about us
play

About us Dmitry Nedospasov PhD Student TU Berlin Thorsten - PowerPoint PPT Presentation

Oct 30, 2023 •425 likes •849 views

Keep your tentacles off my bus: Introducing Die Datenkrake. REcon 2013, Montral Dmitry Nedospasov, Thorsten Schrder About us Dmitry Nedospasov PhD Student TU Berlin Thorsten Schrder Founder, modzero AG

  1. Keep your tentacles off my bus: Introducing Die Datenkrake. REcon 2013, Montréal Dmitry Nedospasov, Thorsten Schröder �������

  2. About us Dmitry Nedospasov • PhD Student TU Berlin Thorsten Schröder • Founder, modzero AG �������

  3. Voiding Warranty �������

  4. Tools �������

  5. LeCroy 7-Zi MSO Picoscope (4000) Read-Only Devices �������

  6. Source: http://en.wikipedia.org/wiki/File:Bus_pirate_v3a.jpg Source: GoodFET Project Source: Arduino Project GoodFET BusPirate Arduino µController �������

  7. Source: Xilinx F eld p rogrammierbare G atter a nordnungen �������

  8. But wait... There are even more FPGA boards. �������

  9. Source: Digilent Source: Embedded Micro SASEBO Mojo Source: http://commons.wikimedia.org/wiki/File:LEGO_Bits_Box_2.jpg F eld p rogrammierbare G atter a nordnungen �������

  10. When in doubt... �������

  11. Trigger-Warning the following slide may contain traces of rainbows. �������

  12. Die Datenkrake �������

  13. DDK Hardware • Open-Source Hardware & Software • User friendly interfaces and connectors • Test pads, breakout of GPIO pins • Terminated & unterminated • Bread-boardable • Firmware & bitstream updates via USB serial interface �������

  14. DDK Hardware • NXP LPC1765 ARM Cortex-M3 microcontroller - 100 MHz, 256kB Flash ROM, 64kB RAM • Microsemi Actel A3PN125 FPGA - 125k system gates, 36 kbit SRAM, 71 IO • FTDI FT230X Serial-USB converter - 3Mbaud �������

  15. DDK Hardware • µControler • Controls FPGA power and reset • Controls buffer power • Provides clock for FPGA • IEEE1532 ISP of FPGA �������

  16. DDK Hardware • FPGA • 3 UARTs / 6 GPIO interfacing the µC for data exchange • 16bit parallel bus interfacing the µC for data and command exchange • 56 general purpose 3.3/5V tolerant, terminated I/O for interfacing your targets �������

  17. �������

  18. Die Datenkrake �������

  19. DDK Software • µController • FreeRTOS Realtime Operating System • Command Line Interface via USB �������

  20. �������

  21. DDK Logic • Released / public version provides basic bit-banging and comm- modules • Wishbone Bus to easily connect custom modules • Compatible to most Wishbone compatible cores �������

  22. DDK Logic uart tx wb clk i uart tx rst i clk rst stb i stb i dout dout txi we i we i 4 adr i[3:0] adr i[3:0] 8 8 en dat i[7:0] dat i[7:0] dat o[7:0] dat o[7:0] rdy data out[7:0] en 8 rdy data[7:0] Example: Connecting a UART TX module to the Wishbone �������

  23. Targets �������

  24. Hardware Fuzzing • Fuzzing multiple hardware instances. • Determine the current state of the target. • Concurrent monitoring of embedded linux devices via serial interface • Crash detection, target device reset and logging. • Multiplexing signals to the device. �������

  25. Odroid-U2 • Shout out @miaubiz • 1.8V UART • 5V/2A wall wart • Single UART, multiplexed to all of the devices. • Automatic crash detection. • Background logging (FIFO memory). �������

  26. rst1 tx1 u1 rx1 chX rst2 tx2 u2 rx2 Hardware Fuzzing �������

  27. Hardware Glitching • Introducing transient, non-invasive faults (rise & hold-time violations). • Attacks a single clock cycle. May cause "incorrect" values to be loaded into registers or memory locations. • Require precise timing on the order of fractions of clock-cycles of the target. • Two common forms: Voltage supply and clock glitching. �������

  28. Register-Transfer Layer D Q D Q clk clk �������

  29. Hardware Glitching • Alter the clock period during execution resulting in incorrect intermediate values. • Drop the voltage, corrupt read and write operations to memory. • DDK includes PLLs, frequency dividers and multiple global clock signals. • Multiple clock frequencies can be generated (i.e. 20ns, 10ns ...). • FPGA I/O pins are directly accessible. �������

  30. v cc m v cc v glitch oe v cc clk rst smartcard chX I/O gnd s1 s2 m gnd v glitch Hardwareglitschen �������

  31. Software Defined Radio • Utilize digital RF transceivers with a digital serial output of data. • Multiple transceivers and multiple configurations can be monitored simultaneously. • Only certain parts of the payload are of interest while others can be discarded. • Protocol decoding must keep up with the data rate of the target. �������

  32. Software Defined Radio • Example: Keykeriki - Difficulties & challenges • 2.4GHz Nordic Semiconductor NRF24 family • Enhanced Shockburst protocol • 2Mbit/s RF (2MHz = 500ns per bit) �������

  33. Typical SDR �������� � ����� � ��������� �������� � ����� � ��������� ������� ����� � ��� ����� � ��� ������� � ������ � ���� ������������ � ��������� ������� ����� � ����� � ���� ����� � ��� ����� � ��� �������� � ������ � ���� ���������� � �������� ������� Source: http://userver.ftw.at/~valerio/ fi les/SDRreport.pdf

  34. Example: Nordic Semi �������

  35. mode cs sck sdio chX RF gio Software Defined Radio �������

  36. Die Datenkrake - Release github.com/ddk www.gnu.org/licenses/gpl-2.0.txt �������

  37. Acknowledgements • Daniel Mack , Joachim Steiger, Jonas Hilt, Felix von Leitner • Hugo Fortier, Sam, Eric Preston and the REcon 2013 crew! • Colleagues at SECT & modzero AG • Microsemi Corporation - http://www.microsemi.com/ �������

  38. Get Schooled • We had a Datenkraken Hardware-Hacking Training already: • pREcon 2013 (Berlin) • REcon 2013 (Montréal) • There will be trainings: • RUXCON/Breakpoint 2013 (Melbourne) • On demand... �������

  39. Logo Contest �������

  40. Questions? �������

  41. Thanks! http://datenkrake.org @diedatenkrake Thorsten Schröder Dmitry Nedospasov http://modzero.ch http://nedos.net @br3t @nedos �������

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Arrays and References 19 February 2019 OSU CSE 1 The Original (Partial) Story An array is a

Arrays and References 19 February 2019 OSU CSE 1 The Original (Partial) Story An array is a

Arrays and References 19 February 2019 OSU CSE 1 The Original (Partial) Story An array is a group of similar variables, all of the same type, and with systematically related names that involve special syntax using [] Each array

346 views • 11 slides
CS for Insight We don't have words strong enough to describe this class. Wally Wart, a protrusive

CS for Insight We don't have words strong enough to describe this class. Wally Wart, a protrusive

Welcome to IST338 ! CS for Insight We don't have words strong enough to describe this class. Wally Wart, a protrusive advocate of concrete - US News and Course Report computing Everyone will get out of this course a lot! - NYTimes Review

533 views • 42 slides
Large Scale Measurement Machinery ArkQueue and Scamper Tools Justin P. Rohrer Robert Beverly

Large Scale Measurement Machinery ArkQueue and Scamper Tools Justin P. Rohrer Robert Beverly

Large Scale Measurement Machinery ArkQueue and Scamper Tools Justin P. Rohrer Robert Beverly Center for Measurement and Analysis of Network Data @NPS {jprohrer,rbeverly}@nps.edu March 31, 2015 Outline Introduction ArkQueue Scamper

772 views • 33 slides
SONOS COM. CE Presentation UCSB Capstone Team 1 Our Team MEs : Kyle Li, Yang Xue, Kenny Wang,

SONOS COM. CE Presentation UCSB Capstone Team 1 Our Team MEs : Kyle Li, Yang Xue, Kenny Wang,

SONOS COM. CE Presentation UCSB Capstone Team 1 Our Team MEs : Kyle Li, Yang Xue, Kenny Wang, Kayden Sung, Yubin Liu EEs : Yiqin Wang, Luke Bucklew, Jianyang Lu CEs : Subho Choudhury, Richard Wei, Mohammad Cazi, Brian Sandler, Brenden

633 views • 61 slides
West Houston Bible Church (Dynasty 12) Ur (Mesopotamia) Negev (Canaan) Beer-lahai-roi (Canaan)

West Houston Bible Church (Dynasty 12) Ur (Mesopotamia) Negev (Canaan) Beer-lahai-roi (Canaan)

West Houston Bible Church (Dynasty 12) Ur (Mesopotamia) Negev (Canaan) Beer-lahai-roi (Canaan) Paddan-aram (Mesopotamia) Lahun (Egypt) Lahun (Egypt) hZ"xua] ~h,l' !TeYIw: wyx'a,-ta,w> wybia'-ta, @seAy bveAYw: 47.11 47.11 Now Joseph

457 views • 29 slides
CAFAna for DUNE DUNE LBL/ND meeting Christopher Backhouse California Institute of Technology

CAFAna for DUNE DUNE LBL/ND meeting Christopher Backhouse California Institute of Technology

CAFAna for DUNE DUNE LBL/ND meeting Christopher Backhouse California Institute of Technology April 20, 2017 C. Backhouse (Caltech) CAFAna April 20, 2017 1 / 15 What is CAFAna? Used by e + +NC analysis groups in NOvA + several

284 views • 15 slides
HTCondor Python Bindings Tutorial Brian Bockelman HTCondor Week 2019 HTCondor Clients in 2012

HTCondor Python Bindings Tutorial Brian Bockelman HTCondor Week 2019 HTCondor Clients in 2012

HTCondor Python Bindings Tutorial Brian Bockelman HTCondor Week 2019 HTCondor Clients in 2012 Command Line Clients SOAP Clients Something Missing Fully Featured! Features! (Some) In Requires fork/exec and process Language agnostic

357 views • 10 slides
Ethical considerations in handling HIV prevention research protocols Brandon Brown Director of

Ethical considerations in handling HIV prevention research protocols Brandon Brown Director of

Ethical considerations in handling HIV prevention research protocols Brandon Brown Director of GHREAT UC Irvine Program in Public Health Irvine, CA USA 1 Discussion Points Issues in engaging participants in HIV 1. prevention research

291 views • 16 slides
I e v o L o t g n i n r a e L I I t p i r c S a v a J I Iby Tara

I e v o L o t g n i n r a e L I I t p i r c S a v a J I Iby Tara

I e v o L o t g n i n r a e L I I t p i r c S a v a J I Iby Tara VancilI September 13, 2019 Strange Loop, St. Louis MO Todays schedule I will talk at you for 40 minutes. Im sorry. Please save your questions

528 views • 42 slides
Womens Health Research Centre The rights of indigenous peoples- reducing the burden of HPV

Womens Health Research Centre The rights of indigenous peoples- reducing the burden of HPV

Womens Health Research Centre The rights of indigenous peoples- reducing the burden of HPV disease HPV is the main cause cervical cancer and genital warts and is associated with cancers of the anus, oropharynx, penis, vagina and vulva.

166 views • 3 slides
Road Cycling Landon Boyd March 27, 2009 The World of Cycling Commuting Touring Recumbents

Road Cycling Landon Boyd March 27, 2009 The World of Cycling Commuting Touring Recumbents

An Undistinguished Look at... Road Cycling Landon Boyd March 27, 2009 The World of Cycling Commuting Touring Recumbents Messengers Randonneurs Alley Cats Goldsprints Cyclocross Bike Polo Road Racing Fixed Gear Freestyle Triathlon

596 views • 24 slides
1 Kenmore Baptist Church Manuscript 21/8/11 AM/PM (LOGOS) SENT: Is Christian Mission Good for the

1 Kenmore Baptist Church Manuscript 21/8/11 AM/PM (LOGOS) SENT: Is Christian Mission Good for the

1 Kenmore Baptist Church Manuscript 21/8/11 AM/PM (LOGOS) SENT: Is Christian Mission Good for the World? 1 [OPENING DRAMA: Mission Under the Microscope CD Voice-over Pause where indicated [2sec break on CD b/n tracks] as Sue and Chris

208 views • 20 slides
Romans 8 Jesus Rescued us from Death (31-32) Who delivered Jesus to die? Not Judas, for

Romans 8 Jesus Rescued us from Death (31-32) Who delivered Jesus to die? Not Judas, for

Romans 8 Jesus Rescued us from Death (31-32) Who delivered Jesus to die? Not Judas, for money; not Pilate for fear; nor the Jews, for envy; - but the Father, for love. Jesus Rescued us from Death (31-32) Octavius Winslow Jesus Rescued us

310 views • 15 slides
Webers Electrodynamics A. K. T. Assis University of Campinas Brazil

Webers Electrodynamics A. K. T. Assis University of Campinas Brazil

Webers Electrodynamics A. K. T. Assis University of Campinas Brazil www.ifi.unicamp.br/~assis Maxwells equations (1861 -64) E Gausss law B 0 There are no magnetic monopoles

540 views • 30 slides
Office Hours: COVID-19 Planning and Response March 20, 2020 Logistics for Today All

Office Hours: COVID-19 Planning and Response March 20, 2020 Logistics for Today All

Office Hours: COVID-19 Planning and Response March 20, 2020 Logistics for Today All participants are muted and will remain muted for the duration of the webinar Connect with us during the webinar through Q&A to ask questions, or

308 views • 20 slides
Office Hours: COVID-19 Planning and Response July 24, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response July 24, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response July 24, 2020 Housekeeping A recording of todays session, along with the slide deck and a copy of the Chat and Q&A content will be posted to the HUD Exchange within 2-3 business days

1.2k views • 38 slides
Successful PCT Grant Application March 27, 2020 Wendy Weber, ND, PhD, MPH National Center for

Successful PCT Grant Application March 27, 2020 Wendy Weber, ND, PhD, MPH National Center for

Living Textbook Grand Rounds Series Tips for Putting Together a Successful PCT Grant Application March 27, 2020 Wendy Weber, ND, PhD, MPH National Center for Complementary and Integrative Health (NCCIH) Agenda Confirm PCT is the best

346 views • 22 slides
ENERGY STAR Connected Thermostats Stakeholder Working Meeting March 08, 2019 1 Attendees

ENERGY STAR Connected Thermostats Stakeholder Working Meeting March 08, 2019 1 Attendees

ENERGY STAR Connected Thermostats Stakeholder Working Meeting March 08, 2019 1 Attendees Abigail Daken, EPA Charles Kim, SCE Dan Baldewicz, ICF for EPA Michael Fournier, Hydro Quebec Alan Meier, LBNL Ed Pike, Energy Solutions for CA IOUs

561 views • 37 slides
Probing the Universe with Gravitational Waves R.Weiss, MIT on behalf of the LIGO Scientific

Probing the Universe with Gravitational Waves R.Weiss, MIT on behalf of the LIGO Scientific

Probing the Universe with Gravitational Waves R.Weiss, MIT on behalf of the LIGO Scientific Collaboration International Congress on Mathematical Physics Montreal, Canada, July 23, 2018 Gravitational waves Einstein 1916 and 1918 Sources:

897 views • 51 slides
State of the State Information Literacy Instruction Across the State of Utah Anne Diekema, Cait

State of the State Information Literacy Instruction Across the State of Utah Anne Diekema, Cait

State of the State Information Literacy Instruction Across the State of Utah Anne Diekema, Cait Gerrity, Paula Mitchell, & Phil Roch Southern Utah University Introduction Outline Reasons for this study The information literacy

672 views • 42 slides
Attention, Psychological Bias, and Social Interactions David Hirshleifer Finance Theory Group

Attention, Psychological Bias, and Social Interactions David Hirshleifer Finance Theory Group

Attention, Psychological Bias, and Social Interactions David Hirshleifer Finance Theory Group Summer School June 2019 Wharton School Limited Attention Limited attention Environment provides Cognitive processing power limited

1.13k views • 112 slides
ted : a Stata Command for Testing Stability of Regression Discontinuity Models Giovanni Cerulli

ted : a Stata Command for Testing Stability of Regression Discontinuity Models Giovanni Cerulli

ted : a Stata Command for Testing Stability of Regression Discontinuity Models Giovanni Cerulli IRCrES, Research Institute on Sustainable Economic Growth National Research Council of Italy 2016 Stata Conference Chicago, Illinois July 2829

597 views • 41 slides
Clean Fuels for Road Public Transport Ulrich Weber, UITP-EuroTeam UITP Report on Clean Fuels for

Clean Fuels for Road Public Transport Ulrich Weber, UITP-EuroTeam UITP Report on Clean Fuels for

DG Environment Workshop on Clean Buses and other Captive Fleets 14 January 2005 Clean Fuels for Road Public Transport Ulrich Weber, UITP-EuroTeam UITP Report on Clean Fuels for Road Public Transport (2004) Clean fuels for road public transport

339 views • 15 slides
Learning to Search with MCTSnets Minghan Li Ignavier Ng Motivation of MCTSnet MCTS is

Learning to Search with MCTSnets Minghan Li Ignavier Ng Motivation of MCTSnet MCTS is

Learning to Search with MCTSnets Minghan Li Ignavier Ng Motivation of MCTSnet MCTS is non-differentiable, which is difficult to optimize Keep algorithmic skeleton of MCTS, identify subcomponents, parametrize and optimize them

584 views • 30 slides

More recommend