Hardware “Security” and a DMCA Takedown Notice

tektronix-autoLast week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We’ll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don’t agree that the post should be completely removed.

First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We’re operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they’ve developed you should pay for them.

The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!

An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99 perhaps this would be adequate, but Tek values these modules at $500 apiece.

If you were designing this system wouldn’t it be worth using an encryption key pair based on the serial number or some other piece of unique information? How do you think this should have been done? Leave your comment below.

[Read more...]

Cloning Tektronix Application Modules

SIM

Tektronix’s MSO2000 line of oscilloscopes are great tools, and with the addition of a few ‘application modules’, can do some pretty interesting tasks: decoding serial protocols, embedded protocols like I2C and SPI, and automotive protocols like CAN and LIN. While testing out his MSO2012B, [jm] really liked the (limited time) demo of the I2C decoder, but figured it wasn’t worth the $500 price the application module sells for. No matter, because it’s just some data on a cheap 24c08 EEPROM, and with a little bit of PCB design <<removed because of DMCA takedown>>

The application module Tektronix are selling is simply just a small EEPROM loaded up with an <<removed because of DMCA takedown>>. By writing this value to a $0.25 EEPROM, [jm] can enable two applications. The only problem was getting his scope to read the EEPROM: a problem easily solved with a custom board.

The board [jm] designed <<removed because of DMCA takedown>>, with the only additional components needed being an EEPROM, a set of contacts for reading a SIM card, and a little bit of plastic glued onto the back of the board for proper spacing.

UPDATE: Learn about the DMCA Takedown Notice that prompted this post to be altered: http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/

Write an essay, win a Tektronix scope

tektronix_scope_giveaway

Want a new scope for your hacking pleasures? How about one that rings in at $3650? That price tag makes us cringe, which is why we’re working on our 1k word essay to win one. The Tektronix MSO2024B pictured above is the top scope in its family and there’s more than enough features to start the drool flowing. Need more motivation? Check out the demo/advertising video below which walks through an overview of what the scope has to offer.

The contest — sponsored by EETimes and Tektronix — seeks to reward the best story about fixing a product that was disappointing on delivery but awesome when you got done hacking on it. Your thousand words or less are due by October 26th along with a fifty word bio about yourself, with the winner announced on Halloween. Be warned, you must register an account to qualify But we hit their daily article viewing limit while writing this post so you may need to log in just to read about the contest. Or clear their cookies… we are a hacking website after all.

They’re only giving away one scope. So don’t put this one off. Start polishing your totally bogus legit story about how you fixed something using mad engineering skills.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 93,968 other followers