Author: Colin O’Flynn
-
My 2003 Low Cost SMD Soldering Guide
Back in 2003, I wrote a guide for AVRFreaks.net about low-cost SMD soldering. I had never mirrored this to my website, but recently needed a more permanent link to it for a PCB introduction lecture. The information may no longer be the most current (22+ years later!), but I wanted to keep an official mirror…
-
Fixing Ubiquiti Dream Machine (UDM) SE Hard Drive Not Detected Errors
My UDM SE can fit various hard drives. Ubiquiti have decided to have a cool tray the hard drive snaps into & slides into the UDM, which also means you have to have a very good fit. As it turns out, the fit may not be good enough without shimming the drive out! I used…
-
Dumping Parallel NAND with Glasgow
I recently got my Glasgow device, which is a rather impressive piece of tech. I followed the Windows installation instructions and it “Just Worked”, including installing the toolchain! On one computer I needed to use Zadig to force the driver to be libusbK, but on another Windows computer it wasn’t needed. In this blog post,…
-
RECON 2023: Adventures of My Oven (Pinocchio) with ChipWhisperer
At RECON2023 I gave a talk about reverse engineering my Samsung Oven. This blog post has slides & links to information, with more to come! You can get a copy of the slides below: Oven-Specific Stuff: https://github.com/colinoflynn/samsung-ovens-deconstructedPython Loader for TMP91 Series: https://github.com/colinoflynn/pytoshloadResource CD for TLCS900: https://github.com/colinoflynn/Toshiba-TLCS-900-L-Resources
-
Intel LGA1700 (12th/13th gen, i9 3900k) Top Resistors/Capacitors
If you’re a bit careless with your CPU (especially if e.g., delidding it) you can knock these resistors off the topside. From measuring a known-good device (but without removing them) I measured the following values as a reference:
-
Danni Build – Feb 11/23
Start of build. Lots of marking & drilling of items, which was done on a milling machine with DRO. Having the DRO read-out is useful here rather than marking pieces I found. I had mounted cheap iGaging DROs to a small X2 mini-mill, there is a YouTube Video of how I did this. Here is…
-
New England Hardware Security Day 2022 Talk
On April 1st, 2022 I gave a “workshop” at New England Hardware Security Day. This blog post is a quick summary of some of the links to recreate my demos from that talk. Here is a copy of the slides if you’d like them: DFA on Raspberry Pi with PicoEMP This demo is pretty simple…
-
Apple AirTag Teardown & Test Point Mapping
What’s inside of Apple’s new AirTag? There was already an iFixIt teardown (which I swear was missing a few items that are there now), but of course was curious to see what sort of protection was enabled. Notably the nRF chip used is likely vulnerable to a known bypass of security as well. With that…
-
Analog Discover Pro Teardown
NOTE: This was going to be a twitter thread but twitter was down? So this is a lazy blog post… Anyone used to Digilent would expect this to be based on Zynq or similar – the fact the device has USB + ethernet ports makes it a pretty much sure thing! Taking the screws off…
-
Experimenting with Metastability and Multiple Clocks on FPGAs
NOTE: This article appeared in Issue 293 of Circuit Cellar, back in December 2014. I’ve posted it here for your reading pleasure as well. References to previous articles are for Circuit Cellar Issues, as this was originally written for the print publication. This version differs slightly from the print version – this is my own…
-
BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks
This post is a summary of some work on an accepted paper for ESCAR EU 2020. This work was demonstration on certain NXP chips & GM ECUs, but the idea of both the attack & understanding how portable results are is applicable across the entire domain. NOTE TO CAR TUNERS: I won’t perform this for…
-
FPGA Board Design Tips
NOTE: This article appeared in Issue 315 of Circuit Cellar, back in October 2016. I’ve posted it here for your reading pleasure as well. References to previous articles are for Circuit Cellar Issues, as this was originally written for the print publication. This version differs slightly from the print version – this is my own…
-
Square Terminal Teardown
I recently tore down a square terminal (the one with the LCD screen) and wanted to share some of these results. I haven’t photographed everything as was mostly interested in how the secure areas of it are down. You can see an overview in the following video if you want to see how the whole…
-
Amazon Echo Dot Gen 3 – Microphone Disable Circuitry
Have you been interested in the Echo Dot device? One feature they mention is that there is a microphone off button. I spent a few hours reverse engineering this, and recorded (in un-edited glory) the process: The resulting schematic is shown below: The astute reader will note the only pin under direct control allows the…
-
A Call for Time Travel Resistant Cryptography (TTRC)
At CHES 2019 [rump session], I presented my revolutionary talk on Time Travel Resistant Cryptography (TTRC). This is a hugely important area of research that has been widely ignored in academic work, and it’s time to finally make this right. Why is this so critical? While Post Quantum Cryptography (PQC) gets NIST contests, and invested…
-
USB Triggering & Hacking
This blog post covers several topics that I should have made independent posts about… but anyway. Here we are. It’s September and I should have done this months ago. Trezor / USB Hacking Updates (Black Hat + WOOT) I had an earlier blog post with details of the Trezor attack. It turns out this is…
-
FICHSA ChipWhisperer Tutorial Requirements
At the FICHSA Conference ( https://fichsa.sise.bgu.ac.il ) I will be running a short workshop on ChipWhisperer using the ChipWhisperer-Nano. A direct link to a Google Doc with the most up to date information is available here: https://docs.google.com/document/d/1IgDeGZ6d0FEYJbaF4a-KsBhdIHlMZg04-wQYUSZgnks/edit?usp=sharing If you want to fully play along, please bring a laptop with the following installed and setup: I…
-
Glitching Trezor using EMFI Through The Enclosure
As mentioned on the Trezor blog post, their latest security patch fixes a flaw I disclosed to them in Jan 2019. This flaw meant an attacker with physical access to the wallet can find the recovery seed stored in FLASH, and leave no evidence of tampering. This work was heavily inspired by the wallet.fail disclosure…
-
Embedded World 2019 Conference Talk
At Embedded World I gave a talk on embedded security. There was also an associated paper, and I’m now making those available. I’ve also duplicated the paper contents in this blog post for your ease of access. Download Slides (PPTX): ABSTRACT: As interconnected devices proliferate, security of those devices becomes more important. Two critical attacks…
-
More Research, More Fun – I’m now an Assistant Professor
Are you interested in this area of research? If you’ve followed some of my work you know I enjoy a combination of fundamental research & hands-on practical experiences. It led me to co-found NewAE Technology Inc out of my PhD, with the objective of taking some of the research I was doing and pushing it…
-
Nova Scotia Embarrassment –
Just a quick post to have someone with the text. In case you aren’t aware, Nova Scotia’s “Freedom of Information and Protection of Privacy” (FOIPOP) system allows you to request various information from the government, including information about yourself. When you request information about yourself it’s not redacted (i.e., your SIN and other information they…
-
MeatBag PnP – Simple Pick-n-Place
Have you ever hand-built a PCB prototype with lots of parts? If so you’ll know the annoyance of hand-building something from a big stack of Digi-Key parts. Having to Ctrl-F the part value in the design, and dealing with hits on both top & bottom side. Instead I’m introducing Meat-Bag Pick-n-Place, which helps you the…
-
Breaking Electronic Door Locks Like You’re on CSI: Cyber – Black Hat 2017 Talk
This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. Once the keypad is off, you have access to a connector…
-
PhD Thesis Finally Done
If you’ve seen my presentations anytime over the past few years, you’ll know the introduction about “PhD Student at Dalhousie University finishing ‘soon’” has been the claim for the past several years. Finally ‘soon’ actually happened! You can see my complete thesis entitled “A Framework for Embedded Hardware Security Analysis” on the DalSpace website. It’s…
-
Philips Hue, AES-CCM, and more!
This is just a quick blog post to update you on some rather interesting research that will be coming out led by Eyal Ronen. At Black Hat USA 2016 I did some teardown of the Philips Hue system, and described the possibility of a lightbulb worm. Check this landing page which now has a draft PDF of…