[Cryptech Tech] arm

Warren Kumari warren at kumari.net
Fri Jan 23 21:52:37 UTC 2015


On Tue, Jan 20, 2015 at 4:38 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Warren Kumari <warren at kumari.net> writes:
>
>>Yeah, I have one of the facedancer widgets, and wrote a Python USB fuzzer
>>that used it to twiddle the PID - I had some uncertainty about what it was
>>actually outputting, so I ran it through a Beagle USB 12 protocol analyzer --
>>which promptly freaked out and locked hard. I called that success and went to
>>have a snack. :-)
>
> It'd be interesting to use a Facedancer to see what you can do to an existing
> USB HSM like a Spyrus Lynks, I wonder whether owning the USB on that gets you
> straight onto the host CPU bus (they used to be Arm-based, so my guess is
> they're using an ARM SoC with onboard USB).

That sounds like a fun plan -- I'll try see if I can get my hands on
something like that...

At the moment I'm trying to hunt down a decommissioned networked HSM
to play with - the more interfaces, the better....
There has been lots of work on testing the security of stuff inside
the security envelope / the envelope itself, but I'd like to have a
look at all the support stuff *outside* the envelope - like pulling
firmware off the flash, looking for JTAG interfaces, etc. Basically
the types of stuff we are talking about at the moment...
Can one replace the firmware with malicious firmware, where is
validation of stuff like M of N actually implemented? etc.

 Unfortunately many people physically destroy their HSMs after
decommissioning them - yes, zeroing the keys *should* be enough, but
the added protection / theater seems to be worth it to most. This
means that finding used  / cheap ones on e.g eBay is tricky. I *may*
have a lead on a set whose batteries have expired and are not bound
for the shredder...

W
>
> Peter.



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the Tech mailing list