YoVDO

Exploitation of a Hardened MSP430-Based Device - Braden Thomas - Ekoparty Security Conference - 2014

Offered By: Ekoparty Security Conference via YouTube

Tags

Ekoparty Security Conference Courses Reverse Engineering Courses Security Research Courses Timing Attacks Courses Firmware Extraction Courses

Course Description

Overview

Explore the reverse-engineering and exploitation of a hardened MSP430-based embedded device in this Ekoparty 2014 conference talk. Delve into techniques for exploiting devices with blown JTAG fuses, reviewing past attacks against the MSP's bootstrap loader (BSL) and addressing the challenges researchers face. Learn how to reliably extract firmware from an MSP430 with a blown JTAG fuse, gain insights into reverse-engineering MSP430 firmware, and discover a software-only attack that leverages BSL features to extract sensitive data from RAM. Follow along as the speaker dissects a real estate lockbox, examines its internals, and walks through the reverse-engineering process. Understand voltage glitching and timing attacks, their results, and limitations. Investigate MSP430 JTAG security, firmware reversing techniques, and the manufacturer's crypto architecture. Conclude with discussions on brute force attempts, hardware backdoors, and potential solutions for securing embedded devices.

Syllabus

Intro
Unnamed real estate lockbox
ekey Android app
Programmed auth flow
Must access firmware
Physical access
Board photos
Internals
Reverse-engineering steps
MSP430 firmware extraction
BSL Overview
Voltage glitching attack
Results of voltage glitching
BSL timing attack
Timing attack problems
Timing attack results
Modified attack results
Timing attack conclusions
MSP430 JTAG security
MSP430 1/2/4xx fuse
MSP430 firmware reversing
Firmware reversing finds
Manufacturer's crypto architecture
Syscode Key
Third authentication mode
Brute Force
Hardware backdoor
Flash write+erase attack
Conclusions/solutions


Taught by

Ekoparty Security Conference

Related Courses

Practical Side Channel Attacks on Modern Browsers - Lecture 6
YouTube
High-Assurance Crypto Software
media.ccc.de via YouTube
AIS Exposed - Understanding Vulnerabilities and Attacks 2.0
Black Hat via YouTube
Building Trusted Systems on Top of Leaky Abstractions
Paul G. Allen School via YouTube
On the Insecurity of JavaScript Object Signing and Encryption - AppSec EU 2017
OWASP Foundation via YouTube