The presentation I did at @BSidesLeeds was on code readout protection bypasses. I covered a number of attacks, most of which can be made generic to other devices. Here they are.
-
Show this thread
-
First up was the "Heart of Darkness" attack, named after the original paper where it was used to attack the HID iClass readers. https://www.openpcd.org/dl/HID-iCLASS-security.pdf …
1 reply 2 retweets 7 likesShow this thread -
It's a brilliant attack, which works on many processors that use a similar block-erase. It's still not mentioned in Microchip documentation.
2 replies 1 retweet 3 likesShow this thread -
Next up, erasing "fuses" using UV-C light. EEPROM and flash, used by nearly all modern microcontrollers for security settings, can be erased by decapping and shining light. First saw this from
@bunniestudios https://www.bunniestudios.com/blog/?page_id=40 …2 replies 4 retweets 12 likesShow this thread -
Replying to @cybergibbons @bunniestudios
Been meaning to try this. What decapping approach did you use?
3 replies 0 retweets 0 likes -
(Sorry to butt in) Do you have any comparative experience of laser decapping instead of RFNA/HF acid?
1 reply 0 retweets 0 likes -
Every time I've tried I just end up blasting off the transistors along with the plastic. But maybe I wasn't patient enough to use a sufficiently low power setting...
1 reply 0 retweets 3 likes -
Laser decap seems to be used when you don't want bond wires. Reverse acid fume jet seems to be best way.
2 replies 0 retweets 2 likes -
Replying to @cybergibbons @bunniestudios and
I think the professional laser decap machines are mainly used to remove the bulk of the package and from looking at the videos they preserve bond wires. Maybe
@ControlLaser can provide some insight.1 reply 0 retweets 2 likes
Yes, I have successfully used a laser to thin the epoxy back in a region of interest, so that the acid etch takes less time/reagents and also you can preserve more of the structural package in the case of a bulk etch. But all the way to the silicon -- that's trickier.
-
-
Replying to @bunniestudios @LennertWo and
The Digital ICO laser we've developed is a specific laser source, lens, and collimator. Using special settings, we can preserve bond wires and, in some cases, uncover the die with no damage. Here is our technical paper on the technology - https://www.controllaser.com/wp-content/uploads/2018/01/Digital-ICO-Effective-Laser-Decapsulation.pdf …
0 replies 0 retweets 5 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.