29C3 - Version 1.9


Karsten Nohl
Day Day 3 - 2012-12-29
Room Saal 4
Start time 18:30
Duration 01:00
ID 5124
Event type Lecture
Language used for presentation English

Low-Cost Chip Microprobing

Security is moving deeper into hardware and so should security research. This talks introduces microprobing, an old technique for snooping on data inside chips, and details a low-cost probing setup.

Hardened security chips protect secrets in an astonishing range of applications from payment and ID cards to car controllers to DRM-enabled gadgets like your smartphone. Extracting a device's firmware for analysis is not always feasible using software tools. This talk looks into a generic intrusive method to extracting code from silicon chips.

We discuss both the physical extraction setup and glitching tricks to make the chip spill out its entire content. On the physical setup, we look at documented attacks on smart card chip, derive a simplified setup for 'home laboratories', and touch on upcoming attack potential through advanced microprobing.

On the topic of chip glitching, we reiterate over the good old 'linear code extraction' attack that tricks the chip into accessing all corners of its memories.

The talk provides an introduction to aspiring chip hackers as much as a warning to solution designers that too much rely on hardware protection.

Archived page - Impressum/Datenschutz