25C3 - 1.4.2.3
25th Chaos Communication Congress
Nothing to hide
| Referenten | |
|---|---|
|
Travis Goodspeed |
| Programm | |
|---|---|
| Tag | Day 1 (2008-12-27) |
| Raum | Saal 3 |
| Beginn | 20:30 |
| Dauer | 01:00 |
| Info | |
| ID | 2839 |
| Veranstaltungstyp | lecture |
| Track | Hacking |
| Sprache der Veranstaltung | en |
| Feedback | |
|---|---|
|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
Cracking the MSP430 BSL
Part Two
The Texas Instruments MSP430 low-power microcontroller is used in many medical, industrial, and consumer devices. When its JTAG fuse is blown, the device's firmware is kept private only a serial bootstrap loader (BSL), certain revisions of which are vulnerable to a side-channel timing analysis attack. This talk continues that from Black Hat USA by describing the speaker's adventures in creating a hardware device for exploiting this vulnerability.
While the previous part focused on the discovery of the timing vulnerability and its origin, this lecture will focus on the exploitation. Topics include a brief review of the vulnerability itself, PCB design and fabrication, the malicious stretching of timing in a bit-banged serial port, observation of timing differences on the order of a microsecond, and the hell of debugging such a device.