A slide from the presentation, showing the power trace of the chip, while it's being pulsed with the laser at various stages of execution

Defeating A Cryptoprocessor With Laser Beams

Cryptographic coprocessors are nice, for the most part. These are small chips you connect over I2C or One-Wire, with a whole bunch of cryptographic features implemented. They can hash data, securely store an encryption key and do internal encryption/decryption with it, sign data or validate signatures, and generate decent random numbers – all things that you might not want to do in firmware on your MCU, with the range of attacks you’d have to defend it against. Theoretically, this is great, but that moves the attack to the cryptographic coprocessor.

In this BlackHat presentation (slides), [Olivier Heriveaux] talks about how his team was tasked with investigating the security of the Coldcard cryptocurrency wallet. This wallet stores your private keys inside of an ATECC608A chip, in a secure area only unlocked once you enter your PIN. The team had already encountered the ATECC608A’s predecessor, the ATECC508A, in a different scenario, and that one gave up its secrets eventually. This time, could they break into the vault and leave with a bag full of Bitcoins?

Lacking a vault door to drill, they used a powerful laser, delidding the IC and pulsing different areas of it with the beam. How do you know when exactly to pulse? For that, they took power consumption traces of the chip, which, given enough tries and some signal averaging, let them make educated guesses on how the chip’s firmware went through the unlock command processing stages. We won’t spoil the video for you, but if you’re interested in power analysis and laser glitching, it’s well worth 30 minutes of your time.

You might think it’s good that we have these chips to work with – however, they’re not that hobbyist-friendly, as proper documentation is scarce for security-through-obscurity reasons. Another downside is that, inevitably, we’ll encounter them being used to thwart repair and reverse-engineering. However, if you wanted to explore what a cryptographic coprocessor brings you, you can get an ESP32 module with the ATECC608A inside, we’ve seen this chip put into an IoT-enabled wearable ECG project, and even a Nokia-shell LoRa mesh phone!

Continue reading “Defeating A Cryptoprocessor With Laser Beams”

New Part Day: The Wi-Fi Stepper Gets Ideas Working Faster

Like most of us, I sometimes indulge in buying a part for its potential or anticipated utility rather than for a specific project or purpose. That’s exactly how I ended up with the WSX100 Wi-Fi Stepper, a single board device intended to be one of the fastest and easiest ways to get a stepper motor integrated into a project. Mine came from their Crowd Supply campaign, which raised money for production and continues to accept orders.

What’s It For?

The WSX100 Wi-Fi Stepper Driver (with motor), by Good Robotics

The main reason the Wi-Fi Stepper exists is to make getting a stepper motor up and running fast and simple, in a way that doesn’t paint a design into a corner. The device can certainly be used outside of prototyping, but I think one of its best features is the ability to help quickly turn an idea into something physical. When prototyping, it’s always better to spend less time on basic bits like driving motors.

In a way, stepper motors are a bit like RGB LEDs or LCD displays were before integrated drivers and easy interfaces became common for them. Steppers require work (and suitable power supplies) to get up and running, and that effort can be a barrier to getting an idea off the ground. With the Wi-Fi Stepper, a motor can be fired up and given positional commands (or set to a speed and direction) in no time at all. By sending commands over WiFi, there isn’t even the need to wire up any control logic.

Continue reading “New Part Day: The Wi-Fi Stepper Gets Ideas Working Faster”