Profile
Blog
Photos
Videos
Media
Photos
The user did not publish any entries here yet
Videos
The user did not publish any entries here yet
Categories
Geek Stuff: Hacking Smartcards at Flylogic.net |
posted by IanFarquhar at 1 year ago
This is pure geek stuff, so if you're uninterested in VLSI design or cryptography or security architecture, this isn't for you. But if those things do interest you, then check out Flylogic:
Flylogic is owned and run by Christopher Tarnovsky, former intelligence specialist turned VLSI consultant. Chris was the technical specialist behind the infamous "Black Sunday ", when DirecTV disabled thousands of pirated smartcards. Sadly for him, ridiculous games between cable TV companies in the US saw him spend years testifying in courts which ultimately found nothing significant.
Wired has a fascinating article about Chris here , but for crypto-geeks and people interested in VLSI, I thoroughly recommend his blog.
- Tags:
- mvp
- Category:
- geek-stuff
- Rate:
-
Share
Bookmark
Report
Comment
VoVo32 wrote at 1 year ago
have you seen
the paper about how Karsten Nohl and the CCC abraded an RFID chip from Mifare, took microscopic pictures of the layers and then used their own optic analysis software to reverse engineer the crpyto algorithm by "OCR"ing the gates?
MIFARE Cipher
Yep. Actually, this sort of reverse engineering has been happening for years, and most large companies have the ability to do it (although they hide the facility as a "failure analysis lab" or equally dodgy euphemism). But there are large established companies which do it also, like Semiconductor Insights. Flylogic is a security specialist, whereas SI tends to more general analysis.
The work of Nohl et al is really good, and highlights a reality: almost all non-peer reviewed cryptographic algorithms are insecure. It also showed that companies like NXP/Philips with a vested interest misuse the law to try and protect their business, without any regard for the consumers. So much for their duty of care.
Of course, there are a lot of techniques to prevent this sort of reverse engineering. For example, the code word the US government applies to their collection of anti-RE technologies is QUADRANT. Although it's classified tech, it's known to include things like opaque and removal-resistant conformal coatings on the top of the die, small shaped explosive charges under the chip which pulverize it if the device detects unauthorized use, and even things like thermite plates which totally destroy rackmounted units.
The spooks also have equally good techniques for attacking other people's chips. Have a look at US patent 6,190,433, assigned to the US National Security Agency.
All very interesting stuff.
But it's not just the big guys doing this anymore. I was surprised to recently read that the MAME developers are even using decapping to recover ROM contents from certain hard-to-reverse-engineer devices now. Wow.