This document discusses exploiting hardware vulnerabilities in the ESP32 system-on-chip. The author investigates four security features: the crypto core, secure boot, flash encryption, and one-time programmable memory. Through fault injection and reverse engineering the bootROM, the author is able to bypass secure boot validation. Responsible disclosure of vulnerabilities resulted in patches from the vendor. While flash encryption proved challenging to break, the document demonstrates exploiting built-in security through physical access and hardware techniques.
The document describes the process of implementing SMP support for OpenBSD on a SGI Octane 2 machine. Key steps included restructuring per-processor data, implementing locking primitives, handling hardware aspects like spinning up secondary processors, and debugging challenges like detecting deadlocks. Debugging was made difficult by timing issues but was aided by tools like JTAG, DDB, printfs, and modifying locks to record stuck locations. Interrupts could block inter-processor communication so the clock handler was modified to re-enable interrupts during locking.
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
Second presentation of my research into reverse engineering a TomTom Runner GPS watch. In this I explain how I got running code inside an unfamiliar device and proceeded to bypass its security measures and extract firmware keys and code from the device.
More details on my personal blog, at http://grangeia.io
Presented in October 2015 at "Confraria de Segurança da Informação" in Lisbon
This document provides an overview and analysis of the Secure Enclave Processor (SEP) found in Apple devices such as the iPhone 5S. It discusses the SEP's hardware design including its dedicated ARM core and peripherals. It describes the SEP's boot process and how it communicates with the main application processor via a secure mailbox. The document outlines the SEPOS operating system used by the SEP which is based on the L4 microkernel. It analyzes aspects of the SEP's security including its memory protection mechanisms and bootloading format.
"The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors."
(Source: Black Hat USA 2016, Las Vegas)
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device.
This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried.
Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon
UPC router reverse engineering - case studyDusan Klinec
Security analysis of the UPC UBEE EVW3226 router, reverse engineering, WPA2 password generation algorithm. Statistic analysis of the password generation function is provided. Results from the wardriving.
Adventures in Femtoland: 350 Yuan for Invaluable Funarbitrarycode
GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building. Lastly, USRP retails for $700 and can intercept almost everything that you can see in 2G.
But who cares about 2G? Those who are concerned switched off of 2G. AT&T is preparing to switch off all its 2G networks by the end of 2016. Even GSMA (GSM Alliance) admitted that security through obscurity is a bad idea (referring to COMP128, A5/*, GEA algorithms and other things). 3G and LTE networks have mandatory cryptographical integrity checks for all communications, mutual authentication both for mobile devices and base station. The opportunity to analyze all protocols and cryptographical primitives due to their public availability is important.
However, the main problem is that we do not have calypso phones for 3G. We do not have cheap and ready to use devices to fuzz 3G devices over the air. Or do we? What about femtocells? Perhaps telecoms are to fast to take their guard down with security considerations embedded in 3G/4G? Users can connect to femocells. and have access the Internet on high speeds, make calls, ect.. Why don't we abuse it?
Yes, there is already research that allows you to gain control over femtocell. There is also research that allows sniffing calls and messages after gaining control. But all such solutions are not scalable. You are still bound to the telecom provider. You still have to connect to a VPN - to a core network. You have to bypass location binding and so on. Perhaps there is an easier solution? Parhaps we can create UMTS-in-a-box from readily available femtocell and have them available in large quantities without telecom-branding? We already know.
We will tell the whole story from unboxing to proof-of-concept data intercept and vulnerabilities in UMTS networks with all your favorite acronyms: HNB, SeGW, HMS, RANAP, SCTP, TR-069.
The document describes the process of implementing SMP support for OpenBSD on a SGI Octane 2 machine. Key steps included restructuring per-processor data, implementing locking primitives, handling hardware aspects like spinning up secondary processors, and debugging challenges like detecting deadlocks. Debugging was made difficult by timing issues but was aided by tools like JTAG, DDB, printfs, and modifying locks to record stuck locations. Interrupts could block inter-processor communication so the clock handler was modified to re-enable interrupts during locking.
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
Second presentation of my research into reverse engineering a TomTom Runner GPS watch. In this I explain how I got running code inside an unfamiliar device and proceeded to bypass its security measures and extract firmware keys and code from the device.
More details on my personal blog, at http://grangeia.io
Presented in October 2015 at "Confraria de Segurança da Informação" in Lisbon
This document provides an overview and analysis of the Secure Enclave Processor (SEP) found in Apple devices such as the iPhone 5S. It discusses the SEP's hardware design including its dedicated ARM core and peripherals. It describes the SEP's boot process and how it communicates with the main application processor via a secure mailbox. The document outlines the SEPOS operating system used by the SEP which is based on the L4 microkernel. It analyzes aspects of the SEP's security including its memory protection mechanisms and bootloading format.
"The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors."
(Source: Black Hat USA 2016, Las Vegas)
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
A hacker likes computers for the same reason that a child likes legos: both allow the creation of something new. However the growing trend has been to 'close up' general purpose computing into devices that serve a narrow purpose. It's been happening with games consoles, routers, smartphones, smart TV's and more recently, smartwatches. A hacker will face this trend as an additional challenge and will be even more motivated to gain control over the device.
This talk is a journey to the world of 'reverse engineering' of a device of the "Internet of Things", in this case a Tomtom Runner sports watch. The author has little previous experience in reverse engineering of embedded systems, so the talk aims to serve as an introduction to this topic, what motivations and what kind of approaches may be tried.
Presented in September 2015 at "Confraria de Segurança da Informação" in Lisbon
UPC router reverse engineering - case studyDusan Klinec
Security analysis of the UPC UBEE EVW3226 router, reverse engineering, WPA2 password generation algorithm. Statistic analysis of the password generation function is provided. Results from the wardriving.
Adventures in Femtoland: 350 Yuan for Invaluable Funarbitrarycode
GSM networks are compromised for over five years. Starting from passive sniffing of unencrypted traffic, moving to a fully compromised A5/1 encryption and then even to your own base station, we have different tools and opportunities. A Motorola phone retails for only $5 gives you the opportunity to peep into your girlfriend's calls. RTL-SDR retails for $20 which allows you to intercept all two-factor authentication in a medium-sized office building. Lastly, USRP retails for $700 and can intercept almost everything that you can see in 2G.
But who cares about 2G? Those who are concerned switched off of 2G. AT&T is preparing to switch off all its 2G networks by the end of 2016. Even GSMA (GSM Alliance) admitted that security through obscurity is a bad idea (referring to COMP128, A5/*, GEA algorithms and other things). 3G and LTE networks have mandatory cryptographical integrity checks for all communications, mutual authentication both for mobile devices and base station. The opportunity to analyze all protocols and cryptographical primitives due to their public availability is important.
However, the main problem is that we do not have calypso phones for 3G. We do not have cheap and ready to use devices to fuzz 3G devices over the air. Or do we? What about femtocells? Perhaps telecoms are to fast to take their guard down with security considerations embedded in 3G/4G? Users can connect to femocells. and have access the Internet on high speeds, make calls, ect.. Why don't we abuse it?
Yes, there is already research that allows you to gain control over femtocell. There is also research that allows sniffing calls and messages after gaining control. But all such solutions are not scalable. You are still bound to the telecom provider. You still have to connect to a VPN - to a core network. You have to bypass location binding and so on. Perhaps there is an easier solution? Parhaps we can create UMTS-in-a-box from readily available femtocell and have them available in large quantities without telecom-branding? We already know.
We will tell the whole story from unboxing to proof-of-concept data intercept and vulnerabilities in UMTS networks with all your favorite acronyms: HNB, SeGW, HMS, RANAP, SCTP, TR-069.
This document discusses security issues with microcontrollers (uCs). uCs are commonly used in devices like cars, medical implants, and infrastructure systems. The Atmel AVR8 uC architecture is examined in depth. Issues discussed include weak randomness for crypto, race conditions due to lack of concurrency controls, buffer overflows enabled by the Harvard architecture separating code and data, and attacks involving NULL pointers, uninitialized memory, and dereferencing memory beyond physical limits. Exploiting these issues could allow taking control of uC firmware to potentially manipulate connected devices and systems.
Practical reverse engineering and exploit development for AVR-based Embedded ...Alexander Bolshev
The document outlines an agenda for a training on practical firmware reversing and exploit development for AVR-based embedded devices. The training will cover: (1) an introduction to the AVR architecture through an example; (2) pre-exploitation techniques; (3) exploitation and building return-oriented programming (ROP) chains; and (4) post-exploitation tricks. It provides background information on the AVR architecture, which is used widely in embedded and IoT devices, and discusses features like memory organization, registers, interrupts, and assembly instructions. Development tools for AVR like Atmel Studio, AVR-GCC, and debuggers are also briefly mentioned.
In the time when software is so complex and rapidly changing so, the users cannot trust their own computers and smartphones to protect their secrets from attackers, more and more solutions rely on hardware to be the last measure of protection. As a result, there are a number of manufacturers developing hardware wallets which are meant to protect cryptocurrency private keys.
This talk presents a wide range of attacks, which can be successfully applied to most popular hardware wallets on the market, from app isolation bypass to fault injection attacks on the microcontroller. Additionally the talk presents secure design requirements and countermeasures making life of an attacker much more difficult, which are applicable to all kings of secure hardware devices.
Reid Wightman's presentation at AppSec DC 2012. Reid provides background and the lates on Digital Bond's Project Basecamp. New PLC exploit modules include a Stuxnet-type attack on the Modicon Quantum.
A webinar presented to the members of EUROAVIA Patras as an introduction to the Arduino microcontroller. It goes over the basics of the controllers features and capabilities, and guides the participant through their first steps of programming an Arduino using C++.
DefCon 2012 - Gaining Access to User Android DataMichael Smith
This document provides a summary of a presentation about gaining access to Android user data. The presentation discusses challenges like encryption and screen locks that prevent access. It then covers techniques for defeating bootloaders, building forensic boot images, using JTAG and serial debug cables, cracking pins and passwords, dealing with encryption, and other desperate techniques to gain access like chip-off or exploiting race conditions during updates. The goal is to provide tools and knowledge to both defend access and gain access for purposes like device seizure or digital forensics examinations.
Making and breaking security in embedded devicesYashin Mehaboobe
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
SMP Implementation for OpenBSD/sgi [Japanese Edition]Takuya ASADA
This document discusses SMP (symmetric multiprocessing) implementation for OpenBSD on SGI Octane systems. It covers setting up SMP on MIPS-based SGI Octane servers with 2 CPUs, including implementing per-processor data structures and synchronization techniques like mutexes and TLB shootdown using IPIs (inter-processor interrupts). It also demonstrates running OpenBSD/sgi in SMP mode and benchmarks showing a 44% speedup from utilizing both CPUs.
The document discusses techniques for monitoring native 64-bit API calls in 32-bit WoW64 applications running on 64-bit Windows. It describes injecting a 64-bit DLL using various methods like Wow64log.dll injection, Heaven's Gate transitions, and APC injection. It also discusses overcoming challenges like CFG validation and implementing inline hooks without dependencies on 32-bit libraries. The techniques allow deep monitoring of WoW64 processes not possible with typical user-mode hooking.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
Lyon Yang gave a presentation about exploiting IoT and embedded devices. He discussed how he became interested in embedded systems exploitation and contributed to the field. Yang explained common vulnerabilities he finds, such as stack overflows, backdoors, and exposed credentials. He demonstrated attacks like privilege escalation, command injection, and exploiting cache coherency issues. Yang provided tips for writing exploits against various architectures and overcoming challenges like bad characters and auto-restarting services.
The document discusses emulating hardware with JavaScript. It begins by introducing the speaker, Alexander Dickson, and his background. It then discusses the capabilities of modern JavaScript for emulation purposes, including canvas, Web Audio API, typed arrays, and requestAnimationFrame().
The document goes on to define what an emulator is and discusses some common emulator implementations like interpreters and just-in-time compilation. It suggests starting with a simple system like Chip-8 for beginners.
As an example system, it provides an overview of the Nintendo Entertainment System, describing its 6502 CPU, memory layout, and other components like the PPU and sound hardware. It discusses concepts like the von Neumann architecture and opcodes.
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
One Shellcode to Rule Them All: Cross-Platform ExploitationQuinn Wilton
As the internet of things becomes less a buzzword, and more a reality, we're noticing that it's growing increasingly common to see embedded software which runs across different architectures -whether that's the same router firmware running across different models, or the operating system for a smart TV being used by different manufacturers. In a world where even your toaster might have internet access, we suspect that the ability to write cross-platform shellcode is going transition from being a merely neat trick, to a viable tool for attackers.
Writing cross-platform shellcode is tough, but there's a few techniques you can use to simplify the problem. We discuss one such method, which we used to great success during the DEFCON CTF qualifiers this year.
Presented by Tinfoil Security founder Michael Borohovski and engineer Shane Wilton at Secuinside 2014, in Seoul.
https://www.tinfoilsecurity.com/blog/cross-platform-exploitation
This document provides a summary of an ESP8266 workshop covering:
- Introduction to the ESP8266 hardware and software
- Setting up ESP-01 and ESP-12 modules for development
- Flashing firmware using esptool
- Introduction to NodeMCU and Lua
- Using the ESPlorer IDE
- Examples of using buttons, LEDs, WiFi, UDP, and MQTT with the ESP8266
BlackHat 2009 - Hacking Zigbee Chips (slides)Michael Smith
This document discusses a 16-bit rootkit and second generation Zigbee chips. It describes how the rootkit works by proxying a microcontroller's interrupt vector table to gain control of incoming packets. It also examines vulnerabilities in early Zigbee chips like the EM250 and CC2430 that exposed cryptographic keys due to debug interfaces and memory layout issues. Later generations of chips aim to address these security flaws.
The document provides an overview of the hardware and software used in the Hitcon Badge 2018. It includes:
- An overview of the hardware components including the MT7697 Soc, e-paper display, button array, secure element, and other components.
- Descriptions of the software implementation including an Arduino package customized for the badge, wallet functionality using BIP32, BIP39, and BIP44 standards, and Ethereum transaction signing using the secure element.
- Explanations of the secure element usage for private key storage and transaction signing to securely implement the wallet functionality.
Building a robot with the .Net Micro FrameworkDucas Francis
This document summarizes information about building a robot using the .NET Micro Framework (NetMF). It discusses NetMF features like using Visual Studio as an IDE and programming in C#. It also reviews some NetMF compatible hardware options and provides an example of building a tank bot robot with components like a FEZ Panda II mainboard, motors, sensors and more. Code examples are provided for using digital I/O, interrupts, analog I/O and other NetMF features to control the robot.
This document provides an introduction to microcontrollers. It discusses that microcontrollers are single-chip computers that contain a CPU, RAM, EEPROM, I/O pins, and peripherals. Examples of past projects using microcontrollers include line-following robots and wireless keyboards. Microcontrollers are preferable to general purpose computers for tasks like these due to their small size, low cost, efficiency, and ease of use. The document then discusses selecting microcontrollers from popular families like AVR and PIC, and using the AVR series for this introduction. It outlines the software tools like CVAVR for coding and compiling, as well as transferring the code to the Atmega microcontroller. Finally, it provides examples of blinking an LED
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
More Related Content
Similar to eu-19-LimitedResults-Fatal-Fury-On-ESP32-Time-To-Release-Hardware-Exploits.pdf
This document discusses security issues with microcontrollers (uCs). uCs are commonly used in devices like cars, medical implants, and infrastructure systems. The Atmel AVR8 uC architecture is examined in depth. Issues discussed include weak randomness for crypto, race conditions due to lack of concurrency controls, buffer overflows enabled by the Harvard architecture separating code and data, and attacks involving NULL pointers, uninitialized memory, and dereferencing memory beyond physical limits. Exploiting these issues could allow taking control of uC firmware to potentially manipulate connected devices and systems.
Practical reverse engineering and exploit development for AVR-based Embedded ...Alexander Bolshev
The document outlines an agenda for a training on practical firmware reversing and exploit development for AVR-based embedded devices. The training will cover: (1) an introduction to the AVR architecture through an example; (2) pre-exploitation techniques; (3) exploitation and building return-oriented programming (ROP) chains; and (4) post-exploitation tricks. It provides background information on the AVR architecture, which is used widely in embedded and IoT devices, and discusses features like memory organization, registers, interrupts, and assembly instructions. Development tools for AVR like Atmel Studio, AVR-GCC, and debuggers are also briefly mentioned.
In the time when software is so complex and rapidly changing so, the users cannot trust their own computers and smartphones to protect their secrets from attackers, more and more solutions rely on hardware to be the last measure of protection. As a result, there are a number of manufacturers developing hardware wallets which are meant to protect cryptocurrency private keys.
This talk presents a wide range of attacks, which can be successfully applied to most popular hardware wallets on the market, from app isolation bypass to fault injection attacks on the microcontroller. Additionally the talk presents secure design requirements and countermeasures making life of an attacker much more difficult, which are applicable to all kings of secure hardware devices.
Reid Wightman's presentation at AppSec DC 2012. Reid provides background and the lates on Digital Bond's Project Basecamp. New PLC exploit modules include a Stuxnet-type attack on the Modicon Quantum.
A webinar presented to the members of EUROAVIA Patras as an introduction to the Arduino microcontroller. It goes over the basics of the controllers features and capabilities, and guides the participant through their first steps of programming an Arduino using C++.
DefCon 2012 - Gaining Access to User Android DataMichael Smith
This document provides a summary of a presentation about gaining access to Android user data. The presentation discusses challenges like encryption and screen locks that prevent access. It then covers techniques for defeating bootloaders, building forensic boot images, using JTAG and serial debug cables, cracking pins and passwords, dealing with encryption, and other desperate techniques to gain access like chip-off or exploiting race conditions during updates. The goal is to provide tools and knowledge to both defend access and gain access for purposes like device seizure or digital forensics examinations.
Making and breaking security in embedded devicesYashin Mehaboobe
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
SMP Implementation for OpenBSD/sgi [Japanese Edition]Takuya ASADA
This document discusses SMP (symmetric multiprocessing) implementation for OpenBSD on SGI Octane systems. It covers setting up SMP on MIPS-based SGI Octane servers with 2 CPUs, including implementing per-processor data structures and synchronization techniques like mutexes and TLB shootdown using IPIs (inter-processor interrupts). It also demonstrates running OpenBSD/sgi in SMP mode and benchmarks showing a 44% speedup from utilizing both CPUs.
The document discusses techniques for monitoring native 64-bit API calls in 32-bit WoW64 applications running on 64-bit Windows. It describes injecting a 64-bit DLL using various methods like Wow64log.dll injection, Heaven's Gate transitions, and APC injection. It also discusses overcoming challenges like CFG validation and implementing inline hooks without dependencies on 32-bit libraries. The techniques allow deep monitoring of WoW64 processes not possible with typical user-mode hooking.
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing.
Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached.
The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.
Lyon Yang gave a presentation about exploiting IoT and embedded devices. He discussed how he became interested in embedded systems exploitation and contributed to the field. Yang explained common vulnerabilities he finds, such as stack overflows, backdoors, and exposed credentials. He demonstrated attacks like privilege escalation, command injection, and exploiting cache coherency issues. Yang provided tips for writing exploits against various architectures and overcoming challenges like bad characters and auto-restarting services.
The document discusses emulating hardware with JavaScript. It begins by introducing the speaker, Alexander Dickson, and his background. It then discusses the capabilities of modern JavaScript for emulation purposes, including canvas, Web Audio API, typed arrays, and requestAnimationFrame().
The document goes on to define what an emulator is and discusses some common emulator implementations like interpreters and just-in-time compilation. It suggests starting with a simple system like Chip-8 for beginners.
As an example system, it provides an overview of the Nintendo Entertainment System, describing its 6502 CPU, memory layout, and other components like the PPU and sound hardware. It discusses concepts like the von Neumann architecture and opcodes.
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
One Shellcode to Rule Them All: Cross-Platform ExploitationQuinn Wilton
As the internet of things becomes less a buzzword, and more a reality, we're noticing that it's growing increasingly common to see embedded software which runs across different architectures -whether that's the same router firmware running across different models, or the operating system for a smart TV being used by different manufacturers. In a world where even your toaster might have internet access, we suspect that the ability to write cross-platform shellcode is going transition from being a merely neat trick, to a viable tool for attackers.
Writing cross-platform shellcode is tough, but there's a few techniques you can use to simplify the problem. We discuss one such method, which we used to great success during the DEFCON CTF qualifiers this year.
Presented by Tinfoil Security founder Michael Borohovski and engineer Shane Wilton at Secuinside 2014, in Seoul.
https://www.tinfoilsecurity.com/blog/cross-platform-exploitation
This document provides a summary of an ESP8266 workshop covering:
- Introduction to the ESP8266 hardware and software
- Setting up ESP-01 and ESP-12 modules for development
- Flashing firmware using esptool
- Introduction to NodeMCU and Lua
- Using the ESPlorer IDE
- Examples of using buttons, LEDs, WiFi, UDP, and MQTT with the ESP8266
BlackHat 2009 - Hacking Zigbee Chips (slides)Michael Smith
This document discusses a 16-bit rootkit and second generation Zigbee chips. It describes how the rootkit works by proxying a microcontroller's interrupt vector table to gain control of incoming packets. It also examines vulnerabilities in early Zigbee chips like the EM250 and CC2430 that exposed cryptographic keys due to debug interfaces and memory layout issues. Later generations of chips aim to address these security flaws.
The document provides an overview of the hardware and software used in the Hitcon Badge 2018. It includes:
- An overview of the hardware components including the MT7697 Soc, e-paper display, button array, secure element, and other components.
- Descriptions of the software implementation including an Arduino package customized for the badge, wallet functionality using BIP32, BIP39, and BIP44 standards, and Ethereum transaction signing using the secure element.
- Explanations of the secure element usage for private key storage and transaction signing to securely implement the wallet functionality.
Building a robot with the .Net Micro FrameworkDucas Francis
This document summarizes information about building a robot using the .NET Micro Framework (NetMF). It discusses NetMF features like using Visual Studio as an IDE and programming in C#. It also reviews some NetMF compatible hardware options and provides an example of building a tank bot robot with components like a FEZ Panda II mainboard, motors, sensors and more. Code examples are provided for using digital I/O, interrupts, analog I/O and other NetMF features to control the robot.
This document provides an introduction to microcontrollers. It discusses that microcontrollers are single-chip computers that contain a CPU, RAM, EEPROM, I/O pins, and peripherals. Examples of past projects using microcontrollers include line-following robots and wireless keyboards. Microcontrollers are preferable to general purpose computers for tasks like these due to their small size, low cost, efficiency, and ease of use. The document then discusses selecting microcontrollers from popular families like AVR and PIC, and using the AVR series for this introduction. It outlines the software tools like CVAVR for coding and compiling, as well as transferring the code to the Atmega microcontroller. Finally, it provides examples of blinking an LED
Similar to eu-19-LimitedResults-Fatal-Fury-On-ESP32-Time-To-Release-Hardware-Exploits.pdf (20)
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
1. ON ESP32:
TIME TO RELEASE HW EXPLOITS
1
LimitedResults
Black Hat Europe 2019
2-5 December 2019, London
2. $ whoami
•Limited
•By the Time, $$$, my Skills…
•Results
•www.LimitedResults.com
•Offensive Side
•Focus on HW, Low-Level
Vulns…
•No Affiliation
•Time to play!
2
4. The Entry Point
•Last April, I decide to break investigate into the
ESP32
•System-on-Chip (SoC) released in 2016 by Espressif
•Widely-deployed (> 100M of devices) [1]
•Wireless MCU/SoC Market leader
•Claim to have ‘State-of-the-Art’ Security
•12 years-longevity commitment
•General Use
•IoT
•Wireless peripheral
4
5. The target
•ESP32
•Techno 40nm node
•QFN 6*6, 48 pins
•Overview
•Wi-FI (2.4GHz) & BT v4.2
•Ultra Low-Power Xtensa Dual-Core
LX6
• up to 240MHz
• ROM, SRAM, no CPU caches
•GPIOs, Touch sensor, ADC…
•4 SPI, 3 UART, Ethernet…No USB
5
6. ESP32 Form Factor
• ESP32 SiP module (ESP32-WROOM-32)
• Easy to integrate in any design
• Flash storage 4MB
• FCC certified
• ESP32 Dev-Kit (Lolin ESP32)
• Micro-USB
• Power
• ttyUSB0 port
• Pin headers
• Limited Cost = 15$
6
7. ESP32 Software
•Esp-idf Dev. Framework on Github
•xtensa-esp32-elf toolchain
•Set of Python Tools (esptool)
•Good Quality of Documentation
•Datasheet and TRM available [2]
•Arduino core supported
•I don’t like pre-compiled libraries, I don’t use it
•Official Amazon AWS IoT Platform
•FreeRTOS, Mongoose OS…
7
8. Agenda Today
•Focus on Built-in Security
•Just Grep the Datasheet
•Four Points
•Crypto HW accelerator
•Secure Boot
•Flash Encryption
•OTP
•Time to pwn!
8
10. The Limited Plan
•The Context
•3 months to investigate (spare time)
•My Objective
•Break one by one the Security Features
•Physical Access Required (plausible attack scenario today)
•So, I will probably use HW Techniques
•Fault Injection, Side Channel maybe?
•Micro-soldering, PCB modification
•Reverse
•and Code Review ☺
10
11. Voltage Fault Injection
•aka Voltage glitching
•Well-known, still efficient and Low-cost FI technique nowadays
•Public ressources about voltage glitching [3][4][…]
•Perturb the Power Supply to induce a fault during critical
SW/HW operations
•Expected effects
•Skip instruction
•Data/Code modification
•Unexpected effects
•Difficult to predict/understand faults in complex CPU
architecture (due to Cache effects, Pipeline…)
11
12. Power domains inside ESP32
• 3 separate Power domains
• CPU domain shares two Power Signals
• VDD3P3_CPU && VDD3P3_RTC
• Low Drop-out regulators (LDO)
• Stabilize internal voltages
• Filter effect against glitches?
• Brownout Detector (BOD)
• « If the BOD detects a voltage drop, it will trigger a signal shutdown
and even send a message on UART »
• Able to detect glitches?
• BoD only effective on VDD_RTC
• So, I will Glitch on VDD3P3_CPU
12
13. Target Preparation
• ESP-WROOM-32 Module
• Shield is removed
• No silkscreen but Schematic available
• I remove Capacitors connected to VDD_CPU and VDD_RTC
13
14. PCB Modification
• Three steps
• Exposing the VDD_CPU trace (Pin 37)
• Cutting the trace
• Soldering the glitch output to VDD_CPU and GND
14
15. HW Setup
•Home-made Glitcher (10$)
•Based on MAX4619
•Add passive components, SMA
connectors
•Synchronised by Scope
•Triggered by Signal Generator
•USB commands to set parameters
• Delay
• Width
• Voltage
•Python scripts for full-control
•Can run during days…
15
18. Crypto-Core/
Crypto-Accelerator
•Just a peripheral to speed-up the computation
•AES, SHA, RSA…
•Why is it interesting to pwn?
•Espressif Crypto-Lib
•HW accel. used by default in MBedTLS
• MBedTLS is the ARM crypto-library (all IoT are using it)
•My Goal
•Focus on the CPU/Crypto interface (crypto-driver)
• Do not expect to find ‘pure’ Software Vulns
•Looking for vulns triggered by Fault Injection
•It is Time for Code Review
18
19. Design Weakness
•AES operation
•Datasheet
•Design Weakness
•AES_TEXT_m_REG registers used to store plaintext and also
ciphertext
•Encrypt-In-Place can be risky
•If something goes wrong during AES call, pretty sure I can
retrieve the plaintext
•Pretty cool & simple to exploit as first PoC
19
20. Vuln n*1 = AES Bypass
•Previous Weakness is confirmed
•Multiple spots to trigger
•AES start
•The while condition
•The last For loop
• PoC
•Output = Input
20
21. Vuln n*2 = AES SetKey
•Vuln to trigger
•Unprotected for loop
to load the key into
the crypto-core
•PoC
•Key zeroized
•Persistent key value
until the next
setkey()
•Nice for attacking AES
Cipher Block Chaining
Mode
21
22. Crypto-Core Conclusion
•Crypto-core does not improve security
•Six Vulns with PoCs in AES and SHA
•Espressif HwCrypto in esp-idf 4.0 (patched since)
•ARM MbedTLS v2.13.1 (patched?)
•Resp. disclosure
•No answer from Espressif & ARM during 1 month ☹
•Silent Patch attempt ☹
•BugBounty Program from ARM MBedTLS is Fake ☹
•I am was a little bit in a FURY
•…ready to pwn harder
22
24. Role of Secure Boot
•Protector of FW Authenticity
•Avoid FW modification
•Easy to flash malicious Firmware in SPI Flash
•CRC? Not sufficient sorry…
•It will Create a Chain of Trust
•BootROM to Bootloader until the App
•It Guarantees the code running on the device is
Genuine
•Will not boot if images are not properly signed
24
25. Sec. Boot during Production
•Secure Boot Key (SBK)
•SBK burned into E-Fuses BLK2
•This SBK cannot be readout or modified (R/W protected)
•Used by bootROM to perform AES-256 ECB
•ECDSA key pair
•Created by the App developer
•Priv. Key used to sign the App, Pub. Key integrated to bootloader.img
•The Bootloader Signature
•192 bytes header = 128 bytes of random + 64 bytes digest
• Digest = SHA-512(AES-256((bootloader.bin + ECDSA PK), SBK))
•Random at 0x0 in Flash Memory layout, digest at 0x80
25
26. Sec. Boot on the Field
•Boot process
•Verification Mechanisms
•BootROM (Stage 0)
• Compute Digest with SBK and compare with 64-bytes Digest at 0x80
•ECDSA verification by the Bootloader (Stage 1)
• Micro-ECC is used
•I will Focus on Stage 0
•Signature based on Symmetric Crypto
•SBK = AES-Key used to sign the bootloader (CRITICAL ASSET) stored in
E-Fuses, R/W protected
26
27. Set the Secure Boot
•Can be done automatically by ESP-IDF Framework…
•But I prefer to do it manually
•Burn the Secure Boot Key into BLK2
• $ espefuse.py burn_key secure_boot ./secure-bootloader-key-256.bin
•Burn the ABS_DONE fuse to activate the sec boot
• $ espefuse.py burn_efuse ABS_DONE_0
•E-Fuses Map
•espefuse.py summary
•Look JTAG fuse ☺
27
28. Secure boot in Action
•Signed Code (using
SBK)
•make flash, then it runs
28
•Unsigned Code (no Key)
•Flash it then Fail
•Stuck in stage0, perfect
29. Bypass the Sec.Boot
•Why?
•to have code exec
•How?
•Force ESP32 to execute my unsigned bootloader to load
my unsigned app
•Focus on BootROM
•Always Nice to exploit BootROM vulns, and always
difficult to Fix BootROM vulns
•So, I need to reverse the bootROM
•But first, I need to dump it…
29
31. BootROM Reverse
•Xtensa is ‘exotic’ arch
•registers windowing, lengths of instr…
•ISA [5]
•IDA
•ida-xtensa plugin from @themadinventor
•Secure_boot.h
•List all the ROM functions (deprecated
since…)
•Call a friend to check my mess
•@wiskitki
•At the end, not perfect but doable
•_start at 0x40000704 (as expected)
31
32. The BootROM Vuln
•After ets_secure_boot_check_finish()
•Bnei (Branch if not equal immediate)
•Depends on a10 Register storing sec_boot_check_finish()
retvalue
•I want PC jump to 0x400075C5 to execute the bootloader
32
34. Time to Pwn (for Real)
•Real Life
•JTAG is disabled
•I could not find a way to
exploit this Vuln by SW
•So, Fault Injection is
my only way here
•Simultaneous glitch on
VDD_CPU && VDD_RTC
•SPI MOSI is probed to
have a timing information
34
35. FI attempt during Boot
•Previous BootROM Reverse is helpful
• to determine Fault injection Timing
35
ZOOM
Serial glitch effect
Failed
SPI
36. Successful Sec.Boot Bypass
•CPU is jumping to the entry point,
Bootloader is executed
36
ZOOM
Serial glitch effect
Validated
SPI
38. Secure Boot Conclusion
•Secure Boot Bypass exploit
•bootROM Vuln triggered by Fault Injection
•Not persistent if Reset occurs
•No way to Fix this without ROM revision
•Resp. disclosure
•PoC sent on June 4, Posted on September 1
•Security Advisory on Sept. 2
• CVE-2019-15894 (requested by Vendor)
• Patched by Flash Encryption always enabled
• A security lab, called Riscure, found the same vuln
•Job done
38
40. Role of Flash Encryption
•Protector of FW Confidentiality
•Protect against binary Reverse
•Without FE, it is easy to
extract sensitive data
•LIFX Wi-Fi lightbulb [6]
•Firmware Encryption more and
more present Today
•Espressif recommends Secure
Boot + Flash Encryption for
maximum Security
40
41. Flash Encryption Review
•HW Enc./Dec. Block in Flash
Memory Controller
•Fetch Key from E-Fuses and
other parameters
•Decrypt/Encrypt I/D into a
Cache
•SW cannot access
•Flash Encryption Key (FEK)
•AES-Key used to decrypt the FW
• Stored in E-Fuses BLK1 (R/W
protected)
• CRITICAL ASSET (of course)
41
42. Set the Flash Encryption
•Burn the FEK into BLK1
•$ espefuse.py --port /dev/ttyUSB0
burn_key flash_encryption
my_flash_encryption_key.bin
•Activate the Flash Encryption
•$ $ espefuse.py burn_efuse
FLASH_CRYPT_CONFIG 0xf
•$ espefuse.py burn_efuse
FLASH_CRYPT_CNT
•Flash encrypted FW into ESP32
•E-Fuses Map
•Fw is encrypted
42
43. How to break Flash
Encryption?
•I did some tests (believe me…)
•Did not find particular Weakness to access the Key by SW
•Did not find a way to Attack by DFA
•My Last Hope was Side Channel Analysis to target the
Bootloader Decryption
•But my setup was too ‘limited’
•SPI bus producing a lot of Noise
•Cannot control the SPI frames properly
•I tried DPA, CPA… but not enough leakage
•One week later, no result…
43
46. Role of OTP/E-Fuses
•One-Time-Programmable (OTP) Memory based on E-Fuses in ESP32
•An e-Fuse can be ‘programmed’ just ‘One-Time’ from 0 to 1
•Once burned, no possibility to rewrite it or to wipe it
•Organisation
•EFUSE_BLK0 = ESP32 configuration
•EFUSE_BLK1 = Flash Encryption Key (FEK)
•EFUSE_BLK2 = Secure Boot Key (SBK)
•EFUSE_BLK3 = reserved for User Application
•According to Espressif, these E-Fuses are R/W protected and
cannot be readout/modified once protection bits set
•E-Fuses are managed by the E-Fuses Controller, a dedicated piece
of HW inside the ESP32
46
47. ESP32 E-Fuses Reverse
•Only two identified functions
•efuse_read and efuse_program
•Used during a ‘Special Boot mode’
•interesting…
•BootROM never touch OTP values
•It means only the E-Fuses
Controller has access to OTP
•Pure HW Process
•Has to be set before BootROM
execution
47
48. Special Boot Mode
•ESP32 in Special Boot Mode (Download_Boot)
•Management mode to Flash FW, and Set E-Fuses
•IO0 connected to GND then Power-up
•Esptool is python utility to communicate
with the ROM functions
•Dedicated commands available from UART0 to deal
with E-Fuses
•dump, program,…
48
49. E-Fuses Protection
•Any attempt to read BLK1 or BLK2 returns 0x00
•$ espefuse.py --port /dev/ttyUSB0 dump
•Identification of R/W Protection bits in BLK0
•00130180 = 00000000 00010011 00000001 1000 0000
•These two bits are the Read protect bits
49
50. Wait LR, where is the Vuln?
•I have no Vuln here sorry…
•But I know
•BootROM does not manage the E-Fuses
•Obviously, E-Fuses Controller does the job before
•Special boot mode called ‘Download_Boot’
•Read protection bits have been identified
•The idea
•Glitch the E-Fuses Controller initialization to modify the R/W
protections
•Then send Dump command in Special Mode
•Readout BLK1 (FEK) and BLK2 (SBK)
50
51. FATAL Glitch
•Simple Power Analysis to identify HW process
•Glitch during this identified activity
51
ZOOM
Serial glitch effect
Current
3V3
cmd
53. One more step
•Sadly, the dumped Keys are
not exactly True values
•Remember I burned the keys ☺
•Offline Statistical Analysis
on 30-50 dumped key values
•just Keep the most recurrent
Bytes (here SBK analysis)
•1 Byte still unknown and has
to be Brute Forced (worst
case)
•Same for FEK
53
54. FATAL Exploit step 1:
Decrypt FW
•Dump the encrypted FW
•By Download Mode or by dumping Flash
•Perform FATAL Glitch to extract FEK and SBK
•Run Statistical analysis
•Confirm the True FEK (by decrypting FW)
•Respect the bytes order in binary file
•
54
55. FATAL Exploit step 2:
Sign Your Code
•Firmware is now decrypted
•dd ivt.bin (the first 128 random
bytes at 0x00 in decrypted.bin)
•dd Bootloader.bin at 0x1000
•Confirm the true SBK
•digest computation command
•Write your Code
•a little FW backdoor maybe? ☺
•Compile images
•using FEK and SBK
•Flash new FW
55
56. OTP/EFuses FATAL Conclusion
•FATAL exploit leading to SBK and FEK extraction
•Breaking Secure Boot and Flash Encryption
•An attacker can decrypt the Firmware (and access
sensitive data)
•An attacker can sign & run his own (encrypted) code
PERSISTENTLY
•Low Cost, Low Complexity
•Easy to reproduce
•No Way to fix
•All ESP32 versions vulnerable
56
57. Vendor Reaction
•Resp. disclosure
•PoC sent on July 24
•CVE-2019-17391 (req. by Vendor)
•Posted on November 13
•Security Advisory on November 1 [7]
•No way to Fix but…you can buy the next version ☺
•Millions of vulnerable Devices on the field for
the coming years
57
58. The impact
•For Hobbyists
•Don’t worry, your ‘connected DIY device’ is safe ☺
•For Developers
•In case you are using the ESP32 security features to protect
SECRETS, you should be worried…
•FYI, I identified 3 companies using ESP32 Flash Enc. and
Sec.Boot in their products to protect their ‘business model’
•For the vendor
•Force to modify silicon to save his longevity commitment and
his reputation
•What about current devices offered for sales?
58
59. Final Conclusion
•Attacker with physical access can
compromise ESP32 security badly
•PERSISTENT Bypass of Secure Boot +
Flash Encryption
•Fix?
•No fix on current ESP32 version
•Platform is broken
•A new chip version will be released
•General Message for Vendors
•Don’t patch silently
•New Results coming soon, stay
tuned!
59
End of the game