Your SlideShare is downloading. ×
0
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Dmitry Nedospasov, Thorsten Schreder. Let the Hardware Do All the Work: Adding Programmable Logic to Your Toolbox.

400

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
400
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Let the Hardware doall the WorkPHDays 2013, МоскваDmitry Nedospasov, Thorsten Schröder
  • 2. About usDmitry Nedospasov• PhD Student TU BerlinThorsten Schröder• Founder, modzero AG
  • 3. LeCroy 7-Zi MSO120,000€
  • 4. MicrocontrollerSource: Arduino Project
  • 5. Microcontroller• Real-time analysis.• High-level programming languages.• Cheap.• Integrated interfaces for embeddedprotocols.
  • 6. ArduinoSource: Arduino Project25€
  • 7. GoodFETSource: GoodFET Project15€*
  • 8. BusPirateSource: http://en.wikipedia.org/wiki/File:Bus_pirate_v3a.jpg25€
  • 9. FPGASource: Xilinx
  • 10. Field Programmable Gate Array• Reprogrammablelogic.• Logic simultaneously“executes” in a singleclock cycle.• Embedded memoriesfor data buffering.Source: http://commons.wikimedia.org/wiki/File:LEGO_Bits_Box_2.jpg
  • 11. Xilinx ML605Source: Xilinx2,500€
  • 12. Xilinx SP605Source: Xilinx700€
  • 13. When in doubt...
  • 14. SASEBOSource: Digilent2,000€
  • 15. Terasic DE NanoSource: Terasic80€
  • 16. MojoSource: Embedded Micro50€
  • 17. Die Datenkrake<100€
  • 18. Die Datenkrake• Open-Source Hardware & Software• User friendly interfaces and connectors• Test pads, breakout of GPIO pins(terminated & unterminated),bread-boardable• Firmware & bitstream updates of theDDK via USB serial interface
  • 19. Die Datenkrake• NXP LPC1765 ARM Cortex-M3microcontroller- 100 MHz, 512kB Flash ROM, 64kB RAM• Microsemi Actel A3PN125 FPGA- 125k system gates, 36 kbit SRAM, 71 IO• FTDI FT230X Serial-USB converter- 3Mbaud
  • 20. Microcontroller• Controls FPGA power and reset• Controls buffer power• Provides clock for FPGA• Interfaces to the user/PC• IEEE1532 ISP of FPGA
  • 21. FPGA• 3 UARTs / 6 GPIO interfacing the µCfor data exchange• 16bit parallel bus interfacing the µCfor data and command exchange• 56 general purpose 3.3/5V tolerant,terminated I/O for interfacing yourtargets
  • 22. Die Datenkrake
  • 23. Die Datenkrake
  • 24. Die Datenkrake
  • 25. Die Datenkrake
  • 26. Die DatenkrakeARMFPGAHeadersHeadersBufBufBufBufBufBufBufBufCH5CH6CH7CH8 CH1CH4CH3CH2USB
  • 27. Targets
  • 28. Hardware Fuzzing• Fuzzing multiple hardware instances.• Determine the current state of the target.• Example application: concurrent monitoringof embedded linux devices via serial interface(Odroid-U2)• Crash detection, target device reset andlogging (FIFO memory).• Multiplexing signals to the device.
  • 29. chXu1u2rst1tx1rx1rst2tx2rx2Figure 1: Odroid channel moduleHardware Fuzzing
  • 30. Hardware Glitching• Transient, non-invasive fault injection (rise &hold-time violations).• Attacks a single clock cycle. May cause"incorrect" values to be loaded into registers ormemory locations.• Require precise timing on the order offractions of clock-cycles of the target.• Two common forms: Voltage supply and clockglitching.
  • 31. Clock Glitching• Alter the clock period during execution.• Results in incorrect intermediate valuesas the result is sampled too early.• DDK includes PLLs, frequency dividersand multiple global clock signals.• Multiple clock frequencies can begenerated (i.e. 20ns, 10ns ...).
  • 32. Hardware Glitchingin-ges,se-im-rialperesetsixcesour-U2. Inhar-ncehinuto-dulechXsmartcardmvccmgndvccgndoeclkrstI/Os1s2vccvglitchvglitchFigure 2: Hardware GlitcherSecure systems are susceptible to several classes of
  • 33. Software Defined Radio• Utilize digital RF transceivers with a digitalserial output of data.• Multiple transceivers and multipleconfigurations can be monitoredsimultaneously.• Only certain parts of the payload are ofinterest while others can be discarded.• Protocol decoding must keep up with the datarate of the target.
  • 34. Software Defined Radio• Example: Keykeriki - Difficulties &challenges• 2.4GHz Nordic Semiconductor NRF24family• Enhanced Shockburst protocol• 2Mbit/s RF (2MHz = 500ns per bit)
  • 35. Software Defined RadiochX RFmodecsscksdiogioFigure 4: A7125/RF channel module
  • 36. Acknowledgements• Joachim Steiger (roh)• Daniel Mack• Jonas Hilt• Felix von Leitner (Фефе)• Hugo Fortier
  • 37. Rec0n Training• http://recon.cx• 4-Day training• Datenkrake!1!!!• Oscilloscopes!!!
  • 38. Questions?
  • 39. Thanks!http://datenkrake.org@diedatenkrakeDmitry Nedospasovhttp://nedos.net@nedosThorsten Schröderhttp://modzero.ch@br3t

×