INSIGHTS, NEWS & DISCOVERIES
FROM IOACTIVE RESEARCHERS

Thursday, November 15, 2007

The KEYLOK USB Dongle. Little. Green. And dead before it was born!



We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI).

A picture of the dongle is to the right.

Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle's circuit board from the surrounding protective coating.



The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(.



The backside consists of two tracks and a large ground plane. The circuit is very simple for an attacker to duplicate.



With the devices removed, a schematic can be created literally within minutes. The 20-pin version of CY7C63101A can even be used in place of the smaller SOIC 24-pin package (which is difficult for some to work with). The 20-pin is also available in a dual-inline-package (DIP) making it a great candidate for an attacker to use.



Red pin denotes pin 1 on the device.



You might have seen this picture from the iKey1000 teardown. That's because we borrowed the Cypress pictures from that teardown :).

We performed some magic and once again we have success to unlock the once protected device. A quick look for ASCII text reveals a bunch of text beginning around address $06CB: .B.P.T. .E.n.t.e.r.p.r.i.s.e.s...D.o.n.g.l.e. .D.o.n.g.l.e. .C.o.m.m.<
.E.n.d.P.o.i.n.t.1. .1.0.m.s. .I.n.t.e.r.r.u.p.t. .P.i.p.e.


Ironically, they say, "There are many advantages to using a hardware–based security solution – AKA, a Dongle. There are even more advantages however to using KEYLOK Dongles over other competing solutions."

Statement's such as the one above are the reason Flylogic Engineering started this blog. We have heard this just one too many times from companies who are franckly pushing garbage. Garbage in, garbage out. Enough said on that.

This dongle is the weakest hardware based security token we have ever seen!! The outer physical protection layers ease of entry places this dongle last on our list of who's hot and who's not!

Tuesday, November 13, 2007

Atmega169P (Quick Peek)

We were curious if Atmel has finally shrunk the AVR series smaller than the current 350nm 3 metal layer process. Their main competitors (Microchip) have began showing 350nm 4 metal layer devices and Atmel has a few new product lines out (CAN, Picopower, and USB featured devices).

We chose to examine their picoPower line of AVR's since they claim true 1.8v operation. The only picoPower device in stock from Digikey was the ATMEGA169P. We used the 64 pin TQFP package for our review.



We took some quick images of some areas we think you will enjoy-



Delayering the device is one of the steps in analyzing any substrate. The part below was being delayered to remove it's top two metal layers. The part is in-between Metal3 (M3) and Metal1 (M1) right now. Some of Metal2 (M2) has begun to remove. More time would finish off the removal of M2 but this was enough for us.

We are very familiar with the Atmel AVR line (to include the AT90SC smartcard family) and thus left it in the package not being concerned (there are various reasons to remove it completely out of the carrier it is bonded in which we won't get into here).



The lower corner has the die identification (AT 355B6), Corporate logo, and the year.



A picture of the Flash and EEPROM output areas-



It is our opinion that this processor is one of the most secure from the less-than 32 bit MCU off-the-shelf choices out there. There are debug test-points spread around the device (we would love to hear feedback from whoever thinks they see them hint hint) but don't try to probe them if the device is locked. Atmel wised up around 2005 are turned those off if the lockbits are set (Hello Arne!).

Saturday, November 3, 2007

Safenet iKey 1000 In-depth Look Inside

We received a lot of attention from our previous article regarding the iKey 2032.  We present to you a teardown of a lesser, weaker Safenet, Inc. iKey 1000 series USB token.


We had two purple iKey 1000 tokens on hand that we took apart-


Cypress 24 pin CY7C63001/101 type USB controller is a likely candidate underneath the epoxy above



Cypress' USB controllers run from a 6 Mhz oscillator and an 8 pin SOIC EEPROM might be beneath this smaller epoxy area


Once we took our initial images of the two sides, it was time to remove whatever was under the epoxy.



If needed, we can clean off the remaining epoxy



There was indeed a serial EEPROM underneath the bottom side.  Removing took some heat and we lost the cover to our oscillator during the process.


Opening the device revealed exactly what we suspected (we could sort-of tell by the 24 pin SOIC) being familiar with the Cypress family of processors.  We discovered a Cypress CY7C63101.



The red pin denotes pin 1 of this Cypress CY7C63101


 


A 200x magnification photo of the die above shows a 20 pin version of the CPU used in the iKey1000 token.


The Cypress CY7C63 family of USB microcontrollers have serious security issues.  This family of processors should not be used by anyone expecting their security token to be secure.  Unfortunately, we've seen a lot of dongles using this family of CPU's.


We successfully read out the CPU (using our magic wand again).  Poking around the code looking for ASCII text we found the USB identifier string at address offset $0B7:  "i.-.K.e.y"


The code contained inside the Cypress CPU is always static between iKey1000 tokens.  The Cypress CPU is a One-Time Programmable (OTP) type device.  There is no non-volatile type memory inside except for for the EPROM you may program once (hence OTP).  The only changes possible are within the external EEPROM which is a dynamic element to the token.  The EEPROM turned out to be a commonly found 24LC64 8K byte EEPROM. 


Given the above, we can then assume that the iKey1032 is identical to this token with the except of replacing the 24LC64 with a larger 24LC256 32K byte EEPROM.  This is a logical assumption supported by Safenet's brochure on the token.


Are you securing your laptop with this token?  We are not...

In retrospect - A quick peek at the Intel 80286

We thought we would mix the blog up a little and take you back in time.  To a time when the fastest PC's ran at a mere 12 Mhz.  The time was 1982.  Some of us were busy trying to beat Zork or one of the Ultima series role-playing games.  You were lucky to have a color monitor on your PC back then.

We happen to have a 1982 era Siemens 80286 and here's what it looks like: (Click on any picture for a larger version)


 



 



If anyone is interested in donating any old devices such as an i4004 or i8008, please email us.

Thursday, November 1, 2007

Unmarked Die Revisions :: Part II

[NOTE- This article will describe a process known as "Wet-Etching".  Wet-etching is a process that can be very dangerous and we do not recommend anyone reading this try it unless you know what you are doing and have the proper equipment. 

The chemicals required such as Hydrofluoric Acid (HF) attack bone marrow.  HF is painless until several hours later when it's too late to take proper action so please be careful and be responsible. ]

Previously we discussed noticing Microchip making changes to their silicon substrates (aka the die) without marking the outside of the packaging as companies normally do.

See below a picture of the second generation PIC18F1320 die (same one you saw in Part I)-



We thought we would show you what this substrate looks like with a little wet-etching.  The picture below has the top metal (Metal 3 or M3) removed or stripped off-


[Click on photo for a ~2.5 MB version]


Flylogic Engineering are experts on doing the unbelievable (unthinkable!) when it comes to silicon-substrate attacks.  We are the only known lab in the world to have ever executed a technique we call, "Selective Wet-Etching" where we lay a mask down and wet-etch only areas we select.  The important thing to point out here is that when we are finished, the part is still 100% functional!  This plays an important role to bypass security meshes or other obstructions.

Now for the good stuff.  The picture below shows the hole we made.  We did not etch off the metal completely because we noticed the hole size was touching an active wire on the top metal (M3).  So we decided this was enough and light could easilly get back through.



Below is a closeup of the hole we made.  As you can see, it's a lot more open than the other areas.  A little more etching and the metal inside this hole would have been gone however the vertical track (wire) to the left would have also been gone.  This was enough and 45 minutes in UV resets the fuses (unlocking the device).



As we explained earlier, this part functions 100% except now the UV light can easilly get underneath down to Metal 1 without hinderence.

PS-  Bunnie was right regarding the CPU running on Microcode.  All Microchip PIC's ranging from the 10 series upto the 18 series contain a micro-coded architecture.  This should shed light to some of you as-to why they are sooo slow (Feed them 40 Mhz, you get an execution time of 10 Mhz).  Some of the newer PIC's include Phase Lock Loops (PLLs) to 4x the external frequency.