TC7 day 2 – Hacking silicon: secrets behind the epoxy curtain

bunnie
UPDATE: Slides

This was probably my favorite talk at the conference and I hadn’t even planned on going till someone pointed out what bunnie’s previous work was. There are a couple reasons why bunnie enjoys reverse engineering silicon: It is constrained by physics, silicon is hard enough to design before thinking about security, and the chips have to be reverse engineered during the production process. He has a really interesting example on his blog of how he hacked the PIC18F1320 which will give you a good overview of the process.

Comments

  1. Stew says:

    Talk about complicated.

    Yikes.

    Sending a PIC away to MEFAS and messing with the internal parts is definitely a lazy-afternoon-grade project. :P

  2. Karl says:

    Hacking silicon may become significantly harder in the future. A while ago, there was a talk at the University of Washington on creating a truly secure chip.

    A research team at MIT has developed a way to derive a unique chip ID from the inherent variances in manufacturing. Essentially, they measure the amount of time a signal takes to propagate through a series of multiplexers. The evil genius of this scheme is that any attempts to probe the chip while it’s computing the ID will change the physical properties of the chip, and thus change the unique ID!

    You can listen to or watch the talk here: http://norfolk.cs.washington.edu/htbin-post/unrestricted/colloq/details.cgi?id=385

  3. Nate says:

    As an electrical engineer, this story about hacking a PIC was awesome. Very awesome.

  4. emre says:

    i wanna learn what does a hacker do?

  5. shadeofsound23 says:

    @emre:

    Anything they want to. Hacking is not limited to a single discipline, but to an ideal of discipline. They strive for things ranging from brilliance to “just making it work” with what they have. They tend to bend or break set rules when they do this, or stay inside the lines, depending on what needs to be done. The hacking ideal states that there are no such things as “no-win” scenarios; it is about ingenuity, cunning, knowledge, experience, and – sometimes – just a little dash of audacity.

    If you want to learn about what hackers do, just keep poking around the site. You’ll get it eventually.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,421 other followers