Tuesday, October 30, 2007

Safenet iKey 2032 In-depth Look Inside

[We are aware of issues regarding the images when viewed in the latest Firefox browser.  This page has been tested on both Internet Explorer and Opera to properly display the pictures.] 

Chances are you have probably seen one of these little USB based tokens made from Safenet, Inc.

The one we opened was in a blue shell.

Safekey says, "iKey 2032 is a compact, two-factor authentication token that provides client security for network authentication, e-mail encryption, and digital signing applications."

As well, the brochure the link above takes you too states, "iKey 2032s small size and rugged, tamperresistant construction, make it easy to carry so users can always have their unique digital  entities with them." 

Now we're not really sure what tamperresistant construction has to do with making things easy for a user to carry around but let's get down to the good stuff.

So we took our token apart and the following pictures are what we found:

Above:  Main CPU side of the token. 

Our suspicion:  Could there be a Cypress CY7C63xxx series CPU present?


Above:  Something buried under epoxy.  Appears to be die-bonded to the PCB.

Once initial images of the PCB intact were taken.  It was time to remove the CPU.

We carefully decapsulated the epoxy covering the die buried inside the 24 pin SOIC part.  What did we find?  We found a Cypress CY7C63613!  We suspected it might be this part because of the pinout.  This is why scratching off the top of the part does not always help.  Even with the silkscreen scratched away, there are only a few possible candidates using this pinout.  Additionally, this CPU is very common used in USB applications.

Here is the CPU opened up.  Note that pin 1 on the PCB is in the upper-right corner while in our picture we rotated the device so pin 1 is in the lower-left (we labeled it with a red dot).

Above:  Cypress CY7C63613 USB CPU (Click on picture for a larger size)


Above:  Actual closer view of the bare CPU substrate (Click to see commented higher-res image)

Once the CPU was decapsulated, we performed some tests on the device.  After executing some tricks, the software contained internally was magically in our hands.

We looked for some type of copyright information in the software but all we found was the USB identifier string at address offset $3C0: i.K.e.y. .

Now that we successfully analyzed the CPU, the protocol for communications to whatever is present under the epoxy is available to us.  At this point, we believe it's more than an serial EEPROM because this CPU is not strong enough to calculate asymmetric cryptographic algorithms in a timely manner.

Next we carefully removed the die-bonded substrate from the PCB:

With the die-bonded device removed and a little cleanup, we can clearly see the bondout pattern for a die-bonded smartcard IC.   In the picture above, we can see VCC, RST, CLK, IO, and GND layed out according to the ISO-7816 standard which Flylogic Engineering are experts on.

After completely decapsulating the smartcard processor, we found a quite common Philips smartcard IC.  We will call this part from now on the Crypto-Coprocessor (CCP).  Notice there is still a small spec of dirt in the middle of the die.  We decided to leave it since it's not in our way.

Rotating this picture of the CCP (50x magnified) 90 degrees counter-clockwise, you can see how it fits into place on the PCB.  It is glued down and then five alluminum wires were wedge-bonded to the PCB.  Alluminum wedge-bonding was used so the PCB would not need to be heated which would help them cut down the time required on the assembly line.


In preparation for analysis, we had to rebond the CCP into a 24-pin ceramic dip (CDIP).  Although we only needed five contacts rebonded, the die-size was too large to fit into the cavity of an 8-pin CDIP.

The CCP is fabricated by Philips.  It appears to be a ~250nm, five metal layer technology based on the Intel 8051 platform.  It contains 32k of EEPROM, two static ram areas and a ROM nested underneath a mesh made up of someone(s) initials (probably the layout designers).

This CPU (The CCP is also a CPU but acting as a slave to the Cypress CPU) is not secure.  In fact, this CPU is also all over the globe in GSM SIM cards.   The only difference is the code contained inside the processor. 

Some points of interest:

Point #1-  The 'mesh' protecting probing from the ROM's databus outputs is NOT SECURE!

When we cropped and shrunk this picture, it came out pretty bad.  However, you can see that there is now an opening where we wrote our url.  The device is alive still but now has a gaping hole over the signature-mesh.

Point #2-  A quick search on the internet and we came across a public document from when Philips tried to get this part or a part very close to this one common criteria certified.  You can find this document here.  Alternatively in case that link goes bad, we have saved a copy of the document here.  You will need Adobe Acrobat reader to view the document.

The document labels this assumed to-be part as a, "Philips P8WE5033V0F Secure 8-bit Smart Card Controller."

Reading over this document, we find a block diagram on page 8.

In the above diagram they mention, "Security Sensors" as a block of logic.  That's ironic considering we opened a gaping hole in their "mesh" over the ROM and the processor still runs 100% functional.

Point #3-  For such a "secure" device, Philips could have done a lot more.  The designer's were pretty careless in a lot of areas.  Below are some photo's showing a sawn-off test-enable line.  Simply reconnecting the two tracks together will definately be helpful to an attacker.  A Focused Ion-Beam Workstation can make bond-pads for those two tracks that we can then bond out to the CDIP.  This way we can short or open this test-circuit.

Above:  Two test tracks (inside the red box) lead off to the left edge of the die.

Above:  Notice on the very right lower edge there is a wire in orange.  This was the loop back of the track that has now been sawn off.  This orange loopback would have belonged to the die to the right of this die when still present on the wafer.

 Now ask yourself if you are a potential customer to Safenet, Inc-  Would you purchase this token?


  1. Hey C, the new blog is great! I enjoyed your workshop at Toorcon and this blog makes a great continuation to it. Keep up the good work.

  2. Great and geeky blog! Love your dismantling!
    To your questions - would I buy the iKey? Personally, most likely not, as I have plenty of other, similar keys ;)
    From a customer perspective - it all depends on the use of it. If the idea is to add a layer of security, or to make it easier for users to authenticate to some solutions, I see no reasons why not using this provider (based upon your blog post only - as I do not know the product).
    If the purpose is to save, transport and encrypt (top)secret information of utmost importance - I would most likely not use any of the available smart-card based USB-tools.
    As you show, if you really want to access the data, you will find a way to do so. And that is true no matter what security measures you use.

  3. Bravo, loving your articles. I'm a software guy, and seeing how hardware is hackable too fills my heart with joy. :-)

  4. Welcome to the site guys! Stay tuned as there will be more articles like this one!

  5. Nice to see some reverse engineering on hardware, not only software.

  6. Hey!...Man i just love your blog, keep the cool posts comin..holy Saturday

  7. [...] We received a lot of attention from our previous article regarding the iKey 2032.  [...]

  8. I am considering using a Cypress USB controller part for a similar application. It looks like the parts can be made secure using a bit and I assume for this application this done. Were you able to get a hex dump of the code inside?

  9. The security bit is very easilly overridden. We would not recommend using this part.

  10. Would like to work with you soon!

  11. Man i love reading your blog, interesting posts !

  12. I have to agree with Kai.

    I'd consider data in such a key a little more secure than a laptop would be if I left it in a locked car. Not a lot more, but not less.

    (Yeah, I avoid leaving a laptop in a locked car, even in Japan.)

  13. Hi,

    Great reverse engineering. I'm planning to deploy exactly this token for our office. So what is your recommendation?
    Were you able to get a hex dump of the code inside?
    Is it possible to clone the whole thing

  14. Yep, A good work.

    But main question is still unanswered. Were you able to get the data extracted out of the token?

  15. This token is moderately secure unless a company capable of putting down needles touches it. The device is simply lacking in security yet is used by Visa and Target stores.

    We are able to see, "secrets" but cannot publish this kind of data on the internet. Safenet is aware of this.

  16. Hey! A quick quesiton. Where did you buy the 24-pin ceramic dip (CDIP) with cavity? Your information is most appreciated! Thank you.

  17. Dude, you need to get the HF out of your flow, stuffs dangerous. Get a diamond polisher and replace your wet etch with a simple polish back, you can still do some clean-up with a little fuming Nitric of Sulfuric. Its a much safer flow and much better controlled.

    So far I have not seen anyone doing backside imaging attacks. Do you have any information on such an attack?

  18. I'd love to know how you took the epoxy off the top of that microchip without damaging it. I've got a few smart cards I'd like to see the insides of.