I'd be interested in them doing a tear down of a FIPS 140-2 Level 3 or higher hardware security module. Basically systems designed to self-wipe on detection of tampering.
Have you seen the mikeselectricstuff youtube channel ? He did a teardown of a credit card reader. The "self wipe" functionality is implemented in a fairly simple way.
HSMs are on an entirely different level compared to credit card readers.
To OP, those devices are not cheap - they run $22k from SafeNet (dependent on what model, obviously). In addition, FIPS criteria is meant to be tamper evident (not tamper resistant). SafeNet does require a special key to recover after a tamper attempt, though: http://goo.gl/RyVtFj
HSMs also vary by manufacturer. The SafeNet Luna you linked to has both tamper as the case level and tamper as the actual HSM level. If you read the FIPS documentation for the SafeNet Luna SA, it has a PCIe card inside with a cryptographic module on the card that is the core to the system. Tampering with that is ever more destructive than just opening the case.
Nice lab, guys. Love the bondage. We should work together sometime. :)
Level 3 wouldn't be a problem, that's tamper evident really. Nothing is tamper-proof for an attacker with physical access, resources and time. You're looking at Level 4 for even any kind of real serious roadblock, but even then...
If you have money to spend, spend it on an instance of the console that you are interested in, then open it up and start figuring out how it works. (Google is your friend here.)
One of the biggest barriers to learning about reverse engineering is fear of the expense of breaking the system you are working on. Being afraid of breakage makes one's exploration timid. In buying a system specifically for the purpose, you've removed the major barrier.
Pulling something apart and figuring out how it works has to be the best way to learn about engineering. Every child (and curious adult) should do it, with children having the advantage of all the time in the world to do things. As you pull lots of things apart, you begin to learn about the full spectrum of current engineering techniques, eventually ending up with the knowledge to design your own stuff.
It would be cool if there was a "Wikipedia" of reverse engineering, whereby every consumer item out there has a web of articles, and an army of the curious has fun by stripping devices down and collaboratively documenting innards to the lowest level possible. It would be extra cool if the community extended to a means of obtaining broken reverse engineering targets, that would otherwise be thrown away, or a way of spreading the cost of purchasing sacrificial devices.
Such an effort would directly feed into Free Software efforts, by providing the knowledge required to rewrite replacement software, from scratch, for the devices in our lives. (For example, Free Software for your phone's modem processor, your washing machine, your fridge, your TV, ...?) Free Software for consumer appliances will come into prominence as every appliance in our lives, and their associated sensors, joins the "Internet Of Things".
> It would be cool if there was a "Wikipedia" of reverse engineering, whereby every consumer item out there has a web of articles, and an army of the curious has fun by stripping devices down and collaboratively documenting innards to the lowest level possible.
Not to be too shameless, but I was excited to see someone else explicate the idea. A few buddies and I are building a platform for precisely that[1]. Images can be annotated with hover-over notes with linked components, and it is possible to search for things by component (ex. c:msp430). We have also been bringing e-waste to Maker Faires to give kids the opportunity to get comfortable disassembling things and identifying components and basic engineering concepts.
Nice idea. However, you might want to make it clearer what the value of your service over other services is.
I do not really see a big advantage over Flickr or Wordpress. Having a nice editor is enough, given the following issues:
It is also not clear to me how you want to earn money from this service. Therefore, I would hesitate to put my content on your site without knowing whether it will still be online in a few years, and how you will monetize my contribution.
The lack of open licensing options (Creative Commons, GNU FDL, whatever) and obvious export formats immediately put me off. I would guess a large part of your target demographic (of content creators) would be hesitant to put hard work into content that is not freely shareable and modifiable.
Given the focus of your site, this is also an interesting requirement in the TOS:
> [You agree] Not to decompile, disassemble or reverse engineer any of our software or Site;
The value is simple: It makes it easier to tell a narrative, and it is a central repository with a common goal and central theme. It is easy to bulk upload a set of images, crop, rotate, sort, and annotate them into a composite disassembly guide that includes photo notes, required tools, and a Bill of Materials of consituent components (with links to Octopart). I invite you to create a guide and see how much easier it is to document disassembly, than by using something like Flickr (which is great, but less specific in application).
As for the TOS clause, that's standard legal protection. The terms also explicitly permit derivative works within the site. We're evaluating open licenses for the future, but for now it is easier to let content owners retain copyright.
and then you find people who do writeups consisting of "And I'm gonna skip over this part, since if you don't know how to do it, you shouldn't be doing it", or "I reverse engineered X, but I'm not going to tell anyone because it would be bad if this was widespread"
(though, my personal focuses were more towards specific games (though not for uncompetitive advantage sake, the tools resulting from the RE mentioned are public n' stuff, and known by the devs for a long time now))
one of the tools was in python so it was easy enough to decompile that, but it still doesn't teach thought process or methods for finding relevant items in the code (like hooking into a function that processes in game market data so it can be saved to a text file)
TBH they may be skipping certain parts because they're afraid of the legal departments of the companies whose stuff they're reverse-engineering - iirc Sony wanted to sue everyone after the PS3 encryption key was found and published.
Such an effort would likely lead to a lot of lawsuits from multinationals like Sony. For an example, look at what happened to various members of the ps3 hacking scene.
I worked with a professional who helped decap and extract firmware from various DSPs. It was enthralling. He succeeded, too. I've also read at lengths the attempts at the hobbyist level. While also very fun, these attempts were not successful even at '90s process scales.
At the hobbyist level, you'll be dealing with fumes from nitric acid to decap chips, and getting blurry, dirty scans that only give you a basic idea on function. Go back to '80s tech and before, and you'll possibly be able to painstakingly read NAND ROM sections by hand.
At the professional level, you'll be spending up to millions of dollars on the equipment necessary to do live probing of chips at this process scale. Here you'll be able to advance the clock on your own, probe and hijack address and data bus lines and log their data constantly.
On the extreme end of security, these chips are countless layers deep and have complicated wire mesh overlays that are used to detect intrusions and self-destruct. They can be beaten, but not by anything you can do with affordable hobbyist equipment.
Contact these guys for a quote; expect it to be at least five figures to work on a single chip.
Check out Hacking the Xbox: http://www.nostarch.com/xboxfree It covers general reverse engineering techniques as well as going in depth into the original Xbox's security mechanisms.
I agree this is a good one, thanks for bringing this up.
I like how he's trying to avoid too much jargon, and really getting people to understand the subject, instead of showing off with his knowledge, which is all too common.
Basically it comes down to the fact that you can't really hide transistors and ultimately that's something you can reconstruct. It sounds like a lot of work, and it is, but if you do it you can perfectly emulate a chip.
If you can dig out non volatile memory then potentially you have the firmware. Once someone has their hands on that it'll be broken, almost guaranteed, as it becomes a software problem. Lots of people are very good at assembly hacking.
Some really cool pictures and very coy comments here.
Id love learn more about the work these guys have done in reverse engineering these systems.
Googling combinations of "WIZ Code" and "22.050Khz wobble" didn't yield anything, not even the misinformation referred to.
Possibly, although in the first of these the green thing in the middle has half a watermark on (very visible) while the rest of the watermark extends to the right, and in the second I can clearly see bondwires running from the edge of the die to something brownish in the central area.
It might be die-on-die packaged memory or something else part of the original, but I'd like to know what it is.
he's referring to the silly "you'll get your ass handed to you" tone of the post. it's ridiculously adversarial and self-aggrandizing. he might as well have written "tango down" after showing a reversed chip..
Reverse engineering silicon seems to have become the new "hacking". Everyone's doing it. Perhaps its time to come up with a term to describe the hardware equivalent of "script kiddie" ?
Yes, this here is clearly no more sophisticated than downloading some random php-file off the net and brute-forcing access to a couple of wordpress blogs. /sarcasm
To be more constructive: I don't even understand what you mean? I'd say this is more on par with implementing one's own OS kernel, than what I associate with being a "script kiddie". Sure, it's easy. Just a bit of C and assembler, and you can copy an existing design. Anyone with half a brain can do it...
If you look at the silikiddies bespoke services they are shilling customized hardware side channels. 5 Eyes Alliance already has shady engineers to do this, so I imagine all their customers are in the fields of bank fraud, insider trading and putting down rebellions in middle east Kingdoms.
