New Bling For Shmoocon!


[Eliot] and I are in D.C. at Shmoocon for the weekend. We’re armed with the latest Hack-A-Day sticker. Find us here and we’ll hook you up. Right now we’re checking out [H1kari]’s talk on using FPGA’s for high speed encryption key cracking. By using dedicated FPGA hardware, they’re smoking dual core Intel’s left and right for the calculations. He also talked about an interesting application called VileFault – it takes in a certain fruit vendors encrypted FS and spits out a decrypted image – once you’ve cracked the pass phrase. (Guess what makes finding that key way faster.) Now he’s getting into brute forcing bluetooth pins…

[Update so I don’t run off the page…]

The con’s first round of talks was pretty interesting. I definitely enjoyed the keynote by [Aviel Rubin]. He discussed his teams efforts to crack the Exxon Mobil Speedpass, which happens to be the same technology that’s used to RF disable several newer cars. They used some FPGA in a similar manner as [H1kari] – to speedily decrypt the encryption keys. The defeat of the Speedpass is pretty old news, but it was heartening to hear how Johns Hopkins University stood behind his team and was happy to saddle up their lawyers in dealing with the release of their paper.

The boys over at team hack-a-day – our unofficial Folding@home team (#44851) asked me to remind people that the PS3 folding client has been released – give those spare cpu cycles a home! The team has their own forums that hold quite a few gems. Not the least of with is a handy DXF of the Hack-a-day (and team Hack-A-Day) logo.

15 thoughts on “New Bling For Shmoocon!

  1. My 96 Honda Prelude had a transponder chip key stock..Not exactly “newer cars.” Interesting because the Acura Integra didn’t get chip a key till 2001 when bills started being passed in congress.

    I think the Corvette got a TI based chip key in the late 80’s. GM also used PASSKEY 1 and 2 which was resistor based and was a no brainer to bypass.

    If you wanted to save some time you could just buy a cloner and key blank. In CA chop shops they get the VIN for a target car and just get there professional mechanic buddies to get the pre-cut blade and code the transponder with an in shop cloner.

    The FPGA encryption cracking is cool, but backpacking an FPGA array around wouldn’t be practical for a thief.

    Has anyone ever done FPGA tests on other ciphers like A5 or triple DES?

  2. #8: I don’t see how backpacking a FPGA around would be impractical, as my 500K gate FPGA is barely an inch square – and that is probably overkill for this application. You might need some buttons and an LCD, though :)

  3. #10 They where using an FPGA array hence it being impractical. Not sure what cores the FPGA’s used but you could be right. They might have been able to use a single board with a faster core.

    Also I followed there research for a few years. I seem to remember them being forced to remove details from there site not even a year ago by some corporate lawyers. That’s why I stopped paying there research any attention.

    Also the transponder ECM system is the best security measure out there currently; even better than rolling code systems. They’ll have to go back to the drawing table if the transponder chip ECM system becomes too easy to crack.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.