Turning A Teensy Into A Better U2F Key

A few days ago, we saw a project that used a Teensy to build a Universal 2nd Factor (U2F) key. While this project was just an experiment in how to implement U2F on any ‘ol microcontroller, and the creator admitted it wasn’t very secure, the comments for that post said otherwise: “making your own thing is the ONLY way to be secure,” read the comments.

In a stunning turn of events, writing comments on a blog post doesn’t mean you know what you’re talking about. It turns out, to perform a security analysis of a system, you need to look at the code. Shocking, yes, but [makomk] took a good, hard look at the code and found it was horribly broken.

The critical error of the Teensy U2F key crypto is simply how U2F is performed. During authentication, the device sends the U2F key handle to whatever service is trying to authenticating it. Because the key in the Teensy implementation is only ‘encrypted’ with XOR, it only takes 256 signing requests to recover the private key.

The original experimentation with using the Teensy as a U2F key was an educational endeavor, and it was never meant to be used by anyone. The attack on this small lesson in security is interesting, though, and [makomk] wrote a proof of concept that demonstrates his attack. This could be used to perform attacks from a remote server, but hopefully that won’t happen, because the original code should never be used in the wild.

Create a Full Adder Using the C Preprocessor


[Phillip] wanted to play with the C preprocessor. He decided to do that by creating a 4 bit full adder. We know this is pretty useless in everyday life, but it was a great learning experience. The beauty of this adder is right at the start. [Phillip] defines truth tables for XOR and AND. He’s able to then create strings that reference these truth tables.
For example: the first line of [Phillip’s] AND table is #define AND_00 0. If the preprocessor concatenates strings that equal “AND_00” they will then be converted to 0. This is the groundwork for the half adder .

The next step is the operational logic, which of course falls upon macros:

/* Full adder macros */
/* Out = (A ^ B) ^ cin */
#define FULL_ADD_OUT( a, b, cin ) \
 XOR( XOR( a, b ), cin )

/* Carry_out = (A & B) ^ (Carry_in & (A ^ B)) */
/* The standard adder uses OR for the last 'gate' - this
 can safely be changed  to XOR, which has been done here
 to avoid defining an OR operator */
#define FULL_ADD_CARRY( a, b, cin ) \
 XOR( AND( XOR( a, b ), cin ), AND( a, b ) )

Continue reading “Create a Full Adder Using the C Preprocessor”

Hardware XOR for output pins on AVR microcontrollers

Did you know that most AVR chips have a type of hardware exclusive OR (XOR) option when it comes to the logic levels of the output pins? If you look in the datasheet (the image above is a screenshot from an ATtiny13 datasheet) you’ll find a section on Toggling the Pin. It turns out that if you set a PORT as an output, writing logic one to the corresponding PIN register will toggle the logic levels of that out. This is really easy to overlook if you’re writing in C, but I’ve been working on learning a bit of assembler language and found this to be very useful. Keep reading after the break and I’ll tell you how I happened upon this info and what it’s good for.

Continue reading “Hardware XOR for output pins on AVR microcontrollers”

8-bit binary calculator


Don’t feel like shelling out $5 for a fancy factory made calculator that won’t even do binary math? [Jeff] decided to prove his mastery of gates and his disdain for base 10 by building a binary calculator using XOR, AND, and OR chips. Calculations can be input in two ways: through digital logic headers or by three banks of DIP switches used to enter the operator and the two operands. Although limited to addition and subtraction, this is a great way to make sure you really understand digital logic. Take a look at the rough design schematics in his album. The design is modular so if you have one of each gate and a few LEDs sitting around you can give this a whirl.

Dismantling the Storm Worm botnet


Zero Day has an interview with German researchers who have found a way to take down the Storm Worm botnet. Their program, Stormfucker, takes advantage of flaws in Storm’s command network: Nodes that are NAT‘d only use a four-byte XOR challenge. Nodes that aren’t NAT’d are only using a trivial 64bit RSA signature. Their solution can clean infected machines and also distribute to other nodes. Unfortunately, installing software without the user’s consent is the exact same behavior as malware. Don’t expect to see this in any sort of widespread use. The researchers did point out that some ISPs have moved to shutting off service for infected customers until their machines are cleaned.