26C3 - 26C3 1.15
26th Chaos Communication Congress
Here be dragons
| Speakers | |
|---|---|
|
Travis Goodspeed |
| Schedule | |
|---|---|
| Day | Day 2 - 2009-12-28 |
| Room | Saal3 |
| Start time | 11:30 |
| Duration | 01:00 |
| Info | |
| ID | 3490 |
| Event type | Lecture |
| Track | Hacking |
| Language used for presentation | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
Building a Debugger
Open JTAG with Voltage Glitching
The GoodFET is an open source tool for programming microcontrollers and memories by SPI, I2C, JTAG, and a slew of vendor-proprietary protocols. In this lecture, the design of the GoodFET will be explained in detail, and various semi-proprietary protocols will be discussed in depth. Leading toward the future, methods of packet sniffing proprietary protocols will be discussed. Finally, the BadFET – a voltage glitching variant of the GoodFET – will be introduced.
This lecture begins with a brief introduction to microcontroller debugging devices, along with packet captures of each. These include asynchronous serial (UART bootloaders), synchronous serial protocols (AVR ISP, Chipcon), and JTAG (MSP430, ARM). After these have been introduced, the talk continues by showing packet captures of each as implemented on the GoodFET. Attention is also paid to the security vulnerabilities of each debugging protocol, its access controls, and methods of circumventing those access controls.
The GoodFET is the device that I used to break Chipcon's line of Zigbee SoC devices for BlackHat USA.