 So the register, the value that it's 489 00:15:37,360 --> 00:15:39,279 currently writing or or something like 490 00:15:39,280 --> 00:15:40,909 that is much more likely or the value 491 00:15:40,910 --> 00:15:42,669 that's currently calculating is much more 492 00:15:42,670 --> 00:15:44,769 likely to change at the point that you 493 00:15:44,770 --> 00:15:46,570 you move that that power to. 494 00:15:49,620 --> 00:15:50,909 We got through that, okay? 495 00:15:50,910 --> 00:15:53,069 Does anyone genuinely feel more informed 496 00:15:53,070 --> 00:15:54,480 than they did two slides ago, 497 00:15:58,410 --> 00:16:00,209 how it would be much more flattering if 498 00:16:00,210 --> 00:16:01,210 it wasn't my employer. 499 00:16:01,980 --> 00:16:03,360 So here's some pseudocode. 500 00:16:04,380 --> 00:16:05,789 This is this is just something. 501 00:16:05,790 --> 00:16:06,959 Let's say we've got a buffer. 502 00:16:06,960 --> 00:16:09,059 We want to send that buffer somewhere. 503 00:16:09,060 --> 00:16:10,739 We have a function called send bytes. 504 00:16:10,740 --> 00:16:12,719 And we it's right over that buffer zone 505 00:16:12,720 --> 00:16:14,459 nearby. I've written code like that on 506 00:16:14,460 --> 00:16:16,049 the left, I imagine many people here 507 00:16:16,050 --> 00:16:17,759 have. And this might be what it looks 508 00:16:17,760 --> 00:16:19,350 like when it's compiled. 509 00:16:20,700 --> 00:16:22,799 So let's say that 510 00:16:22,800 --> 00:16:24,689 what we really want to do is send out 511 00:16:24,690 --> 00:16:27,119 that buffer, but we want to 512 00:16:27,120 --> 00:16:29,819 subvert the system to 513 00:16:29,820 --> 00:16:31,439 to send out everything that comes after 514 00:16:31,440 --> 00:16:32,969 that buffer zone to send out the rest of 515 00:16:32,970 --> 00:16:34,229 ramp. 516 00:16:34,230 --> 00:16:35,819 Now, there are a couple of things here, a 517 00:16:35,820 --> 00:16:38,159 couple of steps in this in this program 518 00:16:38,160 --> 00:16:40,259 which might be of interest to 519 00:16:40,260 --> 00:16:42,059 us. And before we did this disclaimer, 520 00:16:42,060 --> 00:16:43,289 this is all pseudocode. 521 00:16:43,290 --> 00:16:45,359 So this is assembly that I wrote to be 522 00:16:45,360 --> 00:16:46,889 representative on a plan. 523 00:16:46,890 --> 00:16:48,839 I think it's a weird mix that I come up 524 00:16:48,840 --> 00:16:50,969 with between like a risk processor 525 00:16:50,970 --> 00:16:53,069 in 1851, because that's how it was 526 00:16:53,070 --> 00:16:54,419 natural to express this particular 527 00:16:54,420 --> 00:16:54,749 thought. 528 00:16:54,750 --> 00:16:56,939 But I think this is something that people 529 00:16:56,940 --> 00:16:58,259 who are familiar with the assembly could 530 00:16:58,260 --> 00:16:59,339 understand. 531 00:16:59,340 --> 00:17:00,279 Excellent. All right. 532 00:17:00,280 --> 00:17:02,249 So this is written in Temkin Micro 533 00:17:02,250 --> 00:17:03,250 Architecture. 534 00:17:03,840 --> 00:17:05,549 So first up, what we do is we we 535 00:17:05,550 --> 00:17:08,039 multiply, we multiply. 536 00:17:08,040 --> 00:17:09,989 This works better on a black background. 537 00:17:09,990 --> 00:17:11,879 We do this multiply to to work out the 538 00:17:11,880 --> 00:17:13,108 size of a list. 539 00:17:13,109 --> 00:17:14,848 If we could modify that in some way, we 540 00:17:14,849 --> 00:17:16,739 could get a field that's way, way bigger 541 00:17:16,740 --> 00:17:18,479 than than the Lynnfield that we're 542 00:17:18,480 --> 00:17:20,759 supposed to. And and so therefore 543 00:17:21,930 --> 00:17:23,249 so when when we compare in this, we're 544 00:17:23,250 --> 00:17:25,469 going to get much more alternately 545 00:17:25,470 --> 00:17:26,969 every time we go around the loop, we we 546 00:17:26,970 --> 00:17:28,499 decrement the length. 547 00:17:28,500 --> 00:17:30,689 If we can make this 548 00:17:30,690 --> 00:17:31,920 decrement fail 549 00:17:34,080 --> 00:17:36,149 or happen in a in a strange 550 00:17:36,150 --> 00:17:38,369 way, we might be able to 551 00:17:39,630 --> 00:17:41,879 get a much bigger number loaded into 552 00:17:41,880 --> 00:17:42,959 the Lynnfield. 553 00:17:42,960 --> 00:17:45,179 And therefore, again, we get a lot right 554 00:17:45,180 --> 00:17:46,769 now. And the final one is this. 555 00:17:46,770 --> 00:17:48,929 This jump, if we can make that jump 556 00:17:48,930 --> 00:17:51,749 get skipped, then 557 00:17:51,750 --> 00:17:53,249 the length will already be in decrements. 558 00:17:53,250 --> 00:17:54,839 Next time around the loop, the length 559 00:17:54,840 --> 00:17:56,549 will become negative one. 560 00:17:56,550 --> 00:17:58,349 And we'll just keep documenting the loop 561 00:17:58,350 --> 00:18:00,419 until we run out of until we 562 00:18:00,420 --> 00:18:02,069 we loop through that entire integer 563 00:18:02,070 --> 00:18:04,349 again. And so we have these opportunities 564 00:18:04,350 --> 00:18:05,729 that we can if we are capable of 565 00:18:05,730 --> 00:18:07,289 corrupting values or we're capable of 566 00:18:07,290 --> 00:18:08,999 skipping instructions, we have these kind 567 00:18:09,000 --> 00:18:11,339 of windows that we can use to 568 00:18:11,340 --> 00:18:13,229 see things that are past that buffer in 569 00:18:13,230 --> 00:18:15,299 memory. And depending on the individual 570 00:18:15,300 --> 00:18:16,919 device and what you're sending out, that 571 00:18:16,920 --> 00:18:19,139 could be transmission from 572 00:18:19,140 --> 00:18:20,369 something and read only memory and you 573 00:18:20,370 --> 00:18:22,199 could get what's next after that 574 00:18:22,200 --> 00:18:23,789 read-only memory, which might be 575 00:18:23,790 --> 00:18:25,919 firmware, might be secrets if 576 00:18:25,920 --> 00:18:28,349 it's in RAM, potentially 577 00:18:28,350 --> 00:18:30,599 with other values that the device 578 00:18:30,600 --> 00:18:31,979 may not want to disclose. 579 00:18:31,980 --> 00:18:34,049 And we'll see in more complex 580 00:18:34,050 --> 00:18:35,849 cases that we can actually take advantage 581 00:18:35,850 --> 00:18:37,889 of this to get more than just the data 582 00:18:37,890 --> 00:18:40,019 that's immediately following in RAM. 583 00:18:41,490 --> 00:18:43,379 But the key is that that timing is 584 00:18:43,380 --> 00:18:44,609 absolutely critical. 585 00:18:44,610 --> 00:18:46,409 In order to be able to do this, we need 586 00:18:46,410 --> 00:18:48,659 to be able to we don't necessarily know 587 00:18:48,660 --> 00:18:50,759 at what point exactly the device is going 588 00:18:50,760 --> 00:18:52,289 to be vulnerable. We can kind of guess 589 00:18:52,290 --> 00:18:53,909 here that it's in those instructions in 590 00:18:53,910 --> 00:18:55,379 red that we're likely to have the effects 591 00:18:55,380 --> 00:18:57,659 we want. But we don't know when during 592 00:18:57,660 --> 00:18:59,729 those clock cycles, we might want 593 00:18:59,730 --> 00:19:02,159 a glitch. We don't necessarily know 594 00:19:02,160 --> 00:19:03,239 what kind of glitches they're going to be 595 00:19:03,240 --> 00:19:04,499 effective or if any, are going to be 596 00:19:04,500 --> 00:19:05,879 effective on a given system. 597 00:19:05,880 --> 00:19:07,499 So in order to do that, we need to be 598 00:19:07,500 --> 00:19:08,819 able to experiment and in order to be 599 00:19:08,820 --> 00:19:10,049 able to experiment and have those 600 00:19:10,050 --> 00:19:12,239 experimental results mean anything, we 601 00:19:12,240 --> 00:19:14,759 really need a very precise 602 00:19:14,760 --> 00:19:17,249 way of identifying time 603 00:19:17,250 --> 00:19:19,409 as is relative to the thing 604 00:19:19,410 --> 00:19:21,030 that is executing the program itself. 605 00:19:22,290 --> 00:19:24,319 Yeah, so this diagram just kind of shows 606 00:19:24,320 --> 00:19:26,009 that like this red line here, these are 607 00:19:26,010 --> 00:19:27,599 all the options. We have to have a 608 00:19:27,600 --> 00:19:29,769 successful switching attack. 609 00:19:29,770 --> 00:19:32,009 And it's you know, it's fairly spread 610 00:19:32,010 --> 00:19:33,149 out, but there are a lot of them. 611 00:19:33,150 --> 00:19:34,289 So this is the multiply. 612 00:19:34,290 --> 00:19:35,849 We've got one chance of that. 613 00:19:35,850 --> 00:19:38,069 Then then this kind of decrement happens 614 00:19:38,070 --> 00:19:39,509 every time around the loop. 615 00:19:39,510 --> 00:19:41,789 And we always we have lots of chances to 616 00:19:41,790 --> 00:19:44,219 to hit that one each time. 617 00:19:44,220 --> 00:19:46,409 And then finally, we have 618 00:19:46,410 --> 00:19:48,989 this this jump when 619 00:19:48,990 --> 00:19:50,039 when we finish the loop. 620 00:19:50,040 --> 00:19:52,149 And we only have one chance of 621 00:19:52,150 --> 00:19:54,239 really skipping that step as 622 00:19:54,240 --> 00:19:55,439 well, because there's only one time that 623 00:19:55,440 --> 00:19:57,239 that jump is meaningful and that's when 624 00:19:57,240 --> 00:19:58,349 we hit zero. 625 00:19:58,350 --> 00:20:00,209 Right. And so this may seem pretty 626 00:20:00,210 --> 00:20:01,210 synthetic. No, go ahead. 627 00:20:01,980 --> 00:20:04,799 So this may seem pretty synthetic. 628 00:20:04,800 --> 00:20:06,419 That may seem like the kind of code that 629 00:20:06,420 --> 00:20:08,549 you'd hopefully not see in a lot of 630 00:20:08,550 --> 00:20:10,349 programs, depending on the use case and 631 00:20:10,350 --> 00:20:11,459 depending on the constraints. 632 00:20:11,460 --> 00:20:13,439 But this is exactly the way in hardware, 633 00:20:13,440 --> 00:20:15,089 a DMA control that works, right? 634 00:20:15,090 --> 00:20:17,159 It is constantly subtracting from 635 00:20:17,160 --> 00:20:19,079 its length register by one or more. 636 00:20:19,080 --> 00:20:20,969 It is constantly incrementing the address 637 00:20:20,970 --> 00:20:23,139 that it is reading from the address 638 00:20:23,140 --> 00:20:24,389 of sending down the bus in order to 639 00:20:24,390 --> 00:20:26,399 gather data. So even if that's software, 640 00:20:26,400 --> 00:20:28,019 for example, looked a bit synthetic, it 641 00:20:28,020 --> 00:20:29,669 is absolutely applicable to embedded 642 00:20:29,670 --> 00:20:30,670 hardware. 643 00:20:31,650 --> 00:20:33,269 Yeah, and there's absolutely no error 644 00:20:33,270 --> 00:20:35,549 checking because what I mean, you've 645 00:20:35,550 --> 00:20:36,899 got a damage control on it, on a 646 00:20:36,900 --> 00:20:38,249 microcontroller. 647 00:20:38,250 --> 00:20:40,709 What's it going to do when errors like 648 00:20:40,710 --> 00:20:43,049 it pop up a dialog that says, hey, 649 00:20:43,050 --> 00:20:44,819 something's gone wrong or you're not 650 00:20:44,820 --> 00:20:46,259 writing to the right bit of memory, it's 651 00:20:46,260 --> 00:20:47,999 just doing what it's told. 652 00:20:48,000 --> 00:20:49,319 So we've we've done a lot that this 653 00:20:49,320 --> 00:20:50,679 isn't. 654 00:20:50,680 --> 00:20:52,959 This isn't like a super 655 00:20:52,960 --> 00:20:55,119 clever attack against something. 656 00:20:55,120 --> 00:20:57,369 This is a little Python script 657 00:20:57,370 --> 00:20:59,439 that hacked up, which talks 658 00:20:59,440 --> 00:21:01,119 to the DMA controller on a great Seibold. 659 00:21:01,120 --> 00:21:02,649 This connects to the system and just 660 00:21:02,650 --> 00:21:04,059 allows us all it does is take the 661 00:21:04,060 --> 00:21:05,919 parameters. We give it in programing 662 00:21:05,920 --> 00:21:07,719 programs into the DMA controller. 663 00:21:07,720 --> 00:21:09,939 And I'm not specifically obviously 664 00:21:09,940 --> 00:21:12,449 43, 43, 30. 665 00:21:12,450 --> 00:21:13,989 Yeah, this is not something that you're 666 00:21:13,990 --> 00:21:15,609 going to see in every damn controller, 667 00:21:15,610 --> 00:21:16,929 but on a lot of the embedded DMA 668 00:21:16,930 --> 00:21:18,969 controllers error checking is a premium 669 00:21:18,970 --> 00:21:20,919 feature and has left out a lot of the 670 00:21:20,920 --> 00:21:23,589 individual peripherals that use DMA. 671 00:21:23,590 --> 00:21:25,629 So the CPU itself may execute on the 672 00:21:25,630 --> 00:21:27,849 boss, execute transactions and get 673 00:21:27,850 --> 00:21:29,709 notified if it requests memory that 674 00:21:29,710 --> 00:21:30,729 doesn't exist. 675 00:21:30,730 --> 00:21:32,889 A lot of times a DMA controller will have 676 00:21:32,890 --> 00:21:35,109 absolutely no error checking just 677 00:21:35,110 --> 00:21:37,539 because there's no way to handle errors 678 00:21:37,540 --> 00:21:39,339 when hardware is executing them. 679 00:21:39,340 --> 00:21:41,109 So it won't stop transactions, it won't 680 00:21:41,110 --> 00:21:42,459 generate a fault, it won't generated 681 00:21:42,460 --> 00:21:44,439 interrupt is just happy to do things like 682 00:21:44,440 --> 00:21:45,519 read all zeros. 683 00:21:45,520 --> 00:21:47,169 Right. And so this is the thing I just 684 00:21:47,170 --> 00:21:49,689 read a section of memory that 685 00:21:49,690 --> 00:21:52,239 I know is Ram and I write 128 686 00:21:52,240 --> 00:21:54,249 bytes out of it and it and it gave it to 687 00:21:54,250 --> 00:21:55,839 me. But if I were to do the same thing 688 00:21:55,840 --> 00:21:57,939 again and read what address you 689 00:21:57,940 --> 00:21:58,940 want to read. 690 00:22:01,450 --> 00:22:03,569 Like the three zero zero 691 00:22:03,570 --> 00:22:05,699 zero zero zero zero zero, but 692 00:22:05,700 --> 00:22:07,889 you do that, but 693 00:22:07,890 --> 00:22:09,179 there are sections of memory that don't 694 00:22:09,180 --> 00:22:10,589 mean anything. That memory that's I oh 695 00:22:10,590 --> 00:22:12,059 they were just like reserve sections that 696 00:22:12,060 --> 00:22:14,129 don't exist. And it doesn't erase all 697 00:22:14,130 --> 00:22:15,599 the damage control. Like we're just 698 00:22:15,600 --> 00:22:17,129 representing on screen exactly what the 699 00:22:17,130 --> 00:22:18,779 damage control is giving us back. 700 00:22:18,780 --> 00:22:21,059 And when it has when it gets nothing 701 00:22:21,060 --> 00:22:22,769 back over the bus, it so says to memory, 702 00:22:22,770 --> 00:22:25,649 hey, I'd like to read this this value and 703 00:22:25,650 --> 00:22:26,819 the various peripherals. 704 00:22:26,820 --> 00:22:28,469 No one no one responds under my control. 705 00:22:28,470 --> 00:22:30,599 So I guess it zeros them and it just 706 00:22:30,600 --> 00:22:32,969 keeps going. And so if we can convince a 707 00:22:32,970 --> 00:22:35,189 controller to to 708 00:22:35,190 --> 00:22:36,659 read a section of RAM and just keep 709 00:22:36,660 --> 00:22:38,879 going, it will just read us zeros 710 00:22:38,880 --> 00:22:41,279 until it runs out, until its 711 00:22:41,280 --> 00:22:42,869 counter overflows. 712 00:22:42,870 --> 00:22:44,189 And then I'll just start again at the 713 00:22:44,190 --> 00:22:45,519 bottom of RAM sometimes. 714 00:22:45,520 --> 00:22:47,129 And so and so we can just keep reading. 715 00:22:47,130 --> 00:22:49,079 As long as we can get the DMA control to 716 00:22:49,080 --> 00:22:51,179 do the thing we want, we can get 717 00:22:51,180 --> 00:22:52,619 it to keep reading us out. 718 00:22:52,620 --> 00:22:53,999 And this is really cool because if you 719 00:22:54,000 --> 00:22:56,159 actually go and ask it for an address 720 00:22:56,160 --> 00:22:58,289 that is all the way at the end of RAM, 721 00:22:58,290 --> 00:23:00,149 this particular microcontroller has a 32 722 00:23:00,150 --> 00:23:01,169 bit address space. 723 00:23:01,170 --> 00:23:03,239 And if I say I want the absolute last 724 00:23:03,240 --> 00:23:05,309 bite that's in outer space and one 725 00:23:05,310 --> 00:23:06,569 hundred and twenty seven bytes following 726 00:23:06,570 --> 00:23:08,789 it, it will happily read that last bite 727 00:23:08,790 --> 00:23:11,069 and then the 127 Bytes 728 00:23:11,070 --> 00:23:12,839 it gets when in increments that last 729 00:23:12,840 --> 00:23:14,909 address and rolls back around to 730 00:23:14,910 --> 00:23:16,709 zero. Yeah, this gives us an almost 731 00:23:16,710 --> 00:23:18,749 unlimited opportunity if we're willing to 732 00:23:18,750 --> 00:23:20,969 read absurd amounts of data to explore 733 00:23:20,970 --> 00:23:23,189 the address space and if we happen 734 00:23:23,190 --> 00:23:24,959 to for example, corrupt the length field 735 00:23:24,960 --> 00:23:26,729 that's supposed to have a value of ten 736 00:23:26,730 --> 00:23:28,829 and is thirty two feet long and we get 737 00:23:28,830 --> 00:23:29,849 something that's really, really, really 738 00:23:29,850 --> 00:23:32,009 long, there's chances that we're going 739 00:23:32,010 --> 00:23:34,169 to get things that are after 740 00:23:34,170 --> 00:23:36,089 that in memory wrapping back around and 741 00:23:36,090 --> 00:23:37,649 starting again. 742 00:23:37,650 --> 00:23:39,539 Yeah, exactly. So if we do manage to take 743 00:23:39,540 --> 00:23:43,059 the 32 bit landfilled and. 744 00:23:43,060 --> 00:23:45,249 Glitch, it's become negative on jump that 745 00:23:45,250 --> 00:23:47,679 jump that comparison to zero, 746 00:23:47,680 --> 00:23:49,449 and it's been a negative one, it will 747 00:23:49,450 --> 00:23:51,369 continue reading all the way all around 748 00:23:51,370 --> 00:23:53,499 until that integer loops, which 749 00:23:53,500 --> 00:23:55,299 happens to be about the point that memory 750 00:23:55,300 --> 00:23:57,429 loops on this thing. So like we get 751 00:23:57,430 --> 00:23:58,430 all of them 752 00:24:00,590 --> 00:24:02,769 describe that the chip was so one 753 00:24:02,770 --> 00:24:04,419 of the foundational pieces of technology 754 00:24:04,420 --> 00:24:05,879 we are using. 755 00:24:05,880 --> 00:24:07,779 We're facing a lot of our work on is the 756 00:24:07,780 --> 00:24:08,739 chip whisperer. 757 00:24:08,740 --> 00:24:10,479 So pictured is the chip whisperer light, 758 00:24:10,480 --> 00:24:12,369 which is the inexperienced, inexpensive 759 00:24:12,370 --> 00:24:14,499 variant of Colleano friends 760 00:24:14,500 --> 00:24:15,579 glitching tool kit. 761 00:24:15,580 --> 00:24:17,049 And this is a tool kit that lets you do 762 00:24:17,050 --> 00:24:19,239 some power side channel analysis and 763 00:24:19,240 --> 00:24:20,409 some basic glitching attacks. 764 00:24:20,410 --> 00:24:22,539 It has modules for clock glitching and 765 00:24:22,540 --> 00:24:24,219 for power glitching so we can implement 766 00:24:24,220 --> 00:24:25,989 both of those two kinds of attacks. 767 00:24:25,990 --> 00:24:28,419 And it provides software 768 00:24:28,420 --> 00:24:30,039 and firmware on a microcontroller and 769 00:24:30,040 --> 00:24:31,929 FPGA that are designed to let you 770 00:24:31,930 --> 00:24:34,149 precisely timed glitches relative 771 00:24:34,150 --> 00:24:36,489 to some known synchronization point. 772 00:24:36,490 --> 00:24:38,259 But that synchronization point has to be 773 00:24:38,260 --> 00:24:40,179 specified for the chip whisperer. 774 00:24:40,180 --> 00:24:42,189 So the chip whisper light has only the 775 00:24:42,190 --> 00:24:43,719 capability to synchronize to a single 776 00:24:43,720 --> 00:24:45,849 rising edge or a single level 777 00:24:45,850 --> 00:24:47,289 triggered event. 778 00:24:47,290 --> 00:24:49,749 So it can't go and say, 779 00:24:49,750 --> 00:24:51,519 I want to time this to, for example, a 780 00:24:51,520 --> 00:24:53,499 USB communication or to a in 781 00:24:53,500 --> 00:24:55,599 communication. It can only say 782 00:24:55,600 --> 00:24:57,879 tell me when something happens 783 00:24:57,880 --> 00:24:59,379 in the house by building your own piece 784 00:24:59,380 --> 00:25:00,999 of hardware and having that hardware 785 00:25:01,000 --> 00:25:02,799 indicate to me that something's 786 00:25:02,800 --> 00:25:03,999 happening. Yes. 787 00:25:04,000 --> 00:25:05,169 So what we want to do is we want to be 788 00:25:05,170 --> 00:25:07,539 able to tie that that, you know, Demay 789 00:25:07,540 --> 00:25:09,429 something that's using the DMA controller 790 00:25:09,430 --> 00:25:11,619 and determining 791 00:25:11,620 --> 00:25:13,839 that that length value or whatever to 792 00:25:13,840 --> 00:25:15,399 to the chip whisperer, where we want to 793 00:25:15,400 --> 00:25:17,139 just be able to say, yeah, go for it, 794 00:25:17,140 --> 00:25:19,449 glitch now. And so we we want to tie 795 00:25:19,450 --> 00:25:20,649 those two things together. 796 00:25:20,650 --> 00:25:22,749 And we did. 797 00:25:22,750 --> 00:25:24,249 So if you look at a typical 798 00:25:24,250 --> 00:25:26,139 microcontroller datasheet, what you see 799 00:25:26,140 --> 00:25:27,609 is something on this these lines, 800 00:25:28,990 --> 00:25:31,209 the all the little boxes 801 00:25:31,210 --> 00:25:32,619 around that side of peripherals that 802 00:25:32,620 --> 00:25:34,329 implement various protocols and things 803 00:25:34,330 --> 00:25:35,679 like that. We've got you arts. 804 00:25:35,680 --> 00:25:37,899 We've got a USB somewhere on 805 00:25:37,900 --> 00:25:40,269 here. We've got ATCs 806 00:25:40,270 --> 00:25:42,399 and DAX. This thing up here 807 00:25:42,400 --> 00:25:43,459 is a high stakes right thing. 808 00:25:43,460 --> 00:25:45,069 The challenge protocols that you might 809 00:25:45,070 --> 00:25:46,569 want to speak. So the challenges and 810 00:25:46,570 --> 00:25:48,789 attackers, if I take a device that 811 00:25:48,790 --> 00:25:50,349 has a lot of these busses populated, I 812 00:25:50,350 --> 00:25:52,549 take a board that is using you, Saaz, 813 00:25:52,550 --> 00:25:54,999 and you are using USB 814 00:25:55,000 --> 00:25:56,979 and it's using the port and it's 815 00:25:56,980 --> 00:25:59,019 connected to an EMC card. 816 00:25:59,020 --> 00:26:01,119 If I want to start breaking into that 817 00:26:01,120 --> 00:26:02,679 device, I have to build purpose-built 818 00:26:02,680 --> 00:26:04,899 triggering hardware right now that is 819 00:26:04,900 --> 00:26:07,539 capable of identifying exactly when 820 00:26:07,540 --> 00:26:08,949 those individual peripherals are being 821 00:26:08,950 --> 00:26:10,059 used and for what. 822 00:26:10,060 --> 00:26:11,589 So in order to synchronize up with this, 823 00:26:11,590 --> 00:26:13,509 I have to go and build purpose-built 824 00:26:13,510 --> 00:26:15,849 pieces of hardware to test on an attack 825 00:26:15,850 --> 00:26:18,369 that I'm not even sure is necessarily 826 00:26:18,370 --> 00:26:19,479 going to work. And it would be a lot 827 00:26:19,480 --> 00:26:21,579 nicer to be able to, instead of having 828 00:26:21,580 --> 00:26:23,469 to build that purpose built hardware, 829 00:26:23,470 --> 00:26:25,119 have some kind of tool kit that provides 830 00:26:25,120 --> 00:26:26,859 a lot of those missing pieces that you 831 00:26:26,860 --> 00:26:28,929 can actually go and say, hmm, I wonder 832 00:26:28,930 --> 00:26:30,669 if attacking USB is going to work. 833 00:26:30,670 --> 00:26:32,319 Let me try USB today. 834 00:26:32,320 --> 00:26:34,449 OK, this premade tool kit is showing 835 00:26:34,450 --> 00:26:36,039 me that USB seems to be a good option. 836 00:26:36,040 --> 00:26:38,319 You know, 12 hours later when you run 837 00:26:38,320 --> 00:26:39,399 for a while, I seem to have some 838 00:26:39,400 --> 00:26:41,469 interesting behavior. Let me go more 839 00:26:41,470 --> 00:26:43,209 into more depth with USB. 840 00:26:43,210 --> 00:26:44,210 Yeah. 841 00:26:44,840 --> 00:26:46,909 So this is where Glenturret comes in. 842 00:26:46,910 --> 00:26:48,469 This is something that that we've been 843 00:26:48,470 --> 00:26:49,609 working on over the past couple of 844 00:26:49,610 --> 00:26:51,709 months, and it ties 845 00:26:51,710 --> 00:26:53,119 together a lot of these features that we 846 00:26:53,120 --> 00:26:54,949 that we want to use. 847 00:26:54,950 --> 00:26:56,359 It ties together 848 00:26:58,100 --> 00:26:59,839 various different like it ties together 849 00:26:59,840 --> 00:27:01,160 synchronization, features of. 850 00:27:03,030 --> 00:27:04,709 Do you wanna go into this now? 851 00:27:04,710 --> 00:27:05,609 Yeah. 852 00:27:05,610 --> 00:27:07,259 So this is just an overall diagram of 853 00:27:07,260 --> 00:27:08,639 what we're going to go into it in detail 854 00:27:08,640 --> 00:27:11,279 in a second. Yes, that is that this is 855 00:27:11,280 --> 00:27:13,709 our open source software tool kit with 856 00:27:13,710 --> 00:27:15,269 that is designed to work with some 857 00:27:15,270 --> 00:27:17,609 existing open source hardware, but 858 00:27:17,610 --> 00:27:19,349 kind of bridges that gap and lets you go 859 00:27:19,350 --> 00:27:21,839 from kind of having interest in exploring 860 00:27:21,840 --> 00:27:23,789 a system to attacking that system as 861 00:27:23,790 --> 00:27:24,869 quickly as you can. 862 00:27:24,870 --> 00:27:26,039 You don't have to make some hardware 863 00:27:26,040 --> 00:27:28,289 modifications to your target device, 864 00:27:28,290 --> 00:27:30,449 but that's, you know, adding transistors 865 00:27:30,450 --> 00:27:32,849 and rerouting wires instead of building 866 00:27:32,850 --> 00:27:34,139 purpose built hardware in order to be 867 00:27:34,140 --> 00:27:37,709 able to try testing those individuals, 868 00:27:37,710 --> 00:27:39,719 putting those individual busses and often 869 00:27:39,720 --> 00:27:40,979 the modifications that you make, our 870 00:27:40,980 --> 00:27:43,169 modifications that are 871 00:27:43,170 --> 00:27:45,239 actually useful across all of 872 00:27:45,240 --> 00:27:46,529 those different busses, for example, 873 00:27:46,530 --> 00:27:47,999 modifying the power supply, you can 874 00:27:48,000 --> 00:27:50,009 switch its power to be useful no matter 875 00:27:50,010 --> 00:27:51,419 which one of those busses you're trying 876 00:27:51,420 --> 00:27:53,849 to attack with with 877 00:27:53,850 --> 00:27:55,139 voltage pitching. 878 00:27:55,140 --> 00:27:57,029 The goal is that you you know, we're not 879 00:27:57,030 --> 00:27:58,619 trying to bring the amount of hardware 880 00:27:58,620 --> 00:27:59,969 hacking you have to do down to zero 881 00:27:59,970 --> 00:28:01,559 because that's virtually impossible in 882 00:28:01,560 --> 00:28:03,479 this and with this technology. 883 00:28:03,480 --> 00:28:05,219 But we're trying to take it from I've got 884 00:28:05,220 --> 00:28:07,199 to spend two weeks like designing a 885 00:28:07,200 --> 00:28:09,149 custom board, sending after a piece of 886 00:28:09,150 --> 00:28:11,189 fab, getting it back, building this thing 887 00:28:11,190 --> 00:28:13,199 with a compass to like a couple of hours. 888 00:28:13,200 --> 00:28:14,339 OK, well, I've pulled off all the 889 00:28:14,340 --> 00:28:16,469 decoupling capacitors and now I've hooked 890 00:28:16,470 --> 00:28:17,489 up my hardware to it. 891 00:28:17,490 --> 00:28:19,079 Now let's go and see if we can. 892 00:28:19,080 --> 00:28:20,909 So just trying to produce that turnaround 893 00:28:20,910 --> 00:28:22,319 time and make it easier, especially if 894 00:28:22,320 --> 00:28:23,879 you want to have to design hardware. 895 00:28:23,880 --> 00:28:25,859 So what we really need is something that 896 00:28:25,860 --> 00:28:27,899 takes the influence, a bunch of these 897 00:28:27,900 --> 00:28:28,900 different 898 00:28:30,240 --> 00:28:31,589 these different peripherals and things 899 00:28:31,590 --> 00:28:33,209 like that. So it seems like if we're 900 00:28:33,210 --> 00:28:35,249 going to try and implement those, we 901 00:28:35,250 --> 00:28:36,749 should just find out what part this 902 00:28:36,750 --> 00:28:38,699 datasheet is from and and boil down to a 903 00:28:38,700 --> 00:28:40,889 board, which turns out we already 904 00:28:40,890 --> 00:28:42,059 did because we did this the other way 905 00:28:42,060 --> 00:28:43,379 around. 906 00:28:43,380 --> 00:28:45,029 And this is great. 907 00:28:45,030 --> 00:28:46,079 That's one of my hand. 908 00:28:46,080 --> 00:28:48,269 That's about this big for me for 909 00:28:48,270 --> 00:28:49,270 scale. 910 00:28:50,070 --> 00:28:51,539 It is. 911 00:28:51,540 --> 00:28:53,639 It is a microcontroller board 912 00:28:53,640 --> 00:28:56,489 that Mike Ossman designed. 913 00:28:56,490 --> 00:28:59,069 Some guy here, 914 00:28:59,070 --> 00:29:00,059 it's open source hardware. 915 00:29:00,060 --> 00:29:02,189 It's it's like a breakout board to 916 00:29:02,190 --> 00:29:04,139 build interesting modules to sit on top 917 00:29:04,140 --> 00:29:06,329 of it, does various USB stuff 918 00:29:06,330 --> 00:29:07,979 that we've spoken about before. 919 00:29:07,980 --> 00:29:10,139 And it's you 920 00:29:10,140 --> 00:29:11,099 can go build one yourself. 921 00:29:11,100 --> 00:29:14,069 Right now, the designs are on GitHub. 922 00:29:14,070 --> 00:29:16,289 And so this is this is my 923 00:29:16,290 --> 00:29:17,969 controller here. 924 00:29:17,970 --> 00:29:20,129 Kind of the way this board wound up 925 00:29:20,130 --> 00:29:21,599 existing is that this was used 926 00:29:21,600 --> 00:29:24,119 previously. And Kharif so really neat. 927 00:29:24,120 --> 00:29:26,069 Yeah, we use this chip in Hacker F, and I 928 00:29:26,070 --> 00:29:28,319 think Mike was written 929 00:29:28,320 --> 00:29:28,679 at some point. 930 00:29:28,680 --> 00:29:29,819 It's like this part's really cool. 931 00:29:29,820 --> 00:29:30,719 I'd love to use some of the other 932 00:29:30,720 --> 00:29:32,189 peripherals and I'd love to make it 933 00:29:32,190 --> 00:29:33,809 easier for other people to use some of 934 00:29:33,810 --> 00:29:35,670 these peripherals and and see how 935 00:29:36,900 --> 00:29:38,279 and have easy access. 936 00:29:38,280 --> 00:29:39,749 I want I want to to plug something into 937 00:29:39,750 --> 00:29:41,399 my USB port and then I want to able to 938 00:29:41,400 --> 00:29:43,469 speak or spy 939 00:29:43,470 --> 00:29:44,669 or something directly. 940 00:29:44,670 --> 00:29:45,749 And I want to be able to do all those 941 00:29:45,750 --> 00:29:47,309 things on a single board. And that's kind 942 00:29:47,310 --> 00:29:49,049 of what great and so great that provides 943 00:29:49,050 --> 00:29:50,939 this place platform on which which you 944 00:29:50,940 --> 00:29:53,129 can build on top of to add other 945 00:29:53,130 --> 00:29:55,349 features. That is, add 946 00:29:55,350 --> 00:29:56,879 on boards that are similar to shields 947 00:29:56,880 --> 00:29:58,679 called neighbors that theoretically had 948 00:29:58,680 --> 00:30:00,549 other you. 949 00:30:00,550 --> 00:30:03,179 You had the name a little bit. 950 00:30:03,180 --> 00:30:04,769 Thank Trevaskis Speed for that, but I 951 00:30:04,770 --> 00:30:05,969 have no problem calling them neighbors. 952 00:30:05,970 --> 00:30:07,439 I have a problem with the fact that I 953 00:30:07,440 --> 00:30:09,159 spell neighbor differently to the rest of 954 00:30:09,160 --> 00:30:10,160 my company. 955 00:30:12,230 --> 00:30:14,209 So so let's step through let's step 956 00:30:14,210 --> 00:30:16,299 through it one more thing. 957 00:30:16,300 --> 00:30:18,089 Oh, I'm sorry. So when we talk about 958 00:30:18,090 --> 00:30:19,669 Greifeld, we are talking about both that 959 00:30:19,670 --> 00:30:21,199 board and other boards that are 960 00:30:21,200 --> 00:30:22,579 compatible with it. 961 00:30:22,580 --> 00:30:24,649 So if you have a radio badge 962 00:30:24,650 --> 00:30:26,719 because you want to scan a few 963 00:30:26,720 --> 00:30:27,619 years ago, 20, 15. 964 00:30:27,620 --> 00:30:29,659 Yep, 15, then you already have a great 965 00:30:29,660 --> 00:30:31,549 fit because the great software runs 966 00:30:31,550 --> 00:30:32,839 currently on that. 967 00:30:32,840 --> 00:30:34,309 And it's not the preferred form because 968 00:30:34,310 --> 00:30:36,139 you can't stack those additional headers 969 00:30:36,140 --> 00:30:37,669 on there. But it'll work just fine for 970 00:30:37,670 --> 00:30:39,559 doing glitching, if you will. 971 00:30:39,560 --> 00:30:41,269 Yeah. You remember a couple of GPO, 972 00:30:41,270 --> 00:30:43,189 right, so that you when you bought 973 00:30:43,190 --> 00:30:44,190 tickets now 974 00:30:46,640 --> 00:30:48,139 anyway, so. Right. 975 00:30:48,140 --> 00:30:49,699 Let's step through three KHK. 976 00:30:49,700 --> 00:30:51,799 There are three main kind of sections of 977 00:30:51,800 --> 00:30:52,909 this, this code. 978 00:30:52,910 --> 00:30:54,799 First up, we've got an event router and 979 00:30:54,800 --> 00:30:57,079 the event, Rita lets us 980 00:30:57,080 --> 00:30:58,819 take various things that are happening in 981 00:30:58,820 --> 00:31:00,889 our target hardware and combine 982 00:31:00,890 --> 00:31:01,879 them in interesting ways. 983 00:31:01,880 --> 00:31:04,069 So, you know, we've got a 984 00:31:04,070 --> 00:31:06,639 you know, we're looking really quizzical 985 00:31:06,640 --> 00:31:08,239 at me about this. I'm sorry. 986 00:31:08,240 --> 00:31:10,309 So so maybe we want to, 987 00:31:10,310 --> 00:31:11,779 you know, only bring out the power supply 988 00:31:11,780 --> 00:31:12,859 when this other thing happens. 989 00:31:12,860 --> 00:31:14,959 And we want to fiddle with 990 00:31:14,960 --> 00:31:17,089 the clock in some way when this power 991 00:31:17,090 --> 00:31:18,889 line goes goes high and we were able to 992 00:31:18,890 --> 00:31:21,169 kind of connect those events and 993 00:31:21,170 --> 00:31:23,539 make more complicated structures 994 00:31:23,540 --> 00:31:25,639 of of the hardware 995 00:31:25,640 --> 00:31:28,129 states to come and kind of task. 996 00:31:28,130 --> 00:31:29,989 When you're using these devices, you're 997 00:31:29,990 --> 00:31:32,449 trying to glitch devices, is to 998 00:31:32,450 --> 00:31:34,639 get things synchronized 999 00:31:34,640 --> 00:31:36,019 across a variety of tasks. 1000 00:31:36,020 --> 00:31:38,299 So you might, let's say, be attacking 1001 00:31:38,300 --> 00:31:40,549 a USB device where you need to apply 1002 00:31:40,550 --> 00:31:42,499 power and then wait for the system to 1003 00:31:42,500 --> 00:31:44,209 boot, wait for it to show you that the 1004 00:31:44,210 --> 00:31:46,039 controller on board has started up. 1005 00:31:46,040 --> 00:31:48,679 And then at that point, you're ready to 1006 00:31:48,680 --> 00:31:50,809 apply some stimulus in order to 1007 00:31:50,810 --> 00:31:52,549 generate an attack or you might have a 1008 00:31:52,550 --> 00:31:54,199 device that you need to power up and then 1009 00:31:54,200 --> 00:31:56,209 immediately provide a clock, which is 1010 00:31:56,210 --> 00:31:57,929 going to drive that device but don't want 1011 00:31:57,930 --> 00:31:59,659 to ride that clock before power is on. 1012 00:31:59,660 --> 00:32:01,549 Otherwise, you're driving it into a chip 1013 00:32:01,550 --> 00:32:03,829 that has no VXI, that's not supply rail. 1014 00:32:03,830 --> 00:32:06,169 So this event routing system is 1015 00:32:06,170 --> 00:32:08,299 kind of the heart of glitch kit and 1016 00:32:08,300 --> 00:32:10,399 it lets you take all these 1017 00:32:10,400 --> 00:32:12,499 different pieces of information, all 1018 00:32:12,500 --> 00:32:14,599 these pieces of stimulus and use them 1019 00:32:14,600 --> 00:32:16,729 to drive things like, all right, when 1020 00:32:16,730 --> 00:32:18,829 VXI turns on for the target board, 1021 00:32:18,830 --> 00:32:20,779 I also want to start a clock and then I 1022 00:32:20,780 --> 00:32:22,939 want to wait for the system to 1023 00:32:22,940 --> 00:32:24,619 appear to boot by moderating one of its 1024 00:32:24,620 --> 00:32:26,569 GPO and seeing one that goes high. 1025 00:32:26,570 --> 00:32:28,669 And then finally, when that happens, I 1026 00:32:28,670 --> 00:32:30,559 want to throw some stimulus at it. 1027 00:32:30,560 --> 00:32:32,719 And then finally, when that 1028 00:32:32,720 --> 00:32:34,789 stimulus has taken, I want to trigger 1029 00:32:34,790 --> 00:32:35,929 a glitch. 1030 00:32:35,930 --> 00:32:37,219 So that event routing system is what 1031 00:32:37,220 --> 00:32:38,969 connects all those individual pieces. 1032 00:32:38,970 --> 00:32:41,359 Now, we also have a clock management 1033 00:32:41,360 --> 00:32:43,639 section, which is the 1034 00:32:43,640 --> 00:32:46,039 bar which handles things like 1035 00:32:46,040 --> 00:32:47,599 making sure that all the individual 1036 00:32:47,600 --> 00:32:49,039 pieces of your system share a common 1037 00:32:49,040 --> 00:32:50,389 clock when you can. 1038 00:32:50,390 --> 00:32:51,679 This is a lot easier to get everything 1039 00:32:51,680 --> 00:32:53,419 synchronized up if they are executing on 1040 00:32:53,420 --> 00:32:54,649 the same time base. 1041 00:32:54,650 --> 00:32:56,689 So the clock management will take in an 1042 00:32:56,690 --> 00:32:58,369 external clock and allow the glitch get 1043 00:32:58,370 --> 00:33:00,499 hardware the Fed itself to 1044 00:33:00,500 --> 00:33:01,500 be. 1045 00:33:02,970 --> 00:33:05,079 They execute on the same clock as your 1046 00:33:05,080 --> 00:33:06,279 other your target or as the chip 1047 00:33:06,280 --> 00:33:08,319 whisperer, and so you can get all of the 1048 00:33:08,320 --> 00:33:10,329 chip whisper and the great fat pieces of 1049 00:33:10,330 --> 00:33:11,859 that stack synchronized up. 1050 00:33:11,860 --> 00:33:13,989 Yeah. And it'll also provide clocks to 1051 00:33:13,990 --> 00:33:16,299 things that are better off being 1052 00:33:16,300 --> 00:33:18,369 given an external clock so it 1053 00:33:18,370 --> 00:33:21,039 can then go and apply clocks and 1054 00:33:21,040 --> 00:33:22,479 theoretically in the future, modify the 1055 00:33:22,480 --> 00:33:23,739 clocks for clock clenching as if you're 1056 00:33:23,740 --> 00:33:25,749 using this particular path. 1057 00:33:25,750 --> 00:33:27,069 So it gives you the ability to buffer 1058 00:33:27,070 --> 00:33:29,049 clocks and spread them out throughout a 1059 00:33:29,050 --> 00:33:30,520 system without having to 1060 00:33:31,570 --> 00:33:33,099 necessarily build purpose built hardware 1061 00:33:33,100 --> 00:33:34,599 in order to ensure that the clock is 1062 00:33:34,600 --> 00:33:36,629 stable as it's being distributed. 1063 00:33:36,630 --> 00:33:38,769 I guess the question, if you if you're 1064 00:33:38,770 --> 00:33:40,119 going to do things that require 1065 00:33:40,120 --> 00:33:41,739 incredibly tight timing, it's useful to 1066 00:33:41,740 --> 00:33:44,019 be running from the same time so 1067 00:33:44,020 --> 00:33:46,329 we can have the chip whisperer board and 1068 00:33:46,330 --> 00:33:48,039 the great fat and whatever our target 1069 00:33:48,040 --> 00:33:49,779 device that we're trying to glitch or 1070 00:33:49,780 --> 00:33:51,069 running from the same clocks, that kind 1071 00:33:51,070 --> 00:33:52,779 of running in lockstep with each other so 1072 00:33:52,780 --> 00:33:54,579 that we know if we're trying to like if 1073 00:33:54,580 --> 00:33:56,529 we've got a time offset between, you 1074 00:33:56,530 --> 00:33:58,749 know, the star and when we do 1075 00:33:58,750 --> 00:34:00,399 that, that voltage, which we know that's 1076 00:34:00,400 --> 00:34:02,660 consistent across the board. 1077 00:34:04,390 --> 00:34:06,039 So the other thing you might want to do, 1078 00:34:06,040 --> 00:34:08,259 a lot of switching to 1079 00:34:08,260 --> 00:34:09,729 try and get the bootloader or something 1080 00:34:09,730 --> 00:34:11,738 might happen like, well, or doing 1081 00:34:11,739 --> 00:34:12,908 something weird to the bootloader might 1082 00:34:12,909 --> 00:34:13,809 happen super early on. 1083 00:34:13,810 --> 00:34:15,549 You might like turn on the chip and then 1084 00:34:15,550 --> 00:34:17,678 immediately try and do something after 1085 00:34:17,679 --> 00:34:19,178 a short couple of instruction delay or 1086 00:34:19,179 --> 00:34:21,339 something. But sometimes you 1087 00:34:21,340 --> 00:34:23,468 want to probe the hardware 1088 00:34:23,469 --> 00:34:24,488 and somehow you want it to boot up 1089 00:34:24,489 --> 00:34:26,289 normally and then you want to modify in 1090 00:34:26,290 --> 00:34:28,689 some method, some some 1091 00:34:28,690 --> 00:34:29,690 some style. 1092 00:34:30,639 --> 00:34:33,459 And so we can act as a USB host 1093 00:34:33,460 --> 00:34:36,129 and a USB device and 1094 00:34:36,130 --> 00:34:38,468 sometime in the future a 1095 00:34:38,469 --> 00:34:41,259 fast ship or any C E.M.S. 1096 00:34:41,260 --> 00:34:43,329 device. And so the idea being, you 1097 00:34:43,330 --> 00:34:45,279 know, maybe maybe the thing that I think 1098 00:34:45,280 --> 00:34:47,049 is actually going to be the the the 1099 00:34:47,050 --> 00:34:48,879 request to the device that I want to 1100 00:34:48,880 --> 00:34:51,698 glitch is like some some 1101 00:34:51,699 --> 00:34:54,039 USB command that has to happen 1102 00:34:54,040 --> 00:34:55,448 after we've enumerated the device. 1103 00:34:55,449 --> 00:34:57,639 So we've got like five or six USB 1104 00:34:57,640 --> 00:34:58,899 commands that need to go between the host 1105 00:34:58,900 --> 00:35:00,789 and the device before I can start sending 1106 00:35:00,790 --> 00:35:02,979 out this this command and then 1107 00:35:02,980 --> 00:35:04,479 trying to glitch it during that command. 1108 00:35:04,480 --> 00:35:06,039 And so what we're able to do is we're 1109 00:35:06,040 --> 00:35:07,569 able to bring up the device, a numerary 1110 00:35:07,570 --> 00:35:09,939 to get into the right state, send 1111 00:35:09,940 --> 00:35:11,289 it that command, and then immediately 1112 00:35:11,290 --> 00:35:12,819 tell the chip whisperer, hey, now's the 1113 00:35:12,820 --> 00:35:13,779 time to start watching. 1114 00:35:13,780 --> 00:35:15,279 Right. This gives you the ability to do 1115 00:35:15,280 --> 00:35:17,719 really precisely timed stimulation 1116 00:35:17,720 --> 00:35:19,599 of that device. So if you think that's a 1117 00:35:19,600 --> 00:35:21,639 vulnerable piece of code or a vulnerable 1118 00:35:21,640 --> 00:35:24,159 hardware function is only ever exercised 1119 00:35:24,160 --> 00:35:25,629 once you've received a certain command, 1120 00:35:25,630 --> 00:35:27,729 let's say, you know, I'm a USB device, I 1121 00:35:27,730 --> 00:35:29,469 have a capability self-described. 1122 00:35:29,470 --> 00:35:31,389 I'm only going to do that when you ask 1123 00:35:31,390 --> 00:35:33,039 for a descriptor. 1124 00:35:33,040 --> 00:35:35,109 You need to be able to go and start 1125 00:35:35,110 --> 00:35:36,699 poking that device and prodding it in 1126 00:35:36,700 --> 00:35:38,079 order to get it into a state where it's 1127 00:35:38,080 --> 00:35:39,219 doing the task that you think are 1128 00:35:39,220 --> 00:35:39,909 vulnerable. 1129 00:35:39,910 --> 00:35:41,529 And while you're doing that, you often 1130 00:35:41,530 --> 00:35:44,049 want to know what stimulus 1131 00:35:44,050 --> 00:35:45,579 are being applied and where they are in 1132 00:35:45,580 --> 00:35:47,919 time, because sometimes 1133 00:35:47,920 --> 00:35:50,079 the stimulus for triggering is I've just 1134 00:35:50,080 --> 00:35:52,419 asked it to respond to a given command. 1135 00:35:52,420 --> 00:35:54,549 So all these stimulus 1136 00:35:54,550 --> 00:35:56,679 modules both exist and 1137 00:35:56,680 --> 00:35:58,719 to move the device through, you know, a 1138 00:35:58,720 --> 00:36:00,879 given device into a given state 1139 00:36:00,880 --> 00:36:03,099 and exists that they can provide 1140 00:36:03,100 --> 00:36:04,719 inputs to the event routing system. 1141 00:36:04,720 --> 00:36:06,869 So you can do things like, say, turn on 1142 00:36:06,870 --> 00:36:09,159 USB bus and then send a command 1143 00:36:09,160 --> 00:36:11,829 and use those as inputs for 1144 00:36:11,830 --> 00:36:13,089 both for glitching and triggering 1145 00:36:13,090 --> 00:36:15,219 glitching and for generating 1146 00:36:15,220 --> 00:36:17,259 other events like turning on clocks. 1147 00:36:17,260 --> 00:36:19,419 Yeah, so, so by extending 1148 00:36:19,420 --> 00:36:21,639 the the the by 1149 00:36:21,640 --> 00:36:22,989 allowing us to kind of interact with the 1150 00:36:22,990 --> 00:36:25,149 device for longer and do more to change 1151 00:36:25,150 --> 00:36:26,559 the state of the device before we try and 1152 00:36:26,560 --> 00:36:28,569 attack it, we massively increase the 1153 00:36:28,570 --> 00:36:30,879 attack surface because we can now 1154 00:36:30,880 --> 00:36:32,949 we're not just going for for 1155 00:36:32,950 --> 00:36:34,510 a small subset of the 1156 00:36:35,620 --> 00:36:36,789 of the code that's running on the device 1157 00:36:36,790 --> 00:36:38,589 we're going for. We can, you know, start 1158 00:36:38,590 --> 00:36:40,269 to play around with all sorts of weird, 1159 00:36:40,270 --> 00:36:42,639 arbitrary USB functionality 1160 00:36:42,640 --> 00:36:44,739 of this thing because you don't 1161 00:36:44,740 --> 00:36:46,449 know which part of it is going to be the 1162 00:36:46,450 --> 00:36:47,919 most susceptible. 1163 00:36:47,920 --> 00:36:49,899 And there's a fair chance that the 1164 00:36:49,900 --> 00:36:52,299 descriptive stuff might be really 1165 00:36:52,300 --> 00:36:53,259 solidly written. 1166 00:36:53,260 --> 00:36:54,999 It might even be implemented like in 1167 00:36:55,000 --> 00:36:56,379 hardware on the peripheral, but like 1168 00:36:56,380 --> 00:36:58,359 those USB vendor request that someone's 1169 00:36:58,360 --> 00:37:00,489 like thrown together to, you know, 1170 00:37:00,490 --> 00:37:01,689 the day before, they have to ship this 1171 00:37:01,690 --> 00:37:03,819 piece of hardware. They might be written 1172 00:37:03,820 --> 00:37:05,559 in that slightly more sketchy style of, 1173 00:37:05,560 --> 00:37:07,749 yeah, let's just let's just decrement 1174 00:37:07,750 --> 00:37:09,639 an integer. And so there might be more 1175 00:37:09,640 --> 00:37:11,379 than one thing going on in the hardware 1176 00:37:11,380 --> 00:37:12,639 as a descriptor inside out. 1177 00:37:12,640 --> 00:37:13,719 And that makes it very difficult to 1178 00:37:13,720 --> 00:37:15,819 glitch, because if you start watching the 1179 00:37:15,820 --> 00:37:17,469 script to request, you might also knock 1180 00:37:17,470 --> 00:37:19,569 out something that is responsible 1181 00:37:19,570 --> 00:37:21,819 for the core functionality of the device. 1182 00:37:21,820 --> 00:37:23,169 And the device is memory, but it may go 1183 00:37:23,170 --> 00:37:25,359 down. Right. So being able to explore 1184 00:37:25,360 --> 00:37:27,319 a lot of that is really important. 1185 00:37:27,320 --> 00:37:28,809 Also worth noting, I think this is 1186 00:37:28,810 --> 00:37:29,799 probably the first pitch you've heard 1187 00:37:29,800 --> 00:37:32,079 today where we tell you that a project 1188 00:37:32,080 --> 00:37:34,219 massively increases the tax service. 1189 00:37:34,220 --> 00:37:36,519 So that's a plus major 1190 00:37:36,520 --> 00:37:39,159 benefit of 1191 00:37:39,160 --> 00:37:40,719 increasing your tax taxes. 1192 00:37:40,720 --> 00:37:42,759 OK, so so Triggerfish, this is this is 1193 00:37:42,760 --> 00:37:44,709 kind of where this, I guess, or came from 1194 00:37:44,710 --> 00:37:46,389 originally, is that one of the things we 1195 00:37:46,390 --> 00:37:47,949 wanted to do was be able to have these 1196 00:37:47,950 --> 00:37:49,869 kind of more complex methods for 1197 00:37:49,870 --> 00:37:52,359 deciding, OK, well. 1198 00:37:52,360 --> 00:37:54,189 So, for example, the simple event trigger 1199 00:37:54,190 --> 00:37:55,599 here, what it does is it allows us to 1200 00:37:55,600 --> 00:37:57,699 hook into a bunch of lines on the 1201 00:37:57,700 --> 00:37:59,889 on the target device and say, well, when 1202 00:37:59,890 --> 00:38:01,959 this thing happens five times and 1203 00:38:01,960 --> 00:38:04,269 these two lines are high and like this, 1204 00:38:04,270 --> 00:38:05,559 this line pulses, that's when you 1205 00:38:05,560 --> 00:38:07,099 trigger. And so this is kind of funk's 1206 00:38:07,100 --> 00:38:08,799 you can just hook up to like a spy chief 1207 00:38:08,800 --> 00:38:10,149 and you can say, well, I know this 1208 00:38:10,150 --> 00:38:12,369 thing's going to read like four 1209 00:38:12,370 --> 00:38:13,389 times when it starts up. 1210 00:38:13,390 --> 00:38:14,739 And then what I want to do is try and 1211 00:38:14,740 --> 00:38:16,509 like, klich it right after it does the 1212 00:38:16,510 --> 00:38:18,579 fourth read. And so all you do is you 1213 00:38:18,580 --> 00:38:20,679 hook up to like the enable line and 1214 00:38:20,680 --> 00:38:22,869 you say, well, when that happens 1215 00:38:22,870 --> 00:38:24,999 four times, that's when you trigger or 1216 00:38:25,000 --> 00:38:27,369 like get a more complex example. 1217 00:38:27,370 --> 00:38:29,259 A simple event triggers lets you take a 1218 00:38:29,260 --> 00:38:31,719 variety of just general boolean 1219 00:38:31,720 --> 00:38:33,789 conditions for input pins and 1220 00:38:33,790 --> 00:38:35,979 build complex conditionals out of them. 1221 00:38:35,980 --> 00:38:38,349 So common example, and I think the 1222 00:38:38,350 --> 00:38:40,539 the more complex thing that I was talking 1223 00:38:40,540 --> 00:38:42,639 before is I might have a 1224 00:38:42,640 --> 00:38:44,889 microcontroller that reads some 1225 00:38:44,890 --> 00:38:47,019 information of an external flash and 1226 00:38:47,020 --> 00:38:48,459 I might want to know where it is in that 1227 00:38:48,460 --> 00:38:49,329 read. 1228 00:38:49,330 --> 00:38:51,639 And I could go and build a whole S.P.I 1229 00:38:51,640 --> 00:38:53,719 peripheral and, you know, kind of fake 1230 00:38:53,720 --> 00:38:55,539 S.P.I flash chip and know that by 1231 00:38:55,540 --> 00:38:57,369 emulating the flash chip, I get this 1232 00:38:57,370 --> 00:38:59,889 insight. Or I could say, OK, I know that 1233 00:38:59,890 --> 00:39:01,299 this thing behaves the same way every 1234 00:39:01,300 --> 00:39:03,519 time the 4th read, 1235 00:39:03,520 --> 00:39:05,229 for thing it reads, it's always that 1236 00:39:05,230 --> 00:39:06,729 piece of information that I'm interested 1237 00:39:06,730 --> 00:39:08,679 in using as my time base. 1238 00:39:08,680 --> 00:39:10,989 So let me just say, OK, the 1239 00:39:10,990 --> 00:39:13,509 24th clock edge, here are the 1240 00:39:13,510 --> 00:39:14,919 30 second clock edge here. 1241 00:39:14,920 --> 00:39:17,199 While the chip by the chip enabled pin 1242 00:39:17,200 --> 00:39:19,329 is low, happens to be the thing that I'm 1243 00:39:19,330 --> 00:39:20,619 interested in triggering on. 1244 00:39:20,620 --> 00:39:21,969 And this doesn't necessarily have to be 1245 00:39:21,970 --> 00:39:23,679 the thing that generates that final digit 1246 00:39:23,680 --> 00:39:25,419 trigger. This can be the thing that 1247 00:39:25,420 --> 00:39:26,919 prompts you to, let's say, turn on the 1248 00:39:26,920 --> 00:39:29,319 system's clock, turn on the clock to the 1249 00:39:29,320 --> 00:39:31,239 right to hit another target device. 1250 00:39:31,240 --> 00:39:33,639 Or you can use that as a 1251 00:39:33,640 --> 00:39:35,319 time base to start executing some 1252 00:39:35,320 --> 00:39:37,059 stimulus. So when it gets to this point, 1253 00:39:37,060 --> 00:39:38,409 that's when I want to start sending it 1254 00:39:38,410 --> 00:39:40,719 USB packets. 1255 00:39:40,720 --> 00:39:42,699 Yeah. To science. And you might do that 1256 00:39:42,700 --> 00:39:44,379 because you won't want to apply power to 1257 00:39:44,380 --> 00:39:45,789 the device and then wait for it to come 1258 00:39:45,790 --> 00:39:47,889 up before you start trying to talk to it 1259 00:39:47,890 --> 00:39:49,569 over USB and and things like that. 1260 00:39:49,570 --> 00:39:51,129 And so you might just wait for, for 1261 00:39:51,130 --> 00:39:52,809 example, like those lines don't have to 1262 00:39:52,810 --> 00:39:54,669 be like complex chip chip interfaces. 1263 00:39:54,670 --> 00:39:56,049 You can just hook into one of the LEDs 1264 00:39:56,050 --> 00:39:57,369 and say, well, when this light comes on, 1265 00:39:57,370 --> 00:39:59,469 I know it's booted something 1266 00:39:59,470 --> 00:40:00,549 like that. 1267 00:40:00,550 --> 00:40:02,649 You are I don't really want to talk 1268 00:40:02,650 --> 00:40:03,969 about you up because I influenced it and 1269 00:40:03,970 --> 00:40:05,739 it currently doesn't compile. 1270 00:40:05,740 --> 00:40:07,899 But you are I mean, that's not 1271 00:40:07,900 --> 00:40:09,339 surprising. 1272 00:40:09,340 --> 00:40:11,509 You are it is is 1273 00:40:11,510 --> 00:40:13,329 like a pretty common kind of debug 1274 00:40:13,330 --> 00:40:14,439 interface that you're going to find. 1275 00:40:14,440 --> 00:40:16,779 Like if you just tear open one of those, 1276 00:40:16,780 --> 00:40:18,459 like, standard routers that you get from 1277 00:40:18,460 --> 00:40:20,559 your ISP, like that thing's got a 1278 00:40:20,560 --> 00:40:22,359 going to have a serial connection on it. 1279 00:40:22,360 --> 00:40:24,129 And so you might want to use that to work 1280 00:40:24,130 --> 00:40:25,659 out when it's bootloader has started up 1281 00:40:25,660 --> 00:40:26,649 or something like that because it will 1282 00:40:26,650 --> 00:40:28,869 dump some information 1283 00:40:28,870 --> 00:40:30,759 and then these things can be used. 1284 00:40:30,760 --> 00:40:32,259 The final thing is to then talk to the 1285 00:40:32,260 --> 00:40:33,909 chip whisperer and trigger some output 1286 00:40:33,910 --> 00:40:36,039 from it. So this is 1287 00:40:36,040 --> 00:40:38,019 a cool things. You can you can take that 1288 00:40:38,020 --> 00:40:39,279 trigger signal and you can trigger the 1289 00:40:39,280 --> 00:40:40,719 chip whisperer to start doing its 1290 00:40:40,720 --> 00:40:41,739 switching process. 1291 00:40:41,740 --> 00:40:44,289 Or if you want to, you can use that to 1292 00:40:44,290 --> 00:40:45,339 drive the trigger input to your 1293 00:40:45,340 --> 00:40:46,629 oscilloscope or logic analyzer. 1294 00:40:46,630 --> 00:40:48,639 So you can use this as a source of 1295 00:40:48,640 --> 00:40:49,899 debugging information outside of 1296 00:40:49,900 --> 00:40:51,669 glitching, even though it's not our main 1297 00:40:51,670 --> 00:40:53,829 purpose. So this 1298 00:40:53,830 --> 00:40:55,599 is a general purpose stimulus and 1299 00:40:55,600 --> 00:40:57,009 triggering engine that we happen to be 1300 00:40:57,010 --> 00:40:58,689 using for leeching. 1301 00:40:58,690 --> 00:41:01,329 So one of the kind of 1302 00:41:01,330 --> 00:41:03,399 pieces of work that happened a couple of 1303 00:41:03,400 --> 00:41:05,559 years ago before a couple of years ago, 1304 00:41:05,560 --> 00:41:07,719 before we are now, that was 1305 00:41:07,720 --> 00:41:09,279 kind of really inspiring for this was 1306 00:41:09,280 --> 00:41:11,769 done by my friend Maika, who 1307 00:41:11,770 --> 00:41:13,779 wanted to be able to take a USB tablet 1308 00:41:13,780 --> 00:41:15,909 that she had and 1309 00:41:15,910 --> 00:41:18,099 use it as 1310 00:41:18,100 --> 00:41:20,199 kind of a general code execution engine 1311 00:41:20,200 --> 00:41:22,269 to prove out an idea that she had, 1312 00:41:22,270 --> 00:41:24,439 which was that these things are 1313 00:41:24,440 --> 00:41:26,559 an awful lot like RFID 1314 00:41:26,560 --> 00:41:28,449 readers. And she kind of had the idea 1315 00:41:28,450 --> 00:41:30,279 that she wanted to be able to take this, 1316 00:41:30,280 --> 00:41:33,039 run her own firmware on it and 1317 00:41:33,040 --> 00:41:34,179 be able to 1318 00:41:35,200 --> 00:41:37,569 read an RFID token that was held really 1319 00:41:37,570 --> 00:41:39,399 close to the actual switching matrix of 1320 00:41:39,400 --> 00:41:40,969 this Blackcomb tablet. 1321 00:41:40,970 --> 00:41:41,859 This is the kind of thing that you 1322 00:41:41,860 --> 00:41:43,629 normally use with an inductive drawing 1323 00:41:43,630 --> 00:41:45,339 pen, the kind of thing where the pen has 1324 00:41:45,340 --> 00:41:46,749 no battery. 1325 00:41:46,750 --> 00:41:48,369 But by holding it close to the tablet, 1326 00:41:48,370 --> 00:41:50,769 it's able to receive power, modulate 1327 00:41:50,770 --> 00:41:52,600 the its load on that 1328 00:41:53,740 --> 00:41:55,509 switching matrix, and thus kind of 1329 00:41:55,510 --> 00:41:57,009 communicate a little bit of information 1330 00:41:57,010 --> 00:41:58,719 like, yes, I have a pen, I'm being 1331 00:41:58,720 --> 00:42:00,789 pressed this hard and that 1332 00:42:00,790 --> 00:42:02,679 kind of functionally looks a lot like an 1333 00:42:02,680 --> 00:42:04,899 RFID chip, which also does kind 1334 00:42:04,900 --> 00:42:06,309 of a load modulation. 1335 00:42:06,310 --> 00:42:08,409 So whereas the pen was receiving 1336 00:42:08,410 --> 00:42:10,749 power and then loading the power lines 1337 00:42:10,750 --> 00:42:13,089 more or less in order to communicate 1338 00:42:13,090 --> 00:42:15,219 where it was on a grid and communicate 1339 00:42:15,220 --> 00:42:17,529 how hard the nib was being pressed 1340 00:42:17,530 --> 00:42:20,139 and RFID takes power and then 1341 00:42:20,140 --> 00:42:21,699 just transmits back to that mode 1342 00:42:21,700 --> 00:42:23,769 modulation, a simple fixed ID. 1343 00:42:23,770 --> 00:42:25,119 And so she had kind of the idea that 1344 00:42:25,120 --> 00:42:27,229 those things could be as basically 1345 00:42:27,230 --> 00:42:28,269 the same pieces of hardware. 1346 00:42:28,270 --> 00:42:30,129 Just that pen in this case was a little 1347 00:42:30,130 --> 00:42:31,029 bit more complex. 1348 00:42:31,030 --> 00:42:32,409 And so she wanted to 1349 00:42:33,730 --> 00:42:35,619 be able to get some firmware execution on 1350 00:42:35,620 --> 00:42:36,579 this device. 1351 00:42:36,580 --> 00:42:38,529 But looking at it, she found that it had 1352 00:42:38,530 --> 00:42:40,389 a custom controller called an LC eighty 1353 00:42:40,390 --> 00:42:42,429 seven, which was a completely custom 1354 00:42:42,430 --> 00:42:44,529 architecture by or on semi. 1355 00:42:44,530 --> 00:42:45,530 And it. 1356 00:42:46,660 --> 00:42:48,969 How to debug interface exposed and on 1357 00:42:48,970 --> 00:42:51,189 that was completely undocumented, so she 1358 00:42:51,190 --> 00:42:53,259 wasn't able to extract the firmware in an 1359 00:42:53,260 --> 00:42:55,479 easy way. So what 1360 00:42:55,480 --> 00:42:57,669 you did, because she's like a thank 1361 00:42:57,670 --> 00:42:58,670 you. 1362 00:42:59,700 --> 00:43:01,559 What she did, because she she's super 1363 00:43:01,560 --> 00:43:03,119 devoted and really loves getting into 1364 00:43:03,120 --> 00:43:05,129 these kind of things, and she decided to 1365 00:43:05,130 --> 00:43:07,349 try to extract that from where by 1366 00:43:07,350 --> 00:43:08,850 taking advantage of the way 1367 00:43:10,040 --> 00:43:12,389 USB packets are sent and trying 1368 00:43:12,390 --> 00:43:14,709 some voltage switching techniques. 1369 00:43:14,710 --> 00:43:16,020 If you look at the way a USB. 1370 00:43:18,010 --> 00:43:20,199 Control request is set, it happens in 1371 00:43:20,200 --> 00:43:22,329 a few stages, first you send 1372 00:43:22,330 --> 00:43:23,330 it, a command 1373 00:43:24,610 --> 00:43:27,249 stage is called the set up stage, which 1374 00:43:27,250 --> 00:43:29,439 can contain the standard USB commands 1375 00:43:29,440 --> 00:43:30,589 that. 1376 00:43:30,590 --> 00:43:32,329 Forced compliant devices to describe 1377 00:43:32,330 --> 00:43:34,099 themselves so like a get descriptor 1378 00:43:34,100 --> 00:43:36,469 request will make a USB device 1379 00:43:36,470 --> 00:43:38,929 respond with some descriptor describing 1380 00:43:38,930 --> 00:43:40,069 its own functionality. 1381 00:43:40,070 --> 00:43:41,599 So when you plug in a USB device and it 1382 00:43:41,600 --> 00:43:43,909 says, you know, hello, yes, I'm a 1383 00:43:43,910 --> 00:43:46,039 I'm tablet, your operating 1384 00:43:46,040 --> 00:43:48,169 system knows that because it has the 1385 00:43:48,170 --> 00:43:50,089 the device first for its device 1386 00:43:50,090 --> 00:43:52,219 descriptor, which contains a vendor I.D. 1387 00:43:52,220 --> 00:43:54,319 and a product ID and a 1388 00:43:54,320 --> 00:43:56,029 couple of string descriptors that contain 1389 00:43:56,030 --> 00:43:57,409 that string. Yes, I'm awake. 1390 00:43:57,410 --> 00:44:00,679 I'm tablet, I'm a CD 450 and 1391 00:44:00,680 --> 00:44:01,680 in. 1392 00:44:03,420 --> 00:44:05,399 In order to be a compliant device, every 1393 00:44:05,400 --> 00:44:07,109 device has to be able to do some amount 1394 00:44:07,110 --> 00:44:09,089 of self-description and the way that's 1395 00:44:09,090 --> 00:44:11,519 usually executed is by taking 1396 00:44:11,520 --> 00:44:13,139 small pieces of data that are usually 1397 00:44:13,140 --> 00:44:15,359 either in RAM or in read-only memory 1398 00:44:15,360 --> 00:44:17,459 and just dumping them right out of the 1399 00:44:17,460 --> 00:44:19,679 device. So here we have 1400 00:44:19,680 --> 00:44:21,029 a get descriptor request that's 1401 00:44:21,030 --> 00:44:22,079 executing. 1402 00:44:22,080 --> 00:44:23,729 It has a single packet that is 1403 00:44:23,730 --> 00:44:25,319 transmitted back in response. 1404 00:44:25,320 --> 00:44:26,909 And then we have an acknowledgment that 1405 00:44:26,910 --> 00:44:29,339 package was indeed 1406 00:44:29,340 --> 00:44:31,679 received. So we have the host sending 1407 00:44:31,680 --> 00:44:34,239 get data. Please give me that descriptor. 1408 00:44:34,240 --> 00:44:35,609 We have the descriptor being transmitted 1409 00:44:35,610 --> 00:44:37,409 in response and the host says, yes, I got 1410 00:44:37,410 --> 00:44:39,089 this. Theoretically, he doesn't have to 1411 00:44:39,090 --> 00:44:40,959 be one packet in the center. 1412 00:44:40,960 --> 00:44:43,079 If the device decides to respond 1413 00:44:43,080 --> 00:44:45,389 with a very, very long packet, that 1414 00:44:45,390 --> 00:44:47,189 could also theoretically be valid. 1415 00:44:47,190 --> 00:44:49,289 So there might be multiple packets that 1416 00:44:49,290 --> 00:44:52,019 make up a longer transaction. 1417 00:44:52,020 --> 00:44:54,089 So let's say you want to send 512 1418 00:44:54,090 --> 00:44:55,769 bytes on a bus that has a maximum packet 1419 00:44:55,770 --> 00:44:58,049 length of 64 that could be packetized 1420 00:44:58,050 --> 00:45:00,089 and broken up into a lot of sequential 1421 00:45:00,090 --> 00:45:01,090 packets. 1422 00:45:01,690 --> 00:45:04,600 If you look at the way a USB 1423 00:45:05,800 --> 00:45:07,899 device works, it's often very similar to 1424 00:45:07,900 --> 00:45:10,269 a host controller in that it has 1425 00:45:10,270 --> 00:45:13,329 a linked list that contains 1426 00:45:13,330 --> 00:45:14,499 basically that amount of bytes to 1427 00:45:14,500 --> 00:45:16,569 transfer and then pointers 1428 00:45:16,570 --> 00:45:18,999 in memory to the pages that contain 1429 00:45:19,000 --> 00:45:21,459 the data that you want to send so 1430 00:45:21,460 --> 00:45:23,229 that you have a length and an address 1431 00:45:23,230 --> 00:45:24,369 here. 1432 00:45:24,370 --> 00:45:26,229 And if we look at the way I get the 1433 00:45:26,230 --> 00:45:28,149 script, a request might work for a long 1434 00:45:28,150 --> 00:45:29,150 descriptor. 1435 00:45:30,510 --> 00:45:32,579 You could have the device essentially 1436 00:45:32,580 --> 00:45:34,139 populating a little DMA descriptor that 1437 00:45:34,140 --> 00:45:36,839 says, I want to send 256 bytes 1438 00:45:36,840 --> 00:45:38,789 and they start at address text one 1439 00:45:38,790 --> 00:45:41,159 thousand and 1440 00:45:41,160 --> 00:45:43,259 the device is going to start doing that. 1441 00:45:43,260 --> 00:45:45,299 Could send out a single packet of 64. 1442 00:45:45,300 --> 00:45:47,339 X is the most you can fit on this 1443 00:45:47,340 --> 00:45:48,340 particular bus. 1444 00:45:49,230 --> 00:45:50,339 The most I could fit in a single packet 1445 00:45:50,340 --> 00:45:52,199 on this particular bus. Rather, it's 1446 00:45:52,200 --> 00:45:54,269 going to decrement the length and 1447 00:45:54,270 --> 00:45:55,499 increment the address. 1448 00:45:55,500 --> 00:45:57,449 This looks a lot like the example we 1449 00:45:57,450 --> 00:45:58,919 provided in the beginning. 1450 00:45:58,920 --> 00:46:00,329 It's going to keep doing that until it 1451 00:46:00,330 --> 00:46:02,459 gets to the point where the Lynnfield 1452 00:46:02,460 --> 00:46:04,899 reaches zero and USPI is almost 1453 00:46:04,900 --> 00:46:06,839 the null, terminated kind of protocol in 1454 00:46:06,840 --> 00:46:09,149 that when it finishes a transfer, 1455 00:46:09,150 --> 00:46:10,889 it indicates that by sending a packet 1456 00:46:10,890 --> 00:46:13,049 that is shorter than the maximum length. 1457 00:46:13,050 --> 00:46:15,449 So in this case, it set all maximum 1458 00:46:15,450 --> 00:46:17,129 length packets until it was done. 1459 00:46:17,130 --> 00:46:19,169 So it has to send a zero length packet in 1460 00:46:19,170 --> 00:46:21,449 order to indicate that it is 1461 00:46:21,450 --> 00:46:23,009 indeed complete. 1462 00:46:23,010 --> 00:46:24,479 Now, if we're able to start applying 1463 00:46:24,480 --> 00:46:26,609 voltage glitching or clock pledging, if 1464 00:46:26,610 --> 00:46:27,809 for able to glitch something in the 1465 00:46:27,810 --> 00:46:30,029 system and corrupt that length, then 1466 00:46:30,030 --> 00:46:32,279 what we'll get instead of those nice 1467 00:46:32,280 --> 00:46:35,519 orderly transaction where we send for 1468 00:46:35,520 --> 00:46:37,739 individual packets to just to, let's 1469 00:46:37,740 --> 00:46:38,819 say, send up that configuration 1470 00:46:38,820 --> 00:46:40,889 descriptor is we'll get a length 1471 00:46:40,890 --> 00:46:42,959 that is potentially much larger, 1472 00:46:42,960 --> 00:46:45,449 which continues to transmit and transmit 1473 00:46:45,450 --> 00:46:47,549 and transmit well beyond what the device 1474 00:46:47,550 --> 00:46:48,599 should have stopped. 1475 00:46:48,600 --> 00:46:50,429 And if you have a device for the DMA 1476 00:46:50,430 --> 00:46:51,929 controller that works like most of them 1477 00:46:51,930 --> 00:46:54,059 do on my controllers, it will continue 1478 00:46:54,060 --> 00:46:56,489 not just out of that descriptors 1479 00:46:56,490 --> 00:46:58,769 location in RAM or RAM, but continue 1480 00:46:58,770 --> 00:47:00,299 throughout the entire memory map until 1481 00:47:00,300 --> 00:47:02,549 that field is brought 1482 00:47:02,550 --> 00:47:03,550 down to zero. 1483 00:47:05,380 --> 00:47:07,479 And so in order to be able 1484 00:47:07,480 --> 00:47:08,889 to do those that kind of glitch into the 1485 00:47:08,890 --> 00:47:10,779 system, you really need a way to be able 1486 00:47:10,780 --> 00:47:12,579 to synchronize with the system and 1487 00:47:12,580 --> 00:47:13,569 provide the stimulus. 1488 00:47:13,570 --> 00:47:15,459 So Michael built a custom piece of 1489 00:47:15,460 --> 00:47:17,439 hardware called the Face Whisper Name, 1490 00:47:17,440 --> 00:47:19,419 because it's use of the chip whisperer 1491 00:47:19,420 --> 00:47:21,159 technology and its descent from Chippewas 1492 00:47:21,160 --> 00:47:23,619 technology and its inspiration 1493 00:47:23,620 --> 00:47:25,359 in the Face Dancer project. 1494 00:47:25,360 --> 00:47:28,419 And this particular board 1495 00:47:28,420 --> 00:47:30,639 contains a microcontroller, which happens 1496 00:47:30,640 --> 00:47:31,929 to be the same one that is on a chip 1497 00:47:31,930 --> 00:47:34,089 whisper and a USB host chip, which 1498 00:47:34,090 --> 00:47:35,259 happens to be the same one that is on a 1499 00:47:35,260 --> 00:47:37,659 face dancer and then some clock buffering 1500 00:47:37,660 --> 00:47:38,799 hardware. 1501 00:47:38,800 --> 00:47:42,229 And all that it does is. 1502 00:47:42,230 --> 00:47:44,269 With very precise timing synchronize 1503 00:47:44,270 --> 00:47:46,399 itself up to a particular 1504 00:47:46,400 --> 00:47:48,979 point in the tablets execution 1505 00:47:48,980 --> 00:47:51,019 that would make controllers program 1506 00:47:51,020 --> 00:47:53,449 execution and then send 1507 00:47:53,450 --> 00:47:55,609 it some USB packets and 1508 00:47:55,610 --> 00:47:57,259 simultaneously trigger the chip whisperer 1509 00:47:57,260 --> 00:47:59,599 to start executing glitches. 1510 00:47:59,600 --> 00:48:01,669 So in doing that, 1511 00:48:01,670 --> 00:48:03,799 she was able to actually steal the from 1512 00:48:03,800 --> 00:48:05,299 her from this microcontroller. 1513 00:48:05,300 --> 00:48:06,979 And using that, she was able to find 1514 00:48:06,980 --> 00:48:08,599 vulnerabilities in the firmware and 1515 00:48:08,600 --> 00:48:09,979 eventually prove out that indeed you 1516 00:48:09,980 --> 00:48:12,229 could read RFID tokens 1517 00:48:12,230 --> 00:48:13,969 using a USB tablet as long as they were 1518 00:48:13,970 --> 00:48:16,069 pressed exactly. Against the tablet. 1519 00:48:16,070 --> 00:48:18,289 And so this is very cool, both because 1520 00:48:18,290 --> 00:48:20,539 it showed a novel way of getting 1521 00:48:20,540 --> 00:48:23,239 firmware out of the device and because 1522 00:48:23,240 --> 00:48:25,339 it was a really ingenious solution to 1523 00:48:25,340 --> 00:48:27,409 get at something that was a whole 1524 00:48:27,410 --> 00:48:28,789 bunch of steps away from what she 1525 00:48:28,790 --> 00:48:29,749 initially wanted. 1526 00:48:29,750 --> 00:48:31,189 So she's the kind of person who has that 1527 00:48:31,190 --> 00:48:33,139 kind of like hyper focus and dedication 1528 00:48:33,140 --> 00:48:34,579 to say, oh, I'd like to see what the 1529 00:48:34,580 --> 00:48:35,569 firmware is in this. 1530 00:48:35,570 --> 00:48:37,489 Let me build an entire piece of 1531 00:48:37,490 --> 00:48:39,619 purpose-built, hardware, firmware and 1532 00:48:39,620 --> 00:48:40,729 everything you need in order to be able 1533 00:48:40,730 --> 00:48:42,319 to, you know, get the firm out of a 1534 00:48:42,320 --> 00:48:43,999 tablet so they can then go and look for 1535 00:48:44,000 --> 00:48:44,839 vulnerabilities. 1536 00:48:44,840 --> 00:48:46,969 Yeah. So I feel having having said 1537 00:48:46,970 --> 00:48:48,529 all that, I do feel slightly bad about 1538 00:48:48,530 --> 00:48:50,509 the next slide, which is we've 1539 00:48:50,510 --> 00:48:52,159 essentially taken her idea and tried to 1540 00:48:52,160 --> 00:48:53,069 make it easier. 1541 00:48:53,070 --> 00:48:55,189 And so like, bear in mind, 1542 00:48:55,190 --> 00:48:56,569 glitch and all this stuff that didn't 1543 00:48:56,570 --> 00:48:58,039 exist when she did this and she went and 1544 00:48:58,040 --> 00:49:00,339 designed a board, built a board attached 1545 00:49:00,340 --> 00:49:01,879 to it, glitch the thing, got the firmware 1546 00:49:01,880 --> 00:49:03,799 out, whatever abilities. 1547 00:49:03,800 --> 00:49:05,209 So now we can implement that. 1548 00:49:05,210 --> 00:49:07,069 And I think that's one of the 1549 00:49:07,070 --> 00:49:08,299 conversations that Mike and I had 1550 00:49:08,300 --> 00:49:10,399 afterwards was just to both of us really 1551 00:49:10,400 --> 00:49:12,259 love making technology accessible to 1552 00:49:12,260 --> 00:49:14,179 people. Right. 1553 00:49:14,180 --> 00:49:15,649 One of the purposes of this and one of 1554 00:49:15,650 --> 00:49:17,149 the things I kind of promised Michael 1555 00:49:17,150 --> 00:49:18,739 when I started doing this is that we 1556 00:49:18,740 --> 00:49:21,019 would take this had this 1557 00:49:21,020 --> 00:49:23,239 whole technique, which required 1558 00:49:23,240 --> 00:49:24,989 a custom piece of hardware and, you know, 1559 00:49:24,990 --> 00:49:27,289 required a whole lot of different 1560 00:49:27,290 --> 00:49:28,789 levels of understanding and a whole lot 1561 00:49:28,790 --> 00:49:31,189 of development in order to test an idea 1562 00:49:31,190 --> 00:49:32,929 and make it into something that you could 1563 00:49:32,930 --> 00:49:35,629 apply kind of relatively 1564 00:49:35,630 --> 00:49:37,999 easily. So here's the 1565 00:49:38,000 --> 00:49:40,189 back end code for 1566 00:49:40,190 --> 00:49:41,719 applying the same things with Kit. 1567 00:49:41,720 --> 00:49:42,919 This is written in Python. 1568 00:49:44,150 --> 00:49:45,349 We were going to go through this, but I 1569 00:49:45,350 --> 00:49:46,429 think we're running low on time and I 1570 00:49:46,430 --> 00:49:48,049 want to get the demo done. 1571 00:49:48,050 --> 00:49:50,119 So so we're happy to 1572 00:49:50,120 --> 00:49:51,649 explain this at some point, but possibly 1573 00:49:51,650 --> 00:49:53,539 not now. Just we only got five. 1574 00:49:53,540 --> 00:49:54,859 Important part is that you don't actually 1575 00:49:54,860 --> 00:49:56,959 even have to write this code because the 1576 00:49:56,960 --> 00:49:58,969 final form of glitch kit has fancy 1577 00:49:58,970 --> 00:49:59,899 glitches that sit there. 1578 00:49:59,900 --> 00:50:01,159 Right. And Chipwich. So if you want to 1579 00:50:01,160 --> 00:50:03,379 apply the USB attack that Micah did, 1580 00:50:03,380 --> 00:50:05,269 you can start configuring that right from 1581 00:50:05,270 --> 00:50:06,410 the gooey of Chip Whisper. 1582 00:50:08,320 --> 00:50:10,539 So what time first, 1583 00:50:10,540 --> 00:50:12,699 OK? First time I just show off the ship 1584 00:50:12,700 --> 00:50:14,859 was prickley and then we'll talk about 1585 00:50:14,860 --> 00:50:16,059 our work well. 1586 00:50:16,060 --> 00:50:17,769 So this is the chick whisperer. 1587 00:50:17,770 --> 00:50:19,869 We now have added these 1588 00:50:19,870 --> 00:50:21,399 various glitch 1589 00:50:23,350 --> 00:50:25,349 methods. So they'll talk to a great. 1590 00:50:25,350 --> 00:50:27,429 I mean, there's a there's a big mess of 1591 00:50:27,430 --> 00:50:29,110 wires and connectors and things 1592 00:50:30,310 --> 00:50:31,689 on the table here. 1593 00:50:31,690 --> 00:50:33,759 And but essentially, we have a great 1594 00:50:33,760 --> 00:50:35,259 fat and a chip whisperer hooked up to our 1595 00:50:35,260 --> 00:50:36,249 target, great fat. 1596 00:50:36,250 --> 00:50:38,259 And the process of configuring this for 1597 00:50:38,260 --> 00:50:40,659 the you go and you select instead 1598 00:50:40,660 --> 00:50:42,839 of you're the type of target 1599 00:50:42,840 --> 00:50:44,589 that you want to select directly, you 1600 00:50:44,590 --> 00:50:46,719 say, OK, I would like to talk to 1601 00:50:46,720 --> 00:50:49,159 the great fat that's running a USB stack 1602 00:50:49,160 --> 00:50:51,309 also like USB and then from 1603 00:50:51,310 --> 00:50:53,409 the UI you can immediately 1604 00:50:53,410 --> 00:50:55,089 configure. Yes, I'd like to read a device 1605 00:50:55,090 --> 00:50:57,219 descriptor. I'd like to have that 1606 00:50:57,220 --> 00:50:58,539 device descriptor. 1607 00:50:58,540 --> 00:51:00,429 I'll be ready immediately when certain 1608 00:51:00,430 --> 00:51:02,409 pins go high and so you can start 1609 00:51:02,410 --> 00:51:04,749 building everything you need to allow 1610 00:51:04,750 --> 00:51:06,699 you to walk the interface. You EUROSUR, I 1611 00:51:06,700 --> 00:51:07,839 think it's kind of difficult to see on 1612 00:51:07,840 --> 00:51:09,969 the board. But if you look over here, 1613 00:51:09,970 --> 00:51:11,619 here's all the configuration settings you 1614 00:51:11,620 --> 00:51:13,629 would use to. 1615 00:51:13,630 --> 00:51:15,189 These are preconditions that determine 1616 00:51:15,190 --> 00:51:17,319 what an individual USB event 1617 00:51:17,320 --> 00:51:19,089 is generated up here on the side. 1618 00:51:19,090 --> 00:51:20,499 So you can go into this interface now and 1619 00:51:20,500 --> 00:51:22,749 you say when this when this GPO pin goes 1620 00:51:22,750 --> 00:51:24,939 high then and this one goes 1621 00:51:24,940 --> 00:51:26,679 low and this one happens on the fourth 1622 00:51:26,680 --> 00:51:28,029 time, whatever, and those complex 1623 00:51:28,030 --> 00:51:29,439 conditions that we're talking about, you 1624 00:51:29,440 --> 00:51:31,389 can just have that at that point. 1625 00:51:31,390 --> 00:51:33,669 The software will then set the trigger, 1626 00:51:33,670 --> 00:51:35,919 the the chip whisperer 1627 00:51:35,920 --> 00:51:37,119 to do its thing. 1628 00:51:37,120 --> 00:51:39,369 Right. So naturally, 1629 00:51:39,370 --> 00:51:41,019 you know, we're not content with just 1630 00:51:41,020 --> 00:51:42,129 reproducing other people's work. 1631 00:51:42,130 --> 00:51:43,629 We wanted to try doing some cool things 1632 00:51:43,630 --> 00:51:44,630 of our own, so. 1633 00:51:45,740 --> 00:51:47,689 At some point, we had to turn against our 1634 00:51:47,690 --> 00:51:48,889 own creation, right? 1635 00:51:48,890 --> 00:51:51,049 And so here is a great 1636 00:51:51,050 --> 00:51:53,359 fit that has been kind of actually 1637 00:51:53,360 --> 00:51:55,429 sloppily modified so that I promised 1638 00:51:55,430 --> 00:51:56,729 the board had all the flux on it before 1639 00:51:56,730 --> 00:51:58,099 we made modifications. 1640 00:51:58,100 --> 00:51:59,149 But I've yanked every one of the 1641 00:51:59,150 --> 00:52:01,429 decoupling capital capacitors rather 1642 00:52:01,430 --> 00:52:03,689 roughly off this device, 1643 00:52:03,690 --> 00:52:06,139 try to make it easier to start depriving 1644 00:52:06,140 --> 00:52:07,579 the device of power. 1645 00:52:07,580 --> 00:52:09,139 I've added a couple of 1646 00:52:10,340 --> 00:52:12,439 pretty nasty Varg wires here, 1647 00:52:12,440 --> 00:52:14,749 one that connects 1648 00:52:14,750 --> 00:52:16,879 the Vicryl to a couple of semiconductors 1649 00:52:16,880 --> 00:52:18,199 that you can do things like 1650 00:52:19,760 --> 00:52:22,079 inject voltage, inject 1651 00:52:23,150 --> 00:52:24,709 glitching signals and pull the voltage 1652 00:52:24,710 --> 00:52:25,789 down to zero. 1653 00:52:25,790 --> 00:52:27,709 And because we still want some 1654 00:52:27,710 --> 00:52:29,599 decoupling, I have a decoupling network 1655 00:52:29,600 --> 00:52:31,279 here that is replacing all the decoupling 1656 00:52:31,280 --> 00:52:33,529 capacitors on the board and that 1657 00:52:33,530 --> 00:52:35,359 is connected via a small impedance that 1658 00:52:35,360 --> 00:52:37,459 we can pull the device fairly readily to 1659 00:52:37,460 --> 00:52:40,429 zero, but it can recharge 1660 00:52:40,430 --> 00:52:42,859 the bass from these capacitors 1661 00:52:42,860 --> 00:52:45,019 via that small in this case 1662 00:52:45,020 --> 00:52:46,789 approximately 10:00 a.m.. 1663 00:52:46,790 --> 00:52:49,309 And so sorry 1664 00:52:49,310 --> 00:52:50,719 to my COSSMAN because we totally 1665 00:52:50,720 --> 00:52:52,579 destroyed this thing that he's created or 1666 00:52:52,580 --> 00:52:54,199 I totally destroyed this PCB that he 1667 00:52:54,200 --> 00:52:55,429 created. 1668 00:52:55,430 --> 00:52:57,049 But more importantly, I'm sorry to 1669 00:52:57,050 --> 00:53:00,179 everyone else because look at this thing. 1670 00:53:00,180 --> 00:53:02,509 I actually tweeted 1671 00:53:02,510 --> 00:53:04,669 this picture and you've got, you know, a 1672 00:53:04,670 --> 00:53:05,699 significant number of likes and 1673 00:53:05,700 --> 00:53:06,859 retweeted. And I got a couple of people 1674 00:53:06,860 --> 00:53:08,919 being like, clean your BCB, 1675 00:53:08,920 --> 00:53:09,989 please. 1676 00:53:09,990 --> 00:53:11,389 It's not about how clean it is. 1677 00:53:11,390 --> 00:53:13,519 It's about it's about the glitching. 1678 00:53:13,520 --> 00:53:15,889 And like this this actual modification 1679 00:53:15,890 --> 00:53:17,329 was done like after a couple of drinks, 1680 00:53:17,330 --> 00:53:19,129 like on the night of Christmas, which is 1681 00:53:19,130 --> 00:53:20,809 like the perfect time to start switching 1682 00:53:20,810 --> 00:53:21,799 Nutanix. 1683 00:53:21,800 --> 00:53:23,869 So so, yeah, the 1684 00:53:23,870 --> 00:53:25,009 the great thing about this is we're now 1685 00:53:25,010 --> 00:53:27,019 able to glitch this board and we might 1686 00:53:27,020 --> 00:53:28,399 even be able to get the fumer off it. 1687 00:53:28,400 --> 00:53:29,899 But there's some problems with that. 1688 00:53:29,900 --> 00:53:31,729 One is that it's open source. 1689 00:53:31,730 --> 00:53:33,259 So we already have the firmware because 1690 00:53:33,260 --> 00:53:35,179 we wrote it. But also it turns out the 1691 00:53:35,180 --> 00:53:36,649 manufacturer of this board is incredibly 1692 00:53:36,650 --> 00:53:38,539 litigious and he sends out cease and 1693 00:53:38,540 --> 00:53:39,859 desist letters when people try and 1694 00:53:39,860 --> 00:53:41,179 reverse engineer his devices. 1695 00:53:42,300 --> 00:53:44,389 I mean, he sometimes writes them in 1696 00:53:44,390 --> 00:53:46,579 Sharpie, but you never you never know, 1697 00:53:46,580 --> 00:53:48,979 he might say, because we just. 1698 00:53:48,980 --> 00:53:50,239 Yeah, because when we already have a 1699 00:53:50,240 --> 00:53:51,979 source code to this and it's on GitHub, 1700 00:53:51,980 --> 00:53:53,179 and that doesn't make it a particularly 1701 00:53:53,180 --> 00:53:55,429 interesting reverse engineering target. 1702 00:53:55,430 --> 00:53:57,709 And two, because we're terribly afraid 1703 00:53:57,710 --> 00:53:59,899 of litigation, we decided instead 1704 00:53:59,900 --> 00:54:02,119 of attacking the Gresford 1705 00:54:02,120 --> 00:54:03,499 software that we're running on the application 1706 00:54:03,500 --> 00:54:05,179 processor that we would attack the 1707 00:54:05,180 --> 00:54:07,249 bootloader that is sitting in RAM on 1708 00:54:07,250 --> 00:54:09,799 the LPC forty three thousand 1709 00:54:09,800 --> 00:54:11,629 forty four hundred serious microcontrollers. 1710 00:54:11,630 --> 00:54:13,609 Yeah, the LPC. Forty three forty three 1711 00:54:13,610 --> 00:54:15,889 hundred zeros have a have a USB 1712 00:54:15,890 --> 00:54:18,589 Dafu bootloader 1713 00:54:18,590 --> 00:54:20,719 and also small USB functionality, which 1714 00:54:20,720 --> 00:54:22,309 is set in Rome. And there's only one Rome 1715 00:54:22,310 --> 00:54:24,439 section here 1716 00:54:24,440 --> 00:54:25,909 which I can't point to. 1717 00:54:25,910 --> 00:54:28,009 But so you probably do 1718 00:54:28,010 --> 00:54:29,010 write so that. 1719 00:54:30,340 --> 00:54:32,859 This device has a USB 1720 00:54:32,860 --> 00:54:34,709 bootloader that does all the same things 1721 00:54:34,710 --> 00:54:36,189 as the tablet because it's compliant to 1722 00:54:36,190 --> 00:54:38,590 the USB standard so it can do things like 1723 00:54:39,610 --> 00:54:41,799 you to respond to a get device 1724 00:54:41,800 --> 00:54:42,999 descriptor request. 1725 00:54:43,000 --> 00:54:45,079 And so we started applying the same kind 1726 00:54:45,080 --> 00:54:47,049 of glitching attacks to the ROM. 1727 00:54:47,050 --> 00:54:48,459 And you might be kind of saying, well, 1728 00:54:48,460 --> 00:54:50,679 why is it interesting to attack 1729 00:54:50,680 --> 00:54:52,179 this from one? Is that on a bunch of 1730 00:54:52,180 --> 00:54:54,459 these devices, it runs from the shadow 1731 00:54:54,460 --> 00:54:56,079 area that is at the start of RAM because 1732 00:54:56,080 --> 00:54:58,149 the cortex and microcontroller, once it's 1733 00:54:58,150 --> 00:55:00,429 vector table to be located at zero. 1734 00:55:00,430 --> 00:55:02,499 So it's very low in RAM. 1735 00:55:02,500 --> 00:55:04,629 Everything that's interesting follows it, 1736 00:55:04,630 --> 00:55:07,389 including on device parts with flash, 1737 00:55:07,390 --> 00:55:10,149 the contents of flash over here. 1738 00:55:10,150 --> 00:55:12,279 And also because if 1739 00:55:12,280 --> 00:55:14,379 you look at the secure mode parts, 1740 00:55:14,380 --> 00:55:16,569 one of the things that they do 1741 00:55:16,570 --> 00:55:19,599 inside this bootloader is read encrypted 1742 00:55:19,600 --> 00:55:21,729 images from things like flash 1743 00:55:21,730 --> 00:55:24,039 chips, decrypt them and stick 1744 00:55:24,040 --> 00:55:26,499 them in RAM immediately 1745 00:55:26,500 --> 00:55:27,550 following the. 1746 00:55:29,190 --> 00:55:30,909 Shadow area from which is running, so 1747 00:55:30,910 --> 00:55:33,269 we're capable of doing glitches, 1748 00:55:33,270 --> 00:55:34,649 so if we can read out from the shadow 1749 00:55:34,650 --> 00:55:36,809 area, we can continue reading, doing that 1750 00:55:36,810 --> 00:55:39,149 that diametric to 1751 00:55:39,150 --> 00:55:40,829 continue reading into RAM and pull out 1752 00:55:40,830 --> 00:55:43,109 that now decrypted firmware from secure 1753 00:55:43,110 --> 00:55:44,069 parts. 1754 00:55:44,070 --> 00:55:45,329 We only have five minutes left. 1755 00:55:45,330 --> 00:55:46,619 So I think we should go ahead. 1756 00:55:46,620 --> 00:55:48,449 I do not know how to say this guey as 1757 00:55:48,450 --> 00:55:49,499 well as you do. So I'm going to let you 1758 00:55:49,500 --> 00:55:50,759 do this. 1759 00:55:50,760 --> 00:55:52,169 This is the hard part. 1760 00:55:52,170 --> 00:55:54,209 All right. All right. 1761 00:55:54,210 --> 00:55:56,549 See see, that's what happens 1762 00:55:56,550 --> 00:55:57,630 when you run on my machine. 1763 00:55:59,550 --> 00:56:00,550 This is tragic. 1764 00:56:01,970 --> 00:56:03,949 If in doubt, turn off and have to wait 1765 00:56:03,950 --> 00:56:05,690 for it to connect and start blinking, 1766 00:56:06,740 --> 00:56:08,359 but here I am impatient, wanting to just 1767 00:56:08,360 --> 00:56:10,599 like, click the button immediately. 1768 00:56:10,600 --> 00:56:11,569 This is actually the hard part. 1769 00:56:11,570 --> 00:56:12,570 So. 1770 00:56:14,750 --> 00:56:16,249 They have a table from previous runs. 1771 00:56:18,080 --> 00:56:20,269 Essentially, this is issuing 1772 00:56:20,270 --> 00:56:22,369 USPI request to the device and capturing 1773 00:56:22,370 --> 00:56:24,349 the response, because we have limited 1774 00:56:24,350 --> 00:56:25,639 time, I haven't told it what's a good 1775 00:56:25,640 --> 00:56:26,929 response and what's a bad response? 1776 00:56:26,930 --> 00:56:28,309 So it's telling me every one of these 1777 00:56:28,310 --> 00:56:29,779 responses has failed. 1778 00:56:29,780 --> 00:56:31,729 But realistically, if you expand that 1779 00:56:31,730 --> 00:56:33,979 dialog that we can see what's happening 1780 00:56:33,980 --> 00:56:34,980 there. 1781 00:56:39,400 --> 00:56:41,079 Throw all the way down to the initial 1782 00:56:41,080 --> 00:56:42,080 ones. 1783 00:56:42,480 --> 00:56:44,609 It's worth mentioning that this is 1784 00:56:44,610 --> 00:56:46,649 actually a simulacrum of the device 1785 00:56:46,650 --> 00:56:48,509 running the way it normally would 1786 00:56:48,510 --> 00:56:49,619 normally when you're glitching, you would 1787 00:56:49,620 --> 00:56:51,149 actually step through lots of intervals 1788 00:56:51,150 --> 00:56:52,409 in order to find the few glitches that 1789 00:56:52,410 --> 00:56:54,809 work. So because we don't have several 1790 00:56:54,810 --> 00:56:56,789 hours to do this glitching attack. 1791 00:56:56,790 --> 00:56:58,649 This is actually because it has been 1792 00:56:58,650 --> 00:57:00,839 slightly modified to instead 1793 00:57:00,840 --> 00:57:02,879 of always reading the correct descriptor, 1794 00:57:02,880 --> 00:57:04,169 it jumps to different points in the 1795 00:57:04,170 --> 00:57:05,879 glitching stack that we've found having 1796 00:57:05,880 --> 00:57:07,469 to work for this particular device. 1797 00:57:07,470 --> 00:57:09,029 So what you'll see here is, is we get a 1798 00:57:09,030 --> 00:57:11,219 lot of a lot of responses that are the 1799 00:57:11,220 --> 00:57:12,719 standard response that what we expect to 1800 00:57:12,720 --> 00:57:13,529 come out of it. 1801 00:57:13,530 --> 00:57:14,819 They are it's reading. 1802 00:57:14,820 --> 00:57:15,929 It's trying to read 18 bytes. 1803 00:57:15,930 --> 00:57:17,999 That's hex 12 of of 1804 00:57:18,000 --> 00:57:19,049 the USB descriptor. 1805 00:57:19,050 --> 00:57:20,769 It reads, it invites it gets 18 bytes. 1806 00:57:20,770 --> 00:57:22,859 But this one here, it appears 1807 00:57:22,860 --> 00:57:24,809 to have got significantly more data. 1808 00:57:24,810 --> 00:57:26,459 And so on a previous run earlier today, 1809 00:57:26,460 --> 00:57:28,409 as we said, as Kate said, this is this is 1810 00:57:28,410 --> 00:57:30,509 simulated because it is not 1811 00:57:30,510 --> 00:57:32,669 as quick as that when you actually run it 1812 00:57:32,670 --> 00:57:33,690 on a previous run. 1813 00:57:34,710 --> 00:57:37,020 We dump this to. 1814 00:57:38,790 --> 00:57:40,569 A hex and somewhere. 1815 00:57:41,970 --> 00:57:44,279 Can anyone see that anyone 1816 00:57:44,280 --> 00:57:45,280 read that at all? 1817 00:57:47,060 --> 00:57:49,639 So it's got to turn up the font size. 1818 00:57:49,640 --> 00:57:50,659 We appreciate it. Thank. 1819 00:57:52,170 --> 00:57:53,609 So what you can see here is what we were 1820 00:57:53,610 --> 00:57:56,249 able to read out of that file in 1821 00:57:56,250 --> 00:57:57,250 is, 1822 00:57:58,830 --> 00:58:01,019 is what we were able to come to this file 1823 00:58:01,020 --> 00:58:02,819 was just all the memory we're able to 1824 00:58:02,820 --> 00:58:04,499 read from the USB descriptor location 1825 00:58:04,500 --> 00:58:06,359 onwards. And we were kind of going 1826 00:58:06,360 --> 00:58:07,509 through it, looking at it earlier and 1827 00:58:07,510 --> 00:58:08,699 like, well, we haven't had a chance to 1828 00:58:08,700 --> 00:58:09,599 analyze it yet. 1829 00:58:09,600 --> 00:58:12,029 And then what we found was 1830 00:58:12,030 --> 00:58:14,099 over here, it 1831 00:58:14,100 --> 00:58:16,669 says USB B, C, and under here it says USB 1832 00:58:16,670 --> 00:58:18,779 s. And those are incredibly telling 1833 00:58:18,780 --> 00:58:20,879 strings. If you've designed 1834 00:58:20,880 --> 00:58:22,979 USB systems before, this is a USB 1835 00:58:22,980 --> 00:58:25,079 command that's sent it's actually 1836 00:58:25,080 --> 00:58:27,179 because he commands sent over a USB 1837 00:58:27,180 --> 00:58:29,759 that's used in USB bulk only storage. 1838 00:58:29,760 --> 00:58:31,859 And this is the token 1839 00:58:31,860 --> 00:58:34,409 that precedes a response of status 1840 00:58:34,410 --> 00:58:36,509 when one of those commands is executed. 1841 00:58:36,510 --> 00:58:38,939 So this significantly suggests 1842 00:58:38,940 --> 00:58:40,859 that this from bootloader happens to have 1843 00:58:40,860 --> 00:58:43,589 inside of it some USB 1844 00:58:43,590 --> 00:58:44,849 mass storage functionality. 1845 00:58:44,850 --> 00:58:46,919 And our first response was, that's weird. 1846 00:58:46,920 --> 00:58:48,689 We didn't think this had be mass storage. 1847 00:58:48,690 --> 00:58:50,039 And then we went back to the datasheet 1848 00:58:50,040 --> 00:58:51,449 and reread it. And it does. 1849 00:58:51,450 --> 00:58:53,939 And it turns out we've done the code of 1850 00:58:53,940 --> 00:58:56,039 some of some wrong functions that 1851 00:58:56,040 --> 00:58:57,389 we didn't even know were in the chip. 1852 00:58:57,390 --> 00:58:59,579 So we were able to to 1853 00:58:59,580 --> 00:59:02,309 pull out and expose 1854 00:59:02,310 --> 00:59:03,929 ROM code for the LPC. 1855 00:59:03,930 --> 00:59:05,729 Forty three hundred Sarus. 1856 00:59:05,730 --> 00:59:07,919 And obviously you'll be able to go ahead 1857 00:59:07,920 --> 00:59:10,019 and analyze this, and that's not 1858 00:59:10,020 --> 00:59:11,189 particularly novel because you could grab 1859 00:59:11,190 --> 00:59:12,209 that up with GDB as well. 1860 00:59:12,210 --> 00:59:14,449 But yeah. Yeah, it's not the most novel 1861 00:59:14,450 --> 00:59:16,649 if you were to continue doing this work. 1862 00:59:16,650 --> 00:59:18,749 One of the theories that we have is that 1863 00:59:18,750 --> 00:59:20,279 we didn't let this go for that long. 1864 00:59:20,280 --> 00:59:22,409 We didn't capture that much data. 1865 00:59:22,410 --> 00:59:24,269 I don't have any Sacramone chips on me. 1866 00:59:24,270 --> 00:59:26,309 But the theory is that after this kind of 1867 00:59:26,310 --> 00:59:28,499 thing, the ashram you would grab would 1868 00:59:28,500 --> 00:59:30,839 have theoretically a decrypted firmware 1869 00:59:30,840 --> 00:59:32,439 image if it wasn't a firmware image over 1870 00:59:32,440 --> 00:59:34,109 a USB. So you could kind of use this as 1871 00:59:34,110 --> 00:59:36,389 an oracle to take encrypted 1872 00:59:36,390 --> 00:59:38,519 firmware images and 1873 00:59:38,520 --> 00:59:39,960 generate the decrypted ones. 1874 00:59:41,240 --> 00:59:43,279 So we're now, unfortunately, completely 1875 00:59:43,280 --> 00:59:45,469 out of time until we have to go, so we 1876 00:59:45,470 --> 00:59:47,569 will take questions outside 1877 00:59:47,570 --> 00:59:49,129 and if anyone has any questions, will be 1878 00:59:49,130 --> 00:59:51,199 outside. If you're somewhere, if you were 1879 00:59:51,200 --> 00:59:52,699 towards the Internet or Twitter, our 1880 00:59:52,700 --> 00:59:54,509 Twitter handle getting the absolute 1881 00:59:54,510 --> 00:59:56,599 beginning or just fundus, there's a great 1882 00:59:56,600 --> 00:59:58,369 I'll see on Freenode if you want to ask 1883 00:59:58,370 --> 01:00:00,469 questions there. And thank you 1884 01:00:00,470 --> 01:00:02,239 very much for listening. 1885 01:00:02,240 --> 01:00:04,009 And this is the URL for the project if 1886 01:00:04,010 --> 01:00:05,449 you want to download and contribute. 1887 01:00:07,250 --> 01:00:08,419 Thanks so much for listening. 1888 01:00:08,420 --> 01:00:09,420 Yeah.