Hostile Hardware reverse engineering by chip de-capping and analysys
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Alternativer Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 112 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39000 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
AnalysisReverse EngineeringHardwareE-MailHardwareBitBrennen <Datenverarbeitung>Reverse EngineeringE-MailGraphfärbungDigitale PhotographieThumbnailWort <Informatik>Bildgebendes VerfahrenGrundsätze ordnungsmäßiger DatenverarbeitungComputeranimation
02:08
Atomarität <Informatik>Petri-NetzRechter WinkelBitFlüssiger ZustandWeb SiteResultanteMinimumLesezeichen <Internet>RechenschieberPetri-NetzComputeranimation
05:08
Atomarität <Informatik>SymmetriebrechungSelbst organisierendes SystemFehlertoleranzPunktTabelleKugelkappeBitDampfSoundverarbeitungAtomarität <Informatik>Computeranimation
07:08
Atomarität <Informatik>PlastikkarteBitComputeranimation
08:41
InformationsspeicherungAtomarität <Informatik>Wechselseitige InformationCASE <Informatik>TropfenGraphfärbungAtomarität <Informatik>StichprobenumfangKontextbezogenes SystemMathematikSchreib-Lese-KopfPerfekte GruppeComputeranimation
09:58
Web SiteFilter <Stochastik>SchnittmengeRichtungSchreib-Lese-KopfMathematikBitComputeranimation
11:28
Atomarität <Informatik>PromilleMultiplikationsoperatorMAPMinimumVerknüpfungsgliedMinimalgradSiedepunktAtomarität <Informatik>
15:14
Atomarität <Informatik>Petri-NetzEinsVideokonferenzMinimumBaum <Mathematik>BitPetri-NetzRahmenproblemGanze FunktionAtomarität <Informatik>ZweiComputeranimation
17:05
EINKAUF <Programm>BitWasserdampftafelVererbungshierarchieEinsRoutingGrundsätze ordnungsmäßiger DatenverarbeitungComputeranimation
18:24
BitSystemidentifikationGraphfärbungFlächeninhaltTrennschärfe <Statistik>Bildgebendes VerfahrenZahlenbereichIdentifizierbarkeitZoomProgram SlicingRegistrierung <Bildverarbeitung>VerdeckungsrechnungComputeranimation
21:22
RahmenproblemVirtuelle MaschineKeilförmige AnordnungGraphiktablettTypentheorieYouTubeComputeranimation
22:43
VerknüpfungsgliedOpen SourceMustererkennungLeistung <Physik>Rechter WinkelCodeEinflussgrößeComputerKryptologieSocketBildgebendes VerfahrenData MiningPeripheres GerätAlgorithmusPortal <Internet>Endliche ModelltheoriePhysikalisches SystemMusterspracheÄußere Algebra eines Moduls
24:58
RuhmasseGoogolEinsMathematische LogikVerknüpfungsgliedDigitaltechnikPhysikerTypentheorieDienst <Informatik>GamecontrollerStrömungsrichtungBitFrequenzAutorisierungSocketSoftwareArbeit <Physik>SpieltheorieTermHackerPunktCodeSelbstrepräsentationMereologieCASE <Informatik>Mikrocontroller
26:42
SpezialrechnerAtomarität <Informatik>MereologieVerknüpfungsgliedCodeMustererkennungBildgebendes VerfahrenZahlenbereichMikrocontrollerWeb SiteBitCompilerProjektive EbeneSoftwareentwicklerSchlussregelMereologieZoomPi <Zahl>EinsFlächeninhaltTropfenPunktMultiplikationsoperatorAtomarität <Informatik>KrümmungsmaßGüte der AnpassungProzess <Informatik>Data MiningGreen-FunktionGeradeSoftwaretestGrenzschichtablösungTouchscreenTermKonzentrizitätNotebook-ComputerBeamerDifferenteMaßerweiterungTextur-MappingComputeranimation
30:47
GefrierenBootenPunktSimulationComputersicherheitFlächeninhaltExtreme programmingBetragsflächeAtomarität <Informatik>MultiplikationsoperatorDatenstrukturWhiteboardQuick-SortComputeranimation
33:07
Bildgebendes VerfahrenHIP <Kommunikationsprotokoll>PunktCASE <Informatik>Grundsätze ordnungsmäßiger DatenverarbeitungDatensatzQuaderBitMAPOrdnung <Mathematik>Komponente <Software>ZahlenbereichHasard <Digitaltechnik>Rhombus <Mathematik>GeradeGarbentheorieGraphfärbungWort <Informatik>SichtenkonzeptMailing-ListeSkalarproduktZellularer AutomatBetrag <Mathematik>Computeranimation
35:28
Atomarität <Informatik>Freier LadungsträgerBildgebendes VerfahrenDatensatzGruppenoperationGeradeMusterspracheGesetz <Physik>BitBildschirmmaskeSoundverarbeitungKonzentrizitätSchnittmengeComputeranimation
36:59
BitPunktBildgebendes VerfahrenCursorGeradeMereologiePersonal Area NetworkQuick-SortATMProgrammfehlerProzessautomationProzess <Informatik>GraphfärbungComputeranimation
38:24
Rippen <Informatik>GraphfärbungMathematikGeradeMAPEINKAUF <Programm>ZahlensystemBildgebendes VerfahrenWorkstation <Musikinstrument>BitCASE <Informatik>ATMSoftware Development KitBenutzerfreundlichkeitLesen <Datenverarbeitung>SechseckProgrammUnrundheitMusterspracheComputeranimation
39:57
Bildgebendes VerfahrenVerdeckungsrechnungSechseckQuick-SortFontGruppenoperationBitTrennschärfe <Statistik>SchnittmengeMinimumGeradeRechter WinkelCASE <Informatik>Textur-MappingNP-hartes ProblemGraphiktablettComputeranimation
41:53
BitGraphiktablettLesen <Datenverarbeitung>GeradeUmsetzung <Informatik>MikroprozessorMinimumPunktZahlenbereichMereologieSoftwaretestCASE <Informatik>ComputersicherheitClientGrenzschichtablösungBildgebendes VerfahrenCodeElektronische PublikationRechter WinkelBAYESEinsZeiger <Informatik>FlächeninhaltATMSkalarproduktSechseckSchnittmengeSoftware Development KitAdressraumSystem FMomentenproblemReverse EngineeringProdukt <Mathematik>
45:17
EEPROMGeradeKonstanteVirtuelle MaschineInterrupt <Informatik>ProgrammCodeVariableLoopWechselsprungBitMinkowski-MetrikAdressraumProjektive EbeneStichprobenumfangVerzweigendes ProgrammSchnittmengeCASE <Informatik>CompilerEmulatorAutomatische HandlungsplanungVererbungshierarchieComputersicherheitFrequenzKontrollstrukturÜbertragFlächeninhaltQuadratzahlSierpinski-DichtungLokales MinimumZeiger <Informatik>Leistung <Physik>Atomarität <Informatik>Web SiteRuhmassePunktKoroutineComputervirusGarbentheorieSoftwaretestLesen <Datenverarbeitung>Flash-SpeicherOrdnung <Mathematik>RechenbuchDisassemblerMathematikWeb logSoftware Development KitEigentliche AbbildungFunktion <Mathematik>Regulärer GraphQuelle <Physik>MultiplikationsoperatorRechter WinkelVierzigMinimumMeterSchnitt <Mathematik>TouchscreenDateiformatVerdeckungsrechnungResultanteTechnische Zeichnung
51:26
RuhmasseSchnitt <Mathematik>CodeAtomarität <Informatik>AdditionGeradeVerdeckungsrechnungLochkarteQR-CodeWeb logProjektive EbeneMAPLokales MinimumResultanteMomentenproblemRohdatenBitOrdnung <Mathematik>HackerGraphiktablettFlussdiagrammComputeranimation
53:03
GeradeComputersicherheitKomplex <Algebra>SchlüsselverwaltungPolygonnetzRahmenproblemWort <Informatik>Schreiben <Datenverarbeitung>MultiplikationsoperatorMinimumMarketinginformationssystemRFIDVariableCodeLokales MinimumAtomarität <Informatik>GamecontrollerPunktKonzentrizitätQuick-SortPhysikalismusReverse EngineeringRechter WinkelDruckverlaufSoftwareStörungstheorieSchnittmengeProdukt <Mathematik>WechselsprungSchaltnetzPhysikalisches SystemWärmeübergangDatenflussWärmestrahlungComputeranimationTechnische ZeichnungFlussdiagramm
55:47
ZweiResultanteMultiplikationsoperatorBitCodierungFlächeninhaltCodeMikrocontrollerSoftware Development KitOpen SourceProjektive EbeneComputersicherheitExistenzsatzPunktFibonacci-FolgeSchnittmengeHalbleiterspeicherAutomatische HandlungsplanungSchlüsselverwaltungImplementierungFokalpunktComputeranimation
57:56
CodeCodeWeb logMereologiePunktBildgebendes VerfahrenOffice-PaketVerdeckungsrechnungWinkelMultiplikationsoperatorSensitivitätsanalyseAlgorithmusDifferenteWeb-SeiteVirtuelle MaschineKoroutineRuhmasseSoftwaretestMathematikBitDisassemblerBus <Informatik>MusterspracheÄußere Algebra eines ModulsTouchscreenSechseckRechter WinkelDateiformatOpen SourceAuflösung <Mathematik>BildschirmmaskeKälteerzeugungEmulatorBildschirmschonerPerkolationstheorieAdditionQuick-SortRahmenproblemComputersicherheitVersionsverwaltungProgrammPhysikalische TheorieProzess <Informatik>Technische OptikMustererkennungGrenzschichtablösungSchlussregelGeradeGüte der AnpassungSoftwareParserBinärcodeNotebook-ComputerVerknüpfungsgliedSelbstrepräsentationProjektive EbeneAutorisierungSpieltheorieCASE <Informatik>TermArbeit <Physik>MaskenprogrammierungComputeranimationTechnische Zeichnung
01:04:58
BeamerPunktSoftwaretestErwartungswertData MiningNotebook-ComputerTermMultiplikationsoperatorFlächeninhaltTropfenWhiteboardGreen-FunktionDatenstrukturQuick-SortBildgebendes VerfahrenComputeranimation
01:08:53
BefehlsprozessorSpezielle unitäre GruppeElektronischer ProgrammführerMenütechnikAtomarität <Informatik>FokalpunktSpezialrechnerCASE <Informatik>GeradeBildgebendes VerfahrenGrundsätze ordnungsmäßiger DatenverarbeitungSharewareZahlenbereichBitPunktDatensatzComputeranimationVorlesung/Konferenz
01:10:26
SichtenkonzeptGraphfärbungBildgebendes VerfahrenBitSkalarproduktGeradeDatensatzSchnittmengeGruppenoperationComputeranimationVorlesung/Konferenz
01:11:48
ZweiGeradeBitLesen <Datenverarbeitung>MustersprachePunktBildgebendes VerfahrenCursorComputeranimationVorlesung/Konferenz
01:13:58
LoopMusterspracheATMUnrundheitLesen <Datenverarbeitung>BenutzerfreundlichkeitBitSechseckComputeranimation
01:15:32
ProgrammSechseckBitOrdnungsreduktionVerdeckungsrechnungBildgebendes VerfahrenBenutzerfreundlichkeitGruppenoperationSchnittmengeMinimumComputeranimation
01:16:58
GeradeBitATMVorlesung/KonferenzComputeranimation
01:18:15
BildschirmsymbolSkalarproduktBildgebendes VerfahrenElektronische PublikationSechseckMomentenproblemClientComputeranimationVorlesung/Konferenz
01:19:36
PunktSoftware Development KitProdukt <Mathematik>CodeDisassemblerSchnittmengeComputeranimation
01:20:59
AdressraumWechselsprungMinkowski-MetrikTouchscreenVariableDisassemblerCodeAdressraumLoopBitSystem FProgrammInterrupt <Informatik>
01:22:26
TabelleSystemaufrufZyklische RedundanzprüfungEvolutionäre SpieltheorieCASE <Informatik>Zeiger <Informatik>DisassemblerCodeDateiformatCompilerVerzweigendes ProgrammSchnittmengeÜbertragWeb SiteSoftwareSoftware Development KitComputeranimation
01:24:26
Inklusion <Mathematik>SpezialrechnerVerzweigendes ProgrammHIP <Kommunikationsprotokoll>RFIDSoftwareEigentliche AbbildungSpeicherabzugKontrollstrukturSchnittmengeComputersicherheitQR-CodeSchlüsselverwaltungPunktFunktion <Mathematik>Verzweigendes ProgrammLesen <Datenverarbeitung>CodeInterrupt <Informatik>ÜbertragEPROMSoftwareRuhmasseKoroutineFlash-SpeicherAdditionRFIDWeb logMAPWort <Informatik>Lokales MinimumRohdatenKomplex <Algebra>Physikalisches SystemVererbungshierarchieComputeranimation
01:31:25
RFIDSoftwareCodeMultiplikationsoperatorBildschirmmaskeKälteerzeugungOpen SourceSoftwareBitQuick-SortSchaltnetzAdditionFlächeninhaltWeb-SeitePunktComputersicherheitExistenzsatzSoftwaretestProjektive EbeneLeistung <Physik>AlgorithmusImplementierungGemeinsamer SpeicherKoroutineMikrocontrollerDisassemblerWeb logBetrag <Mathematik>SensitivitätsanalyseVerdeckungsrechnungBus <Informatik>Rechter WinkelMereologieSoftwarepiraterieComputeranimation
01:38:25
CodeSoftwaretestWeb logBildgebendes VerfahrenProgrammRahmenproblemBitMultiplikationsoperatorVersionsverwaltungTouchscreenBetrag <Mathematik>BildschirmschonerEmulatorMereologieAuflösung <Mathematik>Computeranimation
Transkript: Englisch(automatisch erzeugt)
00:00
afternoon, everyone. I'm Zak Franken, and this is Major Malfunction. I'm going to be sitting quietly here for a bit and actually learning what he does, because I have no fucking idea. He does this weird hardware stuff, and all these really terrible smells come out of the room, and when he gets the chemicals out, it's even worse. So, yeah, this is going to be interesting.
00:23
What can I say? I'm a farper. Okay. So we're going to take you guys through a bit of hardware reverse engineering, and I think you're going to have fun with it. We certainly did. So we are Aperture Labs. We are not Aperture
00:44
Laboratories. We are someone completely different. We do occasionally get a bit of mis-rooted mail, though. So here's a piece of mail we got. Dear Aperture Laboratories, do you make portal guns? Do they work? Well, I have an idea for
01:05
a portal gun. Here is the picture. The portal colors are yellow and rainbow from Joshua. So apart from the dreadful photo shopping on this picture, you notice that the thumbs
01:31
aren't pointing the right way around. So I think I'm a reasonably smart guy, and I
01:41
was just completely not thinking when I went on to Google Images and searched for the word fist. I swear to God, holy shit. There was one I thought he was trying to pick
02:02
her nose from the inside. It was mind bleach. Okay. So just to recap, so we're going to
02:21
talk or I'm going to talk about simple decapping that you can do and the kind of benefits you'll get from it. Call it the plink plink fizz method.
02:42
So, we need some ingredients. Some nitric acid. So normally between 70 and 90 percent, you can't get it up to 99. 70 is probably good enough. And it's ‑‑ there are issues
03:04
with chemicals like these. So, you know, just like you might think you really want the 99 percent stuff, you probably really don't. Acetone, which is an organic solvent. A hot plate, because the hotter the nitric acid is, the faster the reaction. So you
03:25
can have a chip, you can drop it in room temperature nitric acid, nothing will happen. Actually that's not quite true. The legs will miraculously disappear and actually disappear
03:40
right into the package. It's like, oh, there's very small holes on the side. But as soon as you start to get it a bit warmer, amazing things happen. Or a silicate glass beakers. These are Pyrex beakers so they can withstand a bit of heat without shattering. A pipette just for moving liquids around. And an acetone
04:03
wash bottle. Again, just an easy way to apply your acetone. And some Petri dishes which are useful for sorting out the results. So, you see that? What can I say? And the
04:26
other one, the other great place to get some of this stuff from, Amazon. Who just bought potassium nitrate from Amazon. And I'm like, okay. And at the bottom, and I've
04:42
seen this on a couple of occasions, the other people bought sulfur and charcoal. My favorite was I was looking for aluminum powder and other people bought iron oxide and magnesium
05:01
ribbon. I'll sling them into one of these slides, actually, now I remember it. So eBay is your friend. The shit we bought from eBay is astounding. So as you can probably gather, this stuff can get quite nasty. Nitric acid, particularly bad. So it does what
05:30
we want, particularly to dissolve organics. So the epoxy packaging on the chip is the thing we want to get rid of. But it will also take out metals as well, dissolves copper,
05:45
and does all the other lovely things acid does. It will burn you. It has choking fumes so as soon as you take the cap off the bottle, it will start fuming away. You get fumes from the stuff the acid reacts with, and that's typically nitrogen dioxide,
06:06
toxic, of course. And yeah, if you get a lung full of nitric acid vapor, there's about an eight hour delay before it has a nice catastrophic effect. It will be really
06:24
unpleasant initially, and then eight hours later, bad stuff will happen. Oh, yeah, and it causes spontaneous combustion of organics. This is probably an important point to note. Kitchen table, yeah, this one is not for the kitchen table. Definitely outside and
06:45
better with a cabinet. So, you know, so people wear latex gloves, and they wear a lot, and in general, in labs, people started moving to nitrile gloves because they are nitrile is great, it's resistant to most chemicals, doesn't react with them. This
07:05
is what happens when you take a bit of nitrile glove and you add a little bit of nitric acid. By my. So you definitely, definitely want to be a bit careful with it. Okay,
07:42
acetone is only a little evil. It will dissolve plastics in particular. It can be really handy for getting inside smart cards and things like that. It has choking fumes, and apparently it's a little bit carcinogenic as well. Oh, yeah, the fumes are heavier
08:04
than air, so if I'm working with it up here, the fumes are going to cascade off the table and on to the floor and spread out. So the guy back there is going to have a nice little pool of acetone fumes around him. If it rolls down into the basement, yeah,
08:28
it's interesting stuff. Yeah, and again, you won't realize, you won't really smell anything, but there is a nice layer of it on the ground, and yeah, bang. So, safety.
08:48
We use a fume cabinet. You have just got to also think about how you are dealing with this stuff, especially the nitric acid and where you are storing it. Handling it,
09:03
think about where it is, where you are moving it to. Is the container open? If you have a pipette and you are moving it across to your sample, if the pipette drips, what's it going to drip on? If it spills, where is it going to run, and what's it going
09:24
to hit as it runs? So just kind of be aware in your head what's going on, and then you are good to go. Also, you can neutralize it with baking soda, because it's an acid.
09:40
We use an industrial neutralizer, which costs ‑‑ you buy it in cases of sex, it costs about 200 bucks. It's amazing stuff. You just sprinkle it on and it color changes when it's safe. It's like perfect neutralization for dummies. So here's our fume cabinet. Any ideas where the fume cabinet was acquired? eBay! 10 pounds,
10:08
this fume cabinet cost. It cost 35 pounds to have a cab go pick it up. Now, it sounds like a great deal, but it is safety equipment, and this is called a recirculating fume cabinet,
10:24
so some fume cabinets just suck things up and vent them straight outside. This is designed to vent back into the room, so everything goes through a filter. Therefore, there's no way I'm trusting the filters from a 10‑quid eBay fume cabinet. So a new set of filters
10:43
cost about 500‑quid to put in. But, you know, you can use direct vent outside, or, you know ‑‑ a lot ‑‑ a lot smaller fume cabinets. Oh, and again, you can do this
11:01
stuff outside, and that's how I started doing it. The other thing, just be aware of the wind, because if the wind changes, your big plume of nitric acid fumes that was going over there all of a sudden heads toward you, and even a tiny kind of little
11:20
bit, very unpleasant. So, yeah, this is like ‑‑ yeah, I really don't want to be near that shit ever again. So here's the nitric acid. You never guess where I got it, of course. You use a beaker and pipette, and the great thing about this is you don't
11:42
need to use a lot. You know, 12, 15 mils of nitric acid a time is plenty of nitric acid to decaf a chip, which is great. It means you don't have to have tons hanging around, and you're not moving large quantities about. This is an acetone wash bottle. So handy,
12:05
you just fill it up with acetone. The straw, when you're not using it, you just pull up above the level of the acetone, and the acetone will stay ‑‑ as it's heavier, will stay in the bottle. So here is a simple example. This is a PIC chip, PIC32,
12:33
and ‑‑ as you know, we have a tradition at DEF CON that all first‑time speakers
12:42
have to do a shot. And we figured you were a first‑time speaker at DEF CON 21. As short as it is. As short as Jack. How surprising, since it's you. So you realize when I fuck
13:04
the rest of my talk up, I'm just going to play with you. Wait a minute, back up. Excellent. How come I have to drink one because he didn't?
13:21
That's not fair. All right. Let's hear it for these first time speakers at DEF CON 21. Thank you, sir. Please may I have another? Thanks, Proctor.
13:41
As you were. Thank you. The empty one?
14:06
This is a microchip PIC32 chip, which we started knocking around, and I had more than one of them, so I'm like, okay, we'll use this guy. It's a very modern chip, so
14:21
it's very highly integrated. So the level of detail on it is very small. But slightly older chips are fun because you can actually really start to understand how they're built up and how the gating is done and things like that. So as soon as I pop this in here, one of the things I want you guys to look for
14:42
is on the kind of bottom side here, as soon as it's dropped in the beaker, it will react instantly. This acid is about 90 degrees Celsius. It will boil at 120. And so as soon as the chip goes in, it will start reacting immediately, and what you'll see is around
15:04
the kind of bottom here, you'll see a spall coming off of the epoxy. So yeah. And no
15:21
one is seeing this video, are they? I am. It's great. It is. Evil, evil, evil Microsoft.
15:45
Actually, no. Okay. So look for the spall around the bottom of the beaker. Here we go. Instant reaction. Boom. The petri dish on top is just to kind of contain the
16:02
fumes a little bit. So the brown fumes are nitrogen dioxide, and you can see here, this dark cloud is the epoxy coming off the chip. Okay. So once it's finished reacting,
16:31
tip the acid into a second beaker, your disposal beaker, and take the beaker, rinse it with the acetone and decant it into the petri dish. And what you'll end up with
16:46
is a dye with all the bond wires still intact, because the acid is going to eat not just the epoxy, but the entire lead frame as well, both externally and internally from the chip. So get the dye, rinse it in a little bit more acetone, and this is what
17:06
you'll end up with. And it kind of looks a bit yucky. There's still a little bit of epoxy on there. But again, another fantastic eBay purchase. These are like 30 quid, and
17:25
they're amazing. They will just remove all the shit from anything, including chips. No, they're really cool. So we've used them with water, we've used them with water in them, and then a beaker of acetone with the chip sitting in it. And absolutely fantastic.
17:49
And if you have watches or jewelry or glasses, and you pop them in this, the first thing you're going to go is, holy shit, am I a filthy person. You'll see it will be coming
18:04
off. It's like, oh, my God. But they're amazing. They're super cheap these days, little ones. And if you get one, don't forget to do your wife's and girlfriend's jewelry. She'll love it. Okay. So after it's had a trip through the
18:24
cleaner, this is what we've ended up with. Now, this is not a particularly great microscope picture because a really cool microscope doesn't have a lens big enough to take the whole chip. So this was done with a small, crappy USB microscope. But you can see it's cleaned
18:43
up a lot. One of the other things you'll notice that's missing are the bond wires or a lot of the bond wires. That's because the chip was vibrating around in the ultrasonic bath and they simply got knocked off. They're pretty fragile.
19:00
So let's take a bit of a closer look. So this is under a microscope, and this is one of the kind of identification areas of the chip. These numbers here represent the layers. So the dye is built up in layer upon layer upon layer. So as the chip's manufactured,
19:24
you take your silicon, you've got your wafer slice off it, and it's constant ‑‑ so basically you expose ‑‑ okay. Start from the beginning. You've got your wafer.
19:47
You lay down a mask, which is a chemical that is etched away by typically the mask and basically ultraviolet light. Once that's coated, that resist is coated on the dye.
20:03
You have a large image of the portion of the chip. You focus it down onto the dye, onto the wafer, expose it with ultraviolet light, and then you rinse the resist chemical
20:21
away. And that just leaves an exposed area which you can then dope with another layer of silicon and just build it up and build it up and build it up. So these identifiers are kind of registration marks for each layer as it got laid down. So they can see,
20:41
well, actually, you know, we did actually put down layer 156. The reason the colors are different is because ‑‑ because of the different depths, they are reflecting the light slightly differently. Okay. Never again, not Jack Daniels.
21:10
So let's zoom in a little bit more. A little bit more. So you can get some really great detail. Okay. Here are the bond wires. These ‑‑ as you see, there's the two
21:28
on the left‑hand side of this picture are actually missing. They got simply vibrated off. So there are typically two types of bonds. This is called a ball bond, which
21:43
is the more modern technique. The older technique is called a wedge bond. And you can actually find wedge bonders on eBay, of course, if you wanted to take the die and try and put it into a new lead frame. But there's better techniques. The ball bonds are quite clever.
22:02
The wire comes out. It gets hit by a little paddle. There's an electric charge between them and it causes the little gold wire to fuse into a ball. And then it ultrasonically pushes that ball down and ultrasonically welds it onto the pad. If you go on to YouTube
22:20
and search for die bonding, the speed the die bond machines go at is truly unbelievable. And they are literally dropping a bond on the die, taking it to the lead frame, ding, at the speed of light. It's unbelievable. So why the hell are we doing this? It is
22:48
a reasonable question. You've sat there very patiently while I've rambled on. There are some really good reasons to do this, actually. So here's a really simple example. A friend
23:01
of mine is a model maker and he was actually one of the guys that built the Hogwarts model. And we're having a beer one day and he started talking about this plug. Now, this is given away cheaply by one of our power companies in the UK. And it's a power saving device.
23:27
You plug your computer into the master socket or your TV and your peripherals into the slave sockets on the side. And when you turn the master on, it turns on the peripherals
23:42
simple, easy. But what they wanted to use it for was dust collection for power tools. So basically they'll plug the power tool into the master, the extraction system will be plugged into the slave, and as soon as you turn it on, extraction starts and they can go. The only problem with this is there's a five‑second delay between the
24:04
master turning on and the slave turning on. And they just can't handle that. The alternatives, the actual ‑‑ if you went to buy one of these, they charge 150 quid, so about 250 bucks for something like this. This costs 8 quid. So for something that's
24:27
doing pretty much exactly the same thing. So he mentioned that someone had hacked this and was asking me about it. So let me actually take a look at it. It's a pretty simple device
24:41
so on the top here you have a little power supply. The next important thing is this resistor here, resistor 17, which is to measure the current. So here are the actual
25:00
important bits. We have two chips here, a service logic chip, which is nice and clearly marked. Service logic is the vendor. It's CS5466-ISZ. Type that into Google and you get the data sheet and you're off. And then we've got the OC706. Or if you look at the
25:22
other plug, it's the OC708. You can't find anything about this device. Now, when you read the service logic data sheet, this is our current frequency converter chip. So it's measuring the current across that resistor and it's outputting a frequency that's proportional
25:42
to the current consumed. And it needs a clock as well. And this, when you reverse the circuit, this OC706 chip is supplying the clock to the service logic chip. But after a ton
26:00
of Googling, and it's quite interesting because you'll actually see other people searching for ‑‑ you know, Google suggesting, oh, did you mean OC708? People are searching for similar parts. Now, it makes sense that this is a small microcontroller. But unless we know what it is, it's completely useless. So the guy that hacked it basically pretty
26:26
much replaced this entire chip with a PIC chip, clutched it in and away he went. But if you plink this ‑‑ plink, plink, fizz this chip, this is what you get. And thank
26:45
you NEC for having nice big part numbers here. This is a D78F9212. It's a little microcontroller. You go into the NEC site. Here's a ‑‑ here's a compiler for it. Here's all the development tools. They're all free. So we're away. Major here hasn't
27:06
quite had it dumped on him to write the code, but that's coming shortly. That's because some idiot destroyed the chip. Plenty more of where those came from. Okay. So other interesting things. This is some masked ROM. It's another chip. So
27:31
slightly older. And we're going to zoom in a little bit. And zoom in. And it starts to look quite interesting. So this is an area on the chip. Really close. And you
27:47
can actually really start to see some proper texture. Okay. So one of the things we decided to do was clean the image up a bit. So we're
28:07
the dye is what's called a passivation layer. It's just a simple layer of silicon dioxide glass to protect the chip, the electronics underneath from any contaminants in the epoxy.
28:25
So it's just basically to seal the top. But again, if we remove that, we'll get a nice fresh image. So anyone get any ideas? Hydrofluoric acid. So some people have tried
28:45
to polish it off. And that works to a certain extent. But it can be really hard getting the chip perfectly flat because these layers are incredibly thin. And if it's just off slightly, then you start digging in deeper on one end of the chip and you lose detail.
29:05
It's a nightmare. Hydrofluoric acid. And hydrofluoric acid is used in the chip manufacture process. When I was talking about the resists, they use hydrofluoric acid, the resists hydrofluoric
29:21
acid which they use to remove material. So nitric acid is pretty nasty. Hydrofluoric acid is fucking horrendous. Not to put a finer point on it. So, yeah. Pure, pure, pure,
29:46
horrendously evil stuff. Not quite this time. It is the piss of the devil. No. You
30:01
can imagine some little sinners getting dipped in it repeatedly. Okay. So for those of you not familiar, it's an acid. So it does all the kind of usual bad stuff that the nitric acid does. It dissolves glass. So that can be a little
30:21
bit of an issue. But that's actually what we want it to do. So we're cool with that. It's quite toxic. Somewhat. It eats calcium and magnesium. And depending on the concentration, if you actually get it on you, you won't notice for 24 hours. So bad, bad, bad,
30:51
bad, bad shit. Okay. So I mentioned it dissolved calcium. I'm not going to talk about
31:00
calcium. Yeah, it loves calcium. Yeah. You wish. It looks like this. So anyone notice anything about this picture? Especially the one on the right? Apart from its extreme
31:23
grossness? Sorry? Okay. So the reason his finger is all wrinkly at the top is because there's no bone in there anymore. It's all gone. And what's more, it will work its
31:41
way up. Yeah. Bad, bad, bad, bad, bad shit. So the Skelligrow isn't going to help. But the calcium gluconate gel will. So the whole point of the gel is to feed the acid
32:02
calcium. So it prefers the calcium gluconate rather than the calcium in your bones. So there are lots of ‑‑ I mean, when I say hydrofluoric is bad, it gets even worse. So if you read any treatment regimens for hydrofluoric acid, not only will they
32:24
say slap on lots of calcium gluconate or potentially inject it into you, so in fabs they have epi pens within, the treatment regimen says under no circumstances give the victim
32:45
any pain relief whatsoever. No local anesthetic, nothing. Because they know that they finally treated you when it stops hurting. So basically throughout the treatment you're going to be in agony and they're going to keep you in agony because they know when it stops
33:04
hurting, you're probably okay. So I really wanted to do this. And it's like how the hell am I going to do this? And I had a course of dental treatment. My dentist
33:24
is quite young and hip and we're chatting away, what do you do, et cetera, et cetera. And he happens to mention, oh, we use hydrofluoric acid. I'm like, really? And that's really
33:44
interesting and slightly scary. So this is the stuff. This is dental hydrofluoric acid gel. No, a company called Henry Shine, dental supply. So ‑‑ sorry? Ask your dentist
34:07
nicely, absolutely. And he'll do that, too. We'll get there in a minute. Okay. So I'm like, oh, where would you get ‑‑ oh, yeah, the dentist supplier wrote me a list
34:20
and one of them was a company called Henry Shine. Okay. So this is a little ‑‑ this shows you the level of insanity that's out there. When I order components from one of the big U.K. component suppliers like RS of Fernell, if I'm crazy enough to want something like a lithium coin cell, like two lithium coin cells, because I happen to need some
34:44
and I just threw them on another order, hazard lights start flashing and it's like, oh, this is a hazardous material. So basically what that means is your lithium coin cells will arrive by a separate shipment three days later than you actually needed them and they'll
35:04
be in a box like this. No, I'm not shitting you. For two coin cells, slapped with big hazard diamonds. It's like, holy crap, this arrived in the little box, no markings at all. It's like, okay. So it arrives in these little syringes and, yeah, some interesting
35:38
things. So they actually use it inside your mouth. So the hygienist will be there
35:42
with the extractor sucking away whilst the dentist is putting it on your mouth. So you can use your crowns to roughen them up before he applies an adhesive. But it's designed for dentists. It's not for chemists or for people working in fabs. It's designed
36:06
for a dentist who is kind of quite technical but he's not a chemist, he's not a rocket scientist, he's a dentist. So it comes in a gel form which is pretty cool because, again,
36:21
I want it to be as safe as possible for me. Simple as that. It's dyed so you can see exactly where it's going which is quite handy. And it's a quite low concentration. It's 9.6% which is low but it's still effective. And the other thing, when you're
36:41
doing stuff like this by yourself, you don't want something to react necessarily super quickly. You want to be able to control it. So actually the fact that it takes a little bit longer to react, that's just perfect. But, yeah, you definitely want a fume cabinet for this stuff. So this is a before and after. So this is the before
37:04
pick. And this is the after. And it looks a little bit blurry and that's because this image is a little bit blurry. But it's cleaned up the image remarkably. And as I said, just removing that top passivation there. So here is another shot. This is another part
37:35
of the chip. It has a bug in it and actually that is the bloody microscope camera.
37:44
And it was reasonably cheap. Actually, was it eBay? I think it might have been eBay. But, yeah, we bought it. It was super cheap. And I think it got dropped and internally
38:01
within it, crap got on the lens and trying to actually clean it out, impossible. And when it's got bits of crap on it, it's not ideal. This particular bit of crap I actually think was on the dye. So, yes, it was. So you can see there's a color change between
38:31
these two images. And that's because we've now removed a layer. So as I said earlier, colors represent depth. And the depths have all changed because there's now no longer
38:45
a layer. And it also opens this dye up for micro probing. So you can buy micro probing station, which is an amazing piece of kit. And it will allow you to put probes on these
39:01
lines and actually sniff the data going through. eBay. I think that was our most expensive eBay purchase. That was about 5,000 bucks. Ours came from San Diego. And it was the best eBay deal ever. It had lots of accessories. And a great microscope. But it's ‑‑ have
39:25
a look. It's called a micro probing station. And basically it's a microscope with a special stage. And you have micro positioners that allow you to move a very fine probe. And we're talking about fine, I have probes that are .25 of a micron. So you can move
39:47
them very accurately and just plop them on these lines and you can sniff the data on the chip buses. But that's for another talk. So it is ‑‑ you did say be nice
40:01
to your dentist. And it really is important to be nice to your dentist. I was nice to my dentist. And this is what he gave me. So ‑‑ and I was in for several sessions and said, hey, can I bring some stuff in and get you to X‑ray them for me. He's
40:20
like sure, that sounds like fun. And I did. So it was just kind of one of those things. It's like dental X‑ray, is it going to be useful and interesting for this sort of stuff? And as it turns out, yes, it is. So I brought a little selection of chips
40:45
and plopped them down. He zapped them. And this is what we've ended up with. So, the good thing about these is X‑rays are one‑to‑one. So these are scale size
41:01
chips. And it means that when you pop them under a microscope, you can do things like blow them up. These are the bond wires in situ inside the chip. And actually something I never knew, this guy here ‑‑ if I'm pointing at the right one, this guy here,
41:22
has three bond wires going to the same pad. And it turns out that's a power supply line, so that was a ground in that case. So chip needs more current, needs more bond wires to handle the current, so they stack three up. Any idea what this is? The texture
41:42
at the back might give you a hint. No takers? So this texture is a very thin sheet of fiberglass and it's a little bit hard to see. This is a sim chip. So you can actually see the bond wires coming from the dye in the center. The dye you can't really see, but you can
42:04
see the bond wires outlining the dye going to the various pads of the sim chip. Now, this one is particularly interesting. We were doing some testing for a client. One of the
42:23
security reverse engineerings, we do a little bit of assurance work as well. And we knew what we were kind of looking for with this chip. And when we X‑rayed it, it's like holy shit, we know about chips one and two, these two guys over here, what the fuck
42:43
is this? And it turns out that that is a radio chip, which we weren't expecting in this particular device. And as it turns out, it's there legitimately. But it could
43:04
be completely illegitimate. So there are issues with supply lines being compromised, fabs churning out dyes that have modifications, and here is a small RF device that could
43:21
be embedded in the dye itself. No, that wasn't a USB stick, actually. I can't really tell you what it is, unfortunately. But it was like holy crap. So given that the guy in the middle is a processor, and the one on the left is an EEPROM, what we were actually doing was looking to look at the bond wires between
43:45
the processor and the EEPROM and watch the conversation between the two. And yeah, that RF chip, the way we actually figured out it was an RF chip was he pulled it out of the bottom of the jar when we plink plink fizzed it and zoomed in and there was
44:03
the manufacturer's part number on it, again, just look it up, holy crap. But the interesting thing was I must have plinked half a dozen of these chips, and I'm going to go through the debris and I'm picking out and actually in this particular
44:23
case the processor and the EEPROM, there's bond wires between them so they're joined together, so they're easy to spot and you just pick them out. And then I kept coming across, like a few weeks later, after I had done a whole bunch of them, I noticed
44:41
that there was bigger chunks in the crap at the bottom, and it turned out to be this little dye. At that point we hadn't X‑rayed it, so we didn't know exactly what we were dealing with and we only were expecting those two chips in there. So that was very interesting. And as I said, it's like, oh, what is this, oh, there's
45:04
several of these, where the hell did these come from? And actually on every chip I'd plinked, there was one of those lurking in the grunge at the bottom. So, with this particular project, we wanted access to sniff the data on these lines
45:29
going between the MCU and this EEPROM chip. So, plink, plink, fizzing it isn't going to cut it, because I need the chip to be operable. So there is a handy machine to
45:46
do it. It's called a Nysine jet etch, it's amazing, it's like this size, you pop your chip in and it will etch a hole in it down to the dye. Only problem, $22,000.
46:01
I have a constant eBay search for one, I haven't seen one yet. So, it's like, okay, it's 22,000 bucks, but I reckon it's doable. So, came up with this design, this device is called
46:22
the Decapinator. And I wrote a blog post about it, and I wrote a blog post about it, saying, okay, I've got this design, I'm going to send out for the bits and I'll fill you in. Well, I'm a lazy fuck and haven't actually updated to say, actually, yeah,
46:43
it works. So you actually get to see the results. So this was my plan for it. So, you have a hot plate at the bottom, your flask of nitric acid. You have in this drawing a syringe pushing air in so the nitric acid comes up, I ended
47:08
up using an aquarium pump. And Teflon is resistant to hot nitric acid. So I got Teflon rod of two different sizes. And I wanted to try and use simple tools, so this can
47:25
be done with a drill press and just some simple wood working bits. And the Teflon cuts like a dream if you use wood working tools on it. So I chopped out these two cups, drilled a hole through the bottom. I learned a little
47:46
bit about pulling glass pipettes, it is simple, unless you want the pipette to be absolutely straight, in which case it is a fucking pain in the arse, but it is doable. And I also wanted to be able to control where the acid was going to mask it into
48:06
a particular area. So after a lot of research, I came across this rubber, this gasket material called Viton ETP 600S. And then I tried to find it. So I looked in all the usual
48:22
places, eBay and Amazon, and I didn't do Craigslist ‑‑ I have never done Craigslist, I don't know why. I will have a look, actually. Sorry? Okay. Well, I eventually tracked
48:45
down some people that did. And on the way, I came across ‑‑ it is made by DuPont. I came across a DuPont distributor, because apparently it is quite new, that when I said oh, I would like a sample of Viton ETP, he actually wet himself on the phone. He was
49:03
laughing down the phone at me and saying, this is as rare as rocking horse shit. So I finally tracked someone else that I could order a sheet of, and I said, okay, so I would like to order some Viton. I don't need a lot, just really, you know,
49:24
six inch square would be fine. It is like, oh, no, that won't meet the minimum order, which is 940 millimeters square. And I'm like, okay, yeah, that will be fine. Okay, that will be 1700 pounds plus that. So basically the better part, two and a half thousand
49:43
bucks. And I'm like, yeah, I don't need the Viton that badly. And I did actually track down someone that sold me a kind of six inch by six inch slot, a piece of it, actually had a hole punched in it, so I think it was actually on a proper sample sheet,
50:01
sample little book. It was 200 quid. But in the meantime, I had gotten some regular Viton on Amazon. Big sheet like this, 40 quid, 60 bucks. And I realized that actually
50:20
the cheap stuff works because I'm only exposing it for a reasonably short period of time. The Viton ETP600 is designed for making gaskets for pipelines that are pumping nitric acid and shit like this. So actually I can have something, the regular Viton, when you
50:43
look at the specs and how they test this stuff, it is like, okay, we're going to immerse it in nitric acid for 24 hours and it's like, oh, yes, and it expands 5%. And it's like, okay, that's fine. It's going to be nowhere near like 24 hours. And even if it did
51:01
expand 5%, who cares? Not with the stuff that we are doing. So we ended up not using the wing nuts. We actually have a spring pressing down. So the nuts are still there, but under the nuts is a spring. And it just presses down that top plate. And there we go. That's
51:28
slightly better. And I also realized that the ‑‑ once you cut the aperture in the Viton, a handy thing to do is to super glue it to the chip. So therefore it becomes
51:41
a kind of monolithic thing and the Viton isn't going to be slipping off the chip, et cetera. And it ended up using little strips of Viton with the hole cut in the end so you could put it in and line it up with the aperture that the acid is going to jet through.
52:07
So this was an early mask. Simply cut with a scalpel. But you can use handy things like leather punches and things like that. And this was ‑‑ this was the first trial.
52:24
So this was ‑‑ I think this was an MSP chip, little TI MCU. And this was the pad. It got a little bit close to the edge because it wasn't particularly well aligned
52:42
and my aperture is a lot larger than I actually needed for the die. And actually that's one useful thing about doing X‑rays or doing the plink plink fizz is that you can actually find out exactly how big the die is and where the die is in order to do some alignment.
53:04
So if we zip back to this guy, remember what I want to do is intercept these five lines going from the large central chip to the chip on the left. So we can sniff the data
53:21
between them. So this one was close but it went too deep. So you can see the bond wires connecting the two. But we actually ended up going underneath those chips and destroying the lead frame that was providing the interconnects to the outside world. So
53:44
that one was a bust. However, this one was just right. Take it down just far enough to expose the bond wires to allow us to tap onto. Now, I'm actually just going to jump back here. So there are some issues with this initially. One of them was the air.
54:07
So I got the aquarium pump and I put a valve in so I can adjust the flow. And then I quickly realized that actually that's a variable and the best thing for me to do is to try
54:21
and remove all the variables. So the little valve came out and the pump was simply on at max all the time. Another variable was the temperature. So although I thought I was getting the temperature right, I wasn't. So I got a hot plate, again from E‑bay,
54:42
I had a thermocouple probe which was supposed to be acid‑resistant and certainly was not. I went through two before I'm like okay. So I simply made a long tube that sealed the bottom of it with a blowtorch and injected a thermal transfer compound into
55:07
the bottom of it, put my thermocouple in there. So when I eventually ‑‑ I'm going to write this up after con, you'll see the pictures and you'll see that third probe or that third probe penetrating the stopper. So my acid is at a known concentration
55:29
my temperature is at a known setting, my pressure is at a known setting. So my only two other variables at that point are the permeability of the epoxy to the acid and time. So it
55:45
becomes pretty controllable. So that was about three minutes. And that is a minute and a half. One minute, 30 seconds and it will always do this. I've done 20 chips like
56:01
this. Spot on. One minute, 30 seconds. This is where you get to. And that was absolutely perfect for us to micro probe on to the bond wires and actually sniff the data passing through. So I will publish the results of that and the design, the
56:25
decaffeinator, so you guys can have a go at it as well. And you can start micro probing ICs that are actually running. And silicon is the last bastion of security. You can
56:42
pull hard drives and analyze them. You can sniff memory. Everyone now are trying to lock away their secrets in silicon. That's where they hide the keys. So we need to be making moves in this area. The kit is very expensive. Chris is very well known, has made
57:01
a fabulous business out of this. However, he has a lab with millions and millions of dollars worth of equipment. He is not shopping on eBay. Actually that's not true. He may well be. But when you buy used fab equipment, which is available on eBay, it's still costs a million dollars for your fib focus ion beam device.
57:26
Sorry? Cable money, yes, exactly. So in a week's time or so, I have written this up and hopefully I want to get to the point where we have a set of plans that you can
57:44
take and build and possibly we might try and put together some kits that you can buy and screw together and decap away. So that's it for me. Now I work from Code Monkey
58:00
over here. And remember, just to recap ‑‑ lovely. So now I know what the smell is coming from
58:39
so at this point he handed it over to me and he is like, okay, so we are doing the probing
58:45
and we are doing the ‑‑ you know, we got the decapping working and so on. Now we need to get the actual code out. We can sniff the data going between these two buses but how about extracting the actual code that's running on the chip. We want
59:01
to see what instructions, what it's doing with that data. Now the difference between mask ROM and a programmable chip is a mask ROM chip, it's hard wired into the chip so it never changes. Every chip is identical. It never gets programmed. It's actually manufactured.
59:21
The instructions are manufactured into the chip. So the challenge is how do we read the mask ROM? Well, as I mentioned, we identified the image, the part of the image that is the mask ROM, which is this, and then we look at it and we say, okay, well,
59:40
there's an obvious pattern there. Can we actually read it? So maybe if we look at this and say, well, is that a 1, 1, 0, sorry, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1. So yes, we can. That's binary data. If I just take that and take that and take
01:00:00
turn it into hex, there's my instructions, right? So it's like, okay, this is just way too obvious. This must have been done before. Someone's already doing this. And in fact, there's some code, some very smart code that deals with even smarter images than this called D-gate. Anyone here played with or heard of D-gate? No? Okay. So there's
01:00:22
an open source of one guy at the back. I guess not a lot of people actually play with this stuff. But the guys who polished the chips off developed this package called D-gate and what it does is image recognition. So you look at what they were doing was trying to figure out a crypto algorithm. So they had a bunch of gates and they were looking
01:00:43
at all gates and end gates and so on. And they wanted to build a pattern of what the chip was doing. So they used pattern recognition. So they would take a picture of an or gate and say, right, that's an or gate. Find all the other or gates. Here's an and gate. Find all the other and gates. And they packaged it up into this cool bit of software which
01:01:04
will then spit out a graphic representation of what that logic circuit is doing. Fantastic. That's going to be easy then. I'll just point that code at this and we'll read the mask ROM and then we've got the code. In fact, when I started playing with it,
01:01:20
I couldn't find anything in there for doing a simple here's a mask ROM, read the data please. So I thought I was being thick and I emailed the authors and they said, no, we've never done that. We couldn't think of a use case for it. It would be easy to do but yeah, no, we haven't done it. So I'm like, damn it. Okay. Who else has done this
01:01:41
kind of stuff? Okay. The MAME community. They are constantly reading ROMs and getting games. Any of you guys actually involved in MAME here? MAME use it, have it, play it? Yeah, that's more like it. Okay. So again, I reached out to the
01:02:02
MAME community and said, well, how do you guys do it? And they said, oh, it's really simple. What you do is you take a picture, you divide it up into chunks, you send it out to hundreds of people and they sit there looking at it, typing one, no, one, no, one, no. Okay. So slave labor basically is how they do it.
01:02:25
I think the technical term is crowd sourcing. Crowd sourcing, yeah. So very cool and it works obviously because we end up with MAME games that we can play. But I really didn't want to sit there typing in 5K of 1s and 0s, 5K bytes of 1s and 0s. And I couldn't
01:02:45
crowd source it because this was a confidential project. In fact, you're not allowed to look at this, so you never saw this, okay. So what to do? So I thought, okay, well, we know how to do it, it just isn't in D game. I'll just do it with image recognition.
01:03:05
So I'll write a little bit of code that does this and I use open CV which is fantastic. Image manipulation code makes stuff like this an absolute doddle. All the hard work is done for you. It's in Python which rules because I love Python.
01:03:22
He is a Python Nazi. It must be in Python. If it doesn't work in Python, it ain't worth having it. That's my philosophy. But then I thought, well, actually, if you look at this image, there's lots of problems with it. So we know what the 1s and 0s look like.
01:03:42
So these guys, a bright dot is a 1 and the absence of a bright dot is a 0. That's pretty simple. But there's a lot of clutter as well. There's all this crap. So you've got these lines. We've got what look like columns of data. So here we've got a chunk which is obviously data and then you've got a separator, then you've got another chunk and then you've
01:04:03
got a separator and so on. You've got all this crap at the top. You've got these lines that go along horizontally between the data. So I figured I'm going to spend so much time trying to get the code to tell the difference between good data and bad data that I'm not
01:04:22
actually going to be able to successfully automate this process. So then I thought, okay, the hell with it. I'll semi automate the process. What I'll do is automate the process of creating a way of reading it cleanly and then automatically reading what's done.
01:04:41
So I created a thing called ROMper which is ROM parser. I'm going to switch this screen to my laptop and I apologize. I hate doing this and sitting down and speaking from behind a laptop because I'm going to be doing a lot of mousing and fiddling. I'm now going to disappear for you guys. Bye. I hope that's horribly wrong. They promised me it would
01:05:24
just come straight off. So the laugh is when we were in the green room and testing it with the projector in there, it was my laptop that was fucking up left, right and center. He was like, yeah, mine's fine.
01:05:45
Okay. We've got bags of time. Just talk amongst yourselves. Go for a question. The question was how do glob tops impact ‑‑ glob tops are ‑‑
01:06:19
is it a chip on board you're talking about? Yeah, okay. So the industry term is COB,
01:06:29
chip on board. So basically the dye is placed directly on to the PCB and then it's ‑‑ then they drop a drop of very runny epoxy to actually solidify. So we haven't
01:06:50
tried those. I mean, we've tried them to the point that we've de‑capped using the Plink fizz method, things like SIMs, which are so heavily armored in the silicon
01:07:08
it's unbelievable. You can see all the chips we've seen here, they look great. You can actually see the pathways and areas on the chip. If you look at a SIM, which is intended
01:07:21
to be secure silicon, the top of it is just pretty much a layer of gold armor designed to disable the chip if you penetrate it. Interestingly enough, it may well be possible to do with the de‑capinator because the de‑capinator ended up being such a useful tool I could actually de‑capinate the chip. So initially I was taking the chip
01:07:45
off the PCB, putting it through the de‑capinator, putting it back on. I was actually able to get to the point where I could de‑capinate the chip while it was still on the PCB. So I was putting whole PCBs into the de‑capinator and pitting that one chip and putting
01:08:03
it back on. Yeah, that was pretty cool. I thought it may be possible to do and it turns out it totally is. I mean, the boards were very small so if you had a larger board you're going to have to have some sort of support structure but it's totally, totally doable. Only ‑‑ so the question was sometimes they're almost spherical. Does
01:08:27
that impact the time to etch? And the answer is yes. Simply the greater the depth of epoxy the more time it takes. Well, so you'll almost never be able to do this and
01:08:45
get it right first time around. So expect to go through a few chips until you actually work out, okay, it's going to take X amount of time. And well done. Yeah, so expect
01:09:02
to go through a few chips before you actually work out, okay, actually, in that case it's going to take me 130 to actually get to where I want to be. Okay. Major. Thank you. Demo gods are with me hopefully so far. So if you remember the original image
01:09:25
we had columns of data. And basically what you have to do is look at those columns and try and figure out exactly what you're trying to create. So my idea was I'm going to create a grid over the image and where there's an intersection because it's all nice
01:09:41
and neat rows and columns. Where there's an intersection that's a point of interest and if there's a dot there that's a one and if there isn't it's a zero and if you're outside the grid just ignore everything. So ROMPA, you tell it basically the image name,
01:10:02
the number of bits in your horizontal line and the number of rows, the number of lines. So if I say ROMPA bitmap, I counted 16 in each column and I'm going to do two rows at a time. You'll see why this is relevant in a minute. So if I go back to the original
01:10:27
view so basically this is our image and I reckon there's 16 bits in each of these sections. So the first thing we do is apply just a color filter and I can actually filter it to try
01:10:42
and get the dots down a bit smaller because remember we're trying to identify whether it's there or not. So now what the tool allows you to do is create this grid. So the first thing I'm going to do is say, okay, this column here is my start column. Hopefully you can see a little blue line has appeared. Can you see a blue line on there?
01:11:05
No. Okay. Can you now? Yeah. So here's my final column, 16. Because it's nice and even it's drawn in the rest of the lines for me. So that's two mouse clicks so far.
01:11:22
So now here's my first row and here's my second row. Remember I said there's two in each row. So again, if I get rid of the image, we've now got a little grid which is two sets of intersections. And now if I just say, okay, here's another group and here's
01:11:45
another group. Here's another group. So we're very quickly building up our grid. I'm going to do this fully so bear with me a second. Okay. That's enough. But you see
01:12:18
how quick it is to do. So we're down to a few dozen mouse clicks to create a grid that
01:12:24
matches that entire thing. So if we now go back to the image, what I can do is say, okay, wherever there's an intersection, tell me if there's a bit there or not. So I'm going to do a read and it's now gone. Yeah, I see a bit there.
01:12:43
Okay. These guys don't quite line up. We know that this pattern is completely the same. It's a repeating pattern. So all of these lines should look the same. So what I can do is click on this guy. This is just me being slightly inaccurate when I'm clicking
01:13:01
the mouse. I try and center. Basically when I click on a mouse, on a dot, I try and automatically center the line horizontally and vertically. The problem is you can't really tell with a mouse where your exact click point is. What I ought to do is change the cursor to something more accurate. But I'm just ‑‑ I'm lazy and it kind of worked
01:13:22
and it was quick and easy. So if I now go into edit mode, I can just move that line until it lines up a bit better. Move this guy. Or if it's out horizontally, I can move it that way and that way. But you get the idea. So we can now mess around and try and
01:13:55
create a grid that perfectly lines up. I can go back to looking at the original image if I think that's a bit clearer. It's kind of hard to see what's going on. So again,
01:14:07
I just thought, well, I'm trying to automate this process. I'm not trying to fully automate it. I'm trying to semi automate it. So I'm going to do things that make it easier for my eye. The human brain is very good at processing images and patterns. So I'm just
01:14:20
going to make it as easy as possible for my eye to process this stuff. So you can do things like switching off the grid and checking what's underneath. Switching between the original and the mast. And then I have this nice mode called peephole mode. So you
01:14:44
also get rid of the grid. You can now see, well, this guy is not lined up at all. So if I go and edit him, I can quickly line that up and you see when you're dead on and there's a nice round dot in the center of your thing. And if I reread ‑‑ because
01:15:09
I'm not just playing the grid, put the grid back on. We've now got a clean read of those four bits. We also want to try to make sense of the data. So in this particular
01:15:21
case, we knew that an unused piece of ROM has a hex value of C1. So what looks like, if I come out of peephole mode and look back at the original image, there are these big chunks of unused data here. So here's obviously program and here is nothing. And
01:15:43
this repeating pattern, therefore, we would say that must be C1s. So what we should see here because it's 16 bits, I'm hoping is C1, C1. Now the quick amongst you will have noticed, I ain't going to get that. So what I can do is say, okay, take these
01:16:01
bits and actually show me a hex value. We'll get rid of the mask and the image. Reduce we have the actual values that are decoding for each of our groupings. And clearly that's wrong. So what the hell is going on? So if we go back to our image, it turns out,
01:16:30
see these guys here, these are lead wires coming in to read a column of bits. And if you count them, one, two, three, four, five, six, seven, eight. And if we were
01:16:43
to scroll down and look at the bottom of the image, there's another set of these coming up and they're interleaved with these guys. So what we've actually got is eight bits interleaved with another eight bits. So what we're going to have to do is come out of here, go back
01:17:00
in, say actually it's not 16, it's eight. And we're going to start again with eight.
01:17:42
And now you can actually see, okay, so those are apertures. Basically the automatic aperture size is based on the size of the gaps between the lines. So I can actually reduce those a bit if it's overreading. We'll adjust this guy. Now you can flip
01:18:04
bits as well, obviously. And actually here you can see how useful peephole mode is because when you're trying to manually check if you've got a 0 or a 1 in the right place
01:18:22
and you've got all these other dots interleaved with these guys, sometimes it can be quite confusing. So if I go into peephole mode, all the extraneous imaging that my brain doesn't need to have to deal with is being removed and I can just look at only the dots I'm interested in. So that really helps. And if we go over here and again show the hex
01:18:43
values ‑‑ let's get rid of our image so we can read it, get rid of our grid. And there we go. There's our C1s. Thank you. So, yeah, that was quite a satisfying moment.
01:19:06
It's like, ooh, it actually works. So we can dump that to a file and I've already done that. So I now have a hex file, which if we go and look at that ‑‑ this
01:19:22
is only a tiny portion of the code, obviously, but it's enough to show you that without my client having to put a hit on us. Okay. So here we have our C1s. So lots of little blank areas. So at this point it's like, okay, we've got the code. We've extracted
01:19:41
the code from the chip. Now what? We need to disassemble it. Okay. Well, that's easy. It's a published device. This particular thing is called a mark 4. I'll just go and download a toolkit, developer's kit and disassemble it. So we had a look on guess
01:20:04
where? eBay. And no, we came up nil, zilch. So we widened the search and used the Google. And the Google said, yeah, we can get you those. It's a $200 product that stopped
01:20:21
being produced about 20 years ago. So to you, I like your face, $25,000. No, thank you. So we did find the manuals. So we had the instruction set and we had how to convert it. So we just sat down with it. We'll write our own. So our friend Python comes
01:20:45
in again. So mark 4 DASM was born. And if you point mark 4 DASM at a file, it does something like this. So basically this is going to be slightly nonsensical because
01:21:04
it's only a small chunk of the code. So what it will give you is a little summary of ROM addresses and labels, things that have jumped to that address. If nothing, if it's obviously a subroutine with an exit but nothing calls it, it's an orphan. But
01:21:22
if it's a known address like an interrupt, a bit of interrupt code, it will give it the correct label. The other really handy thing which meant we could tell when we found the beginning of the program is there are these two guys that always have to be there. There's a routine called auto sleep and it sits in a little
01:21:42
tight loop just waiting for an interrupt. And there's a routine called reset. And reset is actually what C1 is doing. C1 is a jump to the address where reset lives. So if your code goes mental and your program starts running off into oblivion, eventually it will hit a C1 and C1 will reset the chip. So all the blank space in the code
01:22:06
is a jump to reset which I thought was a really smart thing to do. So instead of just being a knob. Anyway, you get a little summary of what it's found. You get a summary of variables and then you get the actual disassembled code which is wrapping horribly
01:22:24
because my screen is too small. So my disassembler gives you the instruction in the format that the original compiler would have done it so you could run this through the compiler if you wanted to, if you had one. And here's auto sleep. It does
01:22:44
a knob, it does a sleep, sets branch and carry and then it just jumps back on itself and it sits there waiting to be interrupted. Here's our reset, sets up the stack, sets up the return pointer and then jumps to zero and off you go.
01:23:02
So we knew we correctly identified the beginning of the code. Awesome. How do we know we've actually read the code, all the code properly? Well, they helpfully put a checksum at the end. Now it's wrong in this case because this is only a partial chunk but here's the
01:23:21
checksum embedded in the ROM and here's the calculated checksum that the disassembler gave us and if they match then we got it right. Everything is lovely. One of the other things we really wanted was to be able to run the code and see what the hell this thing is doing. We've read the E‑prompt so we know with the data
01:23:44
that's gone in but we don't know what it's doing with it. So we could sit and try and manually step through this or we could write an IDA Pro plug‑in or something cool like that. Again, the development kit would have had an emulator in it. $25,000,
01:24:01
we're not going to buy that. So ‑‑ Actually, I did find a copy of the software for the dev kit. It was in German and it was on a Russian ware site. So we decided to give that one a miss. So, yeah, Python is your friend. A whole chunk of this is being cut off but ‑‑
01:24:31
I have to say I was absolutely blown away when he showed me this. This is cool shit. Yeah, so we can single step the code. We can set break points on read or writes
01:24:46
on the output port over here. You can't see. You've got all the registers, the stack. It's got two whole variables, X and Y. It's a really powerful chip. We can set
01:25:03
breaks on things like branches and so on. And we can just go off you go and it will just run. So if I take that break off, it's now sitting in its little loop. And you can see the branch. You remember that instruction that set branch and carry and
01:25:23
then jump to zero. That's what we're doing. And I will probably crash it if I now generate an interrupt. So it's jumped off into code that doesn't actually exist because this is only a partial fragment of the code. But this gives us now the ability to run
01:25:42
whatever we want. We can feed the data in via a pseudo EPROM which is plugged into this. So we now completely own that chip and all the code that was in it and all the data it was chewing on. So that's it.
01:26:11
Thank you. Sorry. Just before we go to questions, one of the cool things about this was the manufacturer was so super secure in their belief that no one was ever going to get
01:26:28
the data off this chip. Oh, it's mass ROM. No one can read mass ROM. Once it gets its fuse blown, there's a diagnostic routine that allows them once the chip is assembled
01:26:43
to verify the code and then they blow a fuse and it's gone. So couldn't possibly do it. No way to read it out because with flash you have the ability to read it out. But here it's mass so you don't need that facility. So it just checks the checksum. Yes,
01:27:04
okay. Now that thing gets turned off. The interconnect between the MCU and the EPROM, again, all inside the package. Yeah, it's not exposed to anyone. No one is ever going to get the code off this EPROM. And it just shows you what you can actually
01:27:24
achieve and how really some of their thinking is. So let's take some questions from you guys. Just a tiny addition to that. So sometimes we send chips off to people to do stuff like this for things that we couldn't handle before we did this. And we ask them, okay, we got a mass ROM chip, how much would that
01:27:43
be? Ooh, mass ROM, that's tricky. $10,000 per chip to give you the code. And it is a chip. The chip we asked about had 512 bytes of mass ROM. This had 5K. And actually
01:28:02
I think it was actually $25,000. It was horrendously expensive. While we got your attention, this is unrelated, but our next project, which we will be launching on kick starter, so get your camera out and take a picture of that QR code. That's my blog entry, which I posted about an hour before we came in to give this talk. That
01:28:27
describes exactly what it is. It's a software defined, which is the trendy buzz word at the moment, but for RFID. So this does the same thing for RFID as stuff like HackRF does for RF. So you get access to the low level raw data, you do whatever the hell
01:28:45
you want with it. Within a day of building it, we were cloning and emulating pretty much anything we could put in front of it. Oh, and it's cheap. Yeah. 30 pounds, maximum. Sell it on eBay. So anyway, questions?
01:29:13
Well, so depending on the complexity of the chip, the chip manufacturers actually do put
01:29:22
a lot of security features in place. So they will bury things in layers, so it won't be on the top layer. It will be eight layers down and they will put a security layer over the top, a security mesh, which is designed to destroy keys if the chip is damaged in
01:29:46
any way. So there's actually ‑‑ and when we first got into it, we were actually kind of quite pleasantly surprised that the chip manufacturers actually take security seriously. Of course, what they're trying to secure is their customers' IP. So we tend
01:30:03
to find that we do a lot of embedded systems reverse engineering. Normally, a lot of the security is crap. So they're taking the crown jewels, the super secret key ‑‑ That's the polite word for it. Yeah. They're super secret master keys and they're storing
01:30:23
them in chips that aren't really designed to secure keys and things like that. So we looked at an RFID vendor and they are kind of latest and greatest product. And they stored their keys in a pick chip and we sent it off to a slightly dodgy company.
01:30:47
And they said, oh, that will be $900, sir. And they sent us back an entire dump of the code, including all their super secret keys. And we've had chips reversed that have
01:31:02
cost as little as 90 bucks. So if you have a cheap pick chip, 90 bucks will get you the code. So they're tending to ‑‑ with the higher end chips, actually put some effort into trying to prevent this from happening, proper on‑die security.
01:31:27
It's a basic problem. Not just ‑‑ oh, hi, hot mic ‑‑ not just the physical expertise for pulling apart the chips, but the software expertise, it's an amazing combination. Thank you. That's a mis-spent youth, I think.
01:31:43
For those of us ‑‑ with that said, I'm curious as to the amount of time you have poured into this project end to end. Surely there were ‑‑ from the safety lecture you took your time and did your research and the Python code is spitting by, maybe what's an afternoon for you is a month for the rest of us. So what's your time
01:32:01
going to be like? Well, we've been doing this stuff between us for 20 years. So it's a bit here and a bit there. I don't know if you actually sat down and tried to do it in one chunk. I don't know. But the whole point of stuff like this and Decapinator is we're trying to solve those problems and then step everyone
01:32:25
forward. We need to move into a situation where you guys can get up and running within a week, not a year. I mean, I guess how long did we start on that? So I'm going to say ‑‑ sorry, guys. I would have said probably this one
01:32:41
project opened ‑‑ it kept diving into new areas. So I would have said probably to get to the point where we had the Decapinator and we were extracting data and ROM power was in existence maybe six months from starting from a hard, cold start. And
01:33:04
it wasn't as if we were working on this full time for six months. It was six months elapsed and it was a background project that was kind of ticking around. So actually, yeah, probably if you sat down and just focused on it, probably something like a month to
01:33:20
end up where we were. That's fascinating. Thanks for sharing. Thank you. Hi, guys. Great stuff. I love it. I have a question about ‑‑ it's kind of a chip implementation question. In a lot of the microcontrollers like the pigs and the atmils, there's fuse bits that the manufacturers can set, like burn your code, verify the code, blow the fuse bits and nobody else can read it. Would
01:33:41
it be possible with the Decapinator and the probes to reconnect a fuse rather than having to read all the data back out of it? Absolutely. Sweet. So in fact, a guy called Bunny Huang did ‑‑ go have a look at his blog. It was a little
01:34:02
demonstration. It was fantastic. So he hand decapped a pig chip and he masked out ‑‑ he worked out where the fuses were and realized that the fuses had been covered by a little metallic gold plate. And he realized that, okay, you're covering it with a plate
01:34:22
but there's still a passivation layer in between the plate and your actual kind of fuse which is effectively a transistor. So what he realized was, right, if I mask out all the other UV sensitive parts of the chip and I put it at an angle, I can get
01:34:43
the UV to bounce under the shield and just cook it and discharge the little transistor and he could read the data right out. So there are companies around that will go a lot further and will really dig for you.
01:35:03
And actually on a related note, we've used the Decapinator to drill a hole and then his very precious micro probes to selectively break wires and then probe on and actually feed our own data in instead of what was supposed to be coming from the other guy.
01:35:22
And the feeding machine, so we're all about getting this into the back room economy so you can do this yourselves. So where would we have got the thing that sends the data into these probed devices, do you think? Not eBay, no, we got it from Sparkfun and it cost like 30 pound and it was called a bus pirate.
01:35:48
Hi, this is amazing work, I have to say. The gentleman before me actually asked the question I was going to ask, so that's easy. But a quick comment about hydrogen fluoride. You can, an alternate source as well which is fairly safe is the stuff which
01:36:04
you use for etching glass and it's not in a gel form, it's in a cream form. I don't know if that's also usable for the same thing. Almost certainly. I hadn't come across that. I'll certainly have a look at that. That may well be a better source of it than the dental stuff.
01:36:23
I used to work in a lab where they had the real stuff and scary as an understatement in the lab of 30 people only one person was allowed it. It had its own lab which was cooled to below refrigeration temperature and not only did it have a fume cupboard the actual lab was an additional fume cupboard as well. It was just insane.
01:36:43
Is that why you got both your hands in your pockets? I don't want to talk about that. Thank you. Hi. You said CRC, right? As opposed to a more sort of secure algorithm?
01:37:03
Oh, the checksum? Yeah. The checksum was actually quite interesting and it's documented and obviously the code is available. You can go to the Aperture Labs tools page and the Mark 4 DASM is linked off there. You can download it. And if you like Python, you'll probably puke when you
01:37:22
read my code. The checksum is actually two checksums. The left‑hand byte is a left‑hand checksum and the right‑hand byte is a right‑hand checksum and they just do a slightly funny wandering algorithm that would definitely go wrong. It's just there as an assurance to make sure that the code that was ‑‑ that runs on the ‑‑
01:37:47
so they'll have a test routine that will run through and read the wrong before they blow the fuse, calculate the checksum and make sure it matches. So it's not going to try and recover any lost bits that will just say yea or nay. And the fuse is there only to disable the test routines for the chip.
01:38:03
So can you generate the CRC after the fact to make sure it's still good? Yes. In fact, the disassembler ‑‑ my disassembler will show you what was stored. The last two bytes in the ROM are the checksum and it will also recalculate and tell you what those came out as so you can see if they match.
01:38:22
Is this ‑‑ can you poke a running chip to get it to give you the checksum or is it only this stored in the end ‑‑ or ‑‑ can you get it to calculate the checksum? There is a test routine built into the chip. In fact, the chips have ‑‑ there's
01:38:41
two chunks of code. When you look at the chip, there's the chip that the customer put in and there's the chip ‑‑ sorry, the code that the customer put in and the code that the manufacturer put in ‑‑ the code that the manufacturer puts in doesn't actually ‑‑ sorry, the screen resolution is wrong so you couldn't really see what
01:39:03
that was. The code the manufacturer put in will check it for you but it then gets disabled once they have done their test. Possibly you could run it with the $25,000 emulation thing but we never got that. I was wondering if you could use it as an Oracle to glitch out parts of it as it was calculating
01:39:23
but not if you can't ‑‑ I don't think so. Nice idea. Thank you. By the way, that screen saver, did anyone recognize what that was? So again ‑‑ I don't know if it's on ‑‑ is it on the ‑‑ but in my
01:39:41
blog I have a blog about writing the Python code that went and grabbed the last frame of every episode of the big bang theory so that I could have a screen saver that has those. And the code is published and if you want to save time, so are the copyright infringing images. Brilliant work, gentlemen. I noticed that when you ran the romper program
01:40:08
you used the original non‑fluorinated versions of the chip. You didn't use the etching compound before and after. Yeah, for that image ‑‑ for that particular
01:40:23
process, we had already finished by the time Zach perfected his technique, I was already working on the original images. In fact, the reason he looked at cleaning it up was because I was having difficulty with some of the bits. It was not actually clear whether
01:40:41
it was a 1 or a 0 and I couldn't determine looking at it. So I couldn't even correct it myself because I was just guessing if it was a 1 or a 0. I don't know how much time we have left. Is there a speaker opt in here? We're the last talk so we can go as long as you guys can stand us. The last thing between you and beer is us.
01:41:03
So it will work with both, Dan. So it will work with both whether you ‑‑ Oh, yeah, yeah, absolutely. It's just how clean can you get your image. Okay. I think that was the last question anyway. So thank you. Thank you.