Noise Security Bit podcast #4 "On hardware evil security"



In this podcast we discuss different aspects of hardware evil security people neponaslyshke familiar with this area of activity. Overall, it was a very informative issue on the subject. It all starts with a discussion of how to start pogruzitsya this area from the beginning and ending reversing chips. We have tried to discuss a large number of destinations hardware evil security and made a list of all the topics discussed with additional ssylkami and other materials for in-depth study.

Members:
Alexander Matrosov (@matrosov)
Dmitry analysis (@nedos)
Oleg Kupreev (@090h)
Alexander Baranyk (@ABazhaniuk)
Dmitry oleksyuk (@d_olex)

MP3 file
Official site podcast
Github c Show Notes



XBox
Literature: Hacking the Xbox [pdf]
WP: XBMC
the Xecuter Modchip

TUB — Security in Telecommunications
Chaos Communications Congress

Recon
2013
2014

Vulnerabilities of different systems
WP: EMV
WP: PayTV/Conditional Access

WP: process Technology
WP: Failure Analysis
De gate
WP: Confocal microscope
WP: Netlist
WP: Registers

Types of chips
WP: ASIC
WP: VLSI
References: Weste [CMOS VLSI Design
WP: FPGA

HDL
Verilog
Vhdl
References: Verilog vs. HDL HDL Chip Design

AVR
AVR instruction set
AVR GCC

Simple tools
DP Bus pirate
Arduino

Embedded Protocols
WP: UART
WP: I2C
WP: SPI

Michael Ossmann (@michaelossmann)
KS: @mossmann
Daisho
Intdoucing Daisho

Agilent/Keysight/HP
WP: Agilent

Teledyne/LeCroy
Tektronix
Rhode Schwarz

PCI Express Protocol Analyzer

FPGA Devboards
Xilinx Spartan 6 SP605
Xilinx Virtex 6 ML605
Xilinx Vivado Design Sweet
Xilinx Chipscope Pro
Terasic DE0-nano (Recommended!!!)
Microsemi Igloo 2 Evaluation Kit (Recommended!!!)

Distributary:
Digikey
Mouser
Farnell

Development kernels
Xilinx IP
Open cores
Working AES AES to Avalon

Tools
DP ATX breakout
FTDI USB/UART
WP: Microchip PIC
DP Cool runner

Glitching DDK
Student (@rgsilva)
https://github.com/rgsilva/ddk-arm
https://github.com/rgsilva/ddk-fpga

Power Anlaysis
Timo Kasper "the Digital Milking a cash cow (29c3)"
Literature: Stefan Mangard, Power Analysis Attacks: Revealing the Secrets of Smart Cards

Microprobing/manipulation of data
Report: Chris Tarnovsky (@semiconduktor) Inducing Momentary Faults Within Secure Smartcards (DEF CON 16)
Article: Sorcer''s Apprentice Guide to Fault Attacks
Article: Oliver kömmerling is considered as, Design Principles for Tamper-Resistant Smartcard Processors
Literature: Ross Anderson, Security Engineering — Chapter 16: Physical Tamper Reistance
Article: Poc or GTFO 0x01 — Burning a phone

ISO7816
Die Datenkrake DDK @DieDatenkrake
Thorsten Schröder (@br3t)
WP: SDR
Keykeriki
Nordic Semi
USRP

Parallel computing
WP: Parallel computing
WP: pthread
WP: Pipeline

Obfuscation chips
Obfuscated Gates — SypherMedia International

Hacking Chips
Report: Olivier Thomas (@reivilo_t), Hardware Reverse-engineering Tools (REC0N 2013)
Report: Dmitry Nedospasov (@nedos), Security of the IC Backside (30c3)
Report: Chris Tarnovsky (@semiconduktor), Semiconductor Security Awareness Today and Yesterday (Blackhat 2010)
BBC Panorama — Murdoch''s TV Pirates
References: Murdoch''s Pirates

Baseband/DSP
WP: DSP
WP: Baseband Processor
Ralf-Philipp Weinmann (@esizkur), Baseband Exploitation in 2013
Analog Devices Blackfin
WP: VLIW
WP: Floating Point Unit
WP: Microcode

RF
Habr: Hacker-friendly Software-defined radio
Osmocom RTL SDR
DPS FM
HackRF
KS: HackRF
HackRF training
BladeRF
Ubertooth One
The Amphour: An Interview with Michael Ossmann
KiCAD
Cern Kicad

ARM Trustzone
Chris Tarnovsky
Chris is an excellent two-day training on Toorcon
Flylogic Blog
Wired: How to Reverse-Engineer a Satellite TV Smart Card
Twitter: @semiconduktor

WP: electron Microscope
What you need from instrumentalno and bodies to begin to delve into the topic in practice?
About equipment I highly recommend a look: EEVBlog
For a start you can go to hackspace

< 100€
DP Bus pirate
Arduino
Breadboard (prototyping Board)
cheap multimeter
DP ATX Breakout Board

< 500€
Multimeter (Extech, Amprobe, BK Precision)
Logic Analyzer (Saleae)
Soldering station (with smennymi ialomi)

< 1500€
Oscilloscope (Rigol DS2072)
=> This model hacked — all features in the software to enable key generator which is in here somewhere
Rework station (hot air soldering station poelina)
FPGA Devboard (Terasic DE0-nano)

< 2500€
Serious Multimeter (Fluke 87V)
second poelina station

< 5000€
Oscilloscope with 4 channels
the second "sereznyh" multimeter (for Example Agilent OLED)

No chapel (equipment for serious people)
LPKF Protomat s63
Ultratec ASAP-1
Teledyne LeCroy 7-Zi
Riscure Laser Station
Karl Suss Probing Station
Karl Suss PH 150
Pico Probe
New Wave Research EZLaze
Hamamatsu Phemos
FEI FIB
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

March Habrameeting in Kiev

Изображение
March Habrameeting in Kiev. More under the cut The meeting will be held on March 23, from 11:00 until 16:00 , coworking journal on Lev Tolstoy square. On Saturday (for those who are in the calendar have got): It is assumed seven reports (one specified). List of speakers: Ilya Kowalewski "What is Qt and what you can do with him", Namespace Oleksandr Krakovetskyy, "where's the money in mobile development?", sashaeve MS MVP Denis Aramov "cryptography Algorithms — everything is simple and how to use in practice for clients", working in EPAM Systems Ukraine Sergey Imirek "project management Methodology PRINCE2: overview and comparison with PMBOK", PM at Ciklum Dmitry Kostyuk, "the Creation of clouds — a personal experience", kostyukdv , technical Director of HostPro Dmitry Bulanov "the directory Service is: standard-standard tasks", hb860 MS MVP Andrew Cheredaryk "HP-UX platform fo
Далее...

PostgreSQL load testing using JMeter, Yandex.Tank and Overload

Изображение
a Few words to start so, this manual is suitable for those looking for a versatile Toolkit for testing large pool of systems and solving most problems on stress testing. This article is intended for beginners in this business, so I will try to Refine and simplify the process. Discuss briefly each of the elements in our bunch and move on to their primary installation and configuration: the Apache JMeter – load testing tool, which is able to carry out tests for JDBC connections, FTP, LDAP, SOAP, JMS, POP3, IMAP, HTTP and TCP out of the box and many other protocols and solutions using various plugins. the Yandex.Tank is a cloud – based tool for load testing uses different load generators, including and JMeter. the Yandex.OverLoad – the service for easy monitoring and analysis of servers under load. the Installation and configuration the key to success for proper installation of JMeter is the correct java installation. At this stage it is worth saying that all the manip
Далее...

Monitoring PostgreSQL with Zabbix

Изображение
PostgreSQL is a modern, dynamic DBMS with a very large set of possibilities which allow to solve a wide range of tasks. Using PostgreSQL as a rule refers to a very critical segment of the it infrastructure associated with the processing and data storage. Given the special place of the DBMS infrastructure and the criticality of tasks, the question of monitoring and appropriate control of the DBMS. In this respect, PostgreSQL has a wide internal means of collecting and storing statistics. Collected statistics allows to obtain quite a detailed picture about what is happening under the hood during operation of the DBMS. These statistics are stored in special system tables, views, and constantly updated. Performing regular SQL queries to these tables it is possible to obtain a variety of information about databases, tables, indexes and other DBMS subsystems. Below I describe the method and tools for monitoring PostgreSQL monitoring system Zabbix. I love this monitoring system becaus
Далее...