Category: Hardware Hacking
-
Dumping Parallel NAND with Glasgow
I recently got my Glasgow device, which is a rather impressive piece of tech. I followed the Windows installation instructions and it “Just Worked”, including installing the toolchain! On one computer I needed to use Zadig to force the driver to be libusbK, but on another Windows computer it wasn’t needed. In this blog post,…
-
RECON 2023: Adventures of My Oven (Pinocchio) with ChipWhisperer
At RECON2023 I gave a talk about reverse engineering my Samsung Oven. This blog post has slides & links to information, with more to come! You can get a copy of the slides below: Oven-Specific Stuff: https://github.com/colinoflynn/samsung-ovens-deconstructedPython Loader for TMP91 Series: https://github.com/colinoflynn/pytoshloadResource CD for TLCS900: https://github.com/colinoflynn/Toshiba-TLCS-900-L-Resources
-
New England Hardware Security Day 2022 Talk
On April 1st, 2022 I gave a “workshop” at New England Hardware Security Day. This blog post is a quick summary of some of the links to recreate my demos from that talk. Here is a copy of the slides if you’d like them: DFA on Raspberry Pi with PicoEMP This demo is pretty simple…
-
Apple AirTag Teardown & Test Point Mapping
What’s inside of Apple’s new AirTag? There was already an iFixIt teardown (which I swear was missing a few items that are there now), but of course was curious to see what sort of protection was enabled. Notably the nRF chip used is likely vulnerable to a known bypass of security as well. With that…
-
BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks
This post is a summary of some work on an accepted paper for ESCAR EU 2020. This work was demonstration on certain NXP chips & GM ECUs, but the idea of both the attack & understanding how portable results are is applicable across the entire domain. NOTE TO CAR TUNERS: I won’t perform this for…
-
Square Terminal Teardown
I recently tore down a square terminal (the one with the LCD screen) and wanted to share some of these results. I haven’t photographed everything as was mostly interested in how the secure areas of it are down. You can see an overview in the following video if you want to see how the whole…
-
Amazon Echo Dot Gen 3 – Microphone Disable Circuitry
Have you been interested in the Echo Dot device? One feature they mention is that there is a microphone off button. I spent a few hours reverse engineering this, and recorded (in un-edited glory) the process: The resulting schematic is shown below: The astute reader will note the only pin under direct control allows the…
-
A Call for Time Travel Resistant Cryptography (TTRC)
At CHES 2019 [rump session], I presented my revolutionary talk on Time Travel Resistant Cryptography (TTRC). This is a hugely important area of research that has been widely ignored in academic work, and it’s time to finally make this right. Why is this so critical? While Post Quantum Cryptography (PQC) gets NIST contests, and invested…
-
USB Triggering & Hacking
This blog post covers several topics that I should have made independent posts about… but anyway. Here we are. It’s September and I should have done this months ago. Trezor / USB Hacking Updates (Black Hat + WOOT) I had an earlier blog post with details of the Trezor attack. It turns out this is…
-
FICHSA ChipWhisperer Tutorial Requirements
At the FICHSA Conference ( https://fichsa.sise.bgu.ac.il ) I will be running a short workshop on ChipWhisperer using the ChipWhisperer-Nano. A direct link to a Google Doc with the most up to date information is available here: https://docs.google.com/document/d/1IgDeGZ6d0FEYJbaF4a-KsBhdIHlMZg04-wQYUSZgnks/edit?usp=sharing If you want to fully play along, please bring a laptop with the following installed and setup: I…
-
Glitching Trezor using EMFI Through The Enclosure
As mentioned on the Trezor blog post, their latest security patch fixes a flaw I disclosed to them in Jan 2019. This flaw meant an attacker with physical access to the wallet can find the recovery seed stored in FLASH, and leave no evidence of tampering. This work was heavily inspired by the wallet.fail disclosure…
-
Embedded World 2019 Conference Talk
At Embedded World I gave a talk on embedded security. There was also an associated paper, and I’m now making those available. I’ve also duplicated the paper contents in this blog post for your ease of access. Download Slides (PPTX): ABSTRACT: As interconnected devices proliferate, security of those devices becomes more important. Two critical attacks…
-
More Research, More Fun – I’m now an Assistant Professor
Are you interested in this area of research? If you’ve followed some of my work you know I enjoy a combination of fundamental research & hands-on practical experiences. It led me to co-found NewAE Technology Inc out of my PhD, with the objective of taking some of the research I was doing and pushing it…
-
Breaking Electronic Door Locks Like You’re on CSI: Cyber – Black Hat 2017 Talk
This year at Black Hat I’m presenting some short work on breaking electronic door locks. This talk focuses on one particular residential door lock. There was a bit of a flaw in the design, where the front panel/keypad can be removed from the outside. Once the keypad is off, you have access to a connector…
-
PhD Thesis Finally Done
If you’ve seen my presentations anytime over the past few years, you’ll know the introduction about “PhD Student at Dalhousie University finishing ‘soon’” has been the claim for the past several years. Finally ‘soon’ actually happened! You can see my complete thesis entitled “A Framework for Embedded Hardware Security Analysis” on the DalSpace website. It’s…
-
Philips Hue, AES-CCM, and more!
This is just a quick blog post to update you on some rather interesting research that will be coming out led by Eyal Ronen. At Black Hat USA 2016 I did some teardown of the Philips Hue system, and described the possibility of a lightbulb worm. Check this landing page which now has a draft PDF of…
-
Philips Hue – R.E. Whitepaper from Black Hat 2016
At Black Hat 2016 I presented on some reverse engineering of the Philips Hue (also see my other post about getting root on it, which was part of that presentation). If you were at the talk, you would have also seen mention that you’ll want to keep your eyes out for future publications by Eyal…
-
Black Hat Slides – PIN-Protected HD Enclosure / MB86C311A Research
This is a quick post to link to slides from my Black Hat USA 2016 work. This work stands directly on the work done by Joffrey Czarny & Raphaël Rigo presented at HardWear.io last year (2015). They discovered the issues w.r.t. the stream-mode cipher being used by all manufactures on the MB86C311A, and the fact…
-
SECT-2015 Talk Slides
On Friday at 14:15 I’m giving a talk about my open-source power analysis and glitching projected called ChipWhisperer at SEC-T. Here is some useful links if you watched the presentation: PDF of Presentation Slides [4MB] Link to Kickstarter Link to Documentation for ChipWhisperer Link to CW-Lite in Store See information about the entire project at…
-
DEFCON Talk Slides
On Friday at 1PM I’m giving a talk about my ChipWhisperer. Here is some useful links: PDF of Presentation Slides [8MB] Link to Documentation Link to CW-Lite in Store See information about the entire project at www.ChipWhisperer.com too!
-
Side-Channel Power Analysis of AES Core in Project Vault
What is Project Vault You can read a quick overview on various news sites, but basically project vault gives you a cryptographic module that you have complete control over. This means *you* decide to trust the module – even to the point of being able to access to implementation details of the crypto cores. Basically…
-
AtlSecCon Presentation Slides
Alright – if you want a copy of my slides from the presentation today, check out http://www.newae.com/files/ATLSECConSlides.pdf
-
Breaking IEEE 802.15.4 Networks: Paper/Presentation
I presented a paper entitled at a conference in Paris, France this past week. Much to my surprise it was selected as the best paper in the security track! I’ve now posted it online, along with the presentation + notes from Paris. See all the information on my Articles page. >