Tuesday, January 13, 2009

Blackhat USA 2009 Poll - Rev Eng Class

During last years Blackhat and Defcon conferences, several individuals asked me about possibly giving classes on the security model of commonly found microcontrollers.  Jeff Moss' group setup a poll here.  Given todays Silicon technology has become so small yet so large, it would be best to determine which architecture and which devices everyone is most interested in.  The current poll will determine which brand micro to target (Atmel AVR or Microchip PIC) and after this is decided, we will need more input to narrow the class down to a few devices of the chosen family.

While the classes are not cheap, all participants will learn and understand the chosen targets security model.  Armed with such knowledge will help you to understand and recognize potential risks in future design work allowing you to avoid the possiblity of compromise (and I suppose this would also enhance job security :).   Full mosaic blowups of the targets, decapsulated devices, use of a probe station and all users will "modify" the security model of their devices themselves (unless they ask for some help).  I don't believe such a class has ever been given and seating will be limited per class.

Feel free to comment here but Blackhat really needs the feedback.


Thank you,

-Christopher Tarnovsky


  1. I just wish I had the possibility to go there as it sounds really interesting :)

  2. what about Freescale devices, the very low end product has the core of HC08.

  3. There isn't much from a security standpoint about them. Freescale HC/HCS08 rely on security from a location in their flash memory where-as Atmel and Microchip have security isolated as an area on the board stand-alone and not part of the Flash/EEPROM type NVM structures.

  4. I could not find a training by Chris advertised on the US Blackhat conference...

    As this is a bit on short notice for me - would such as training also be provided in the European Blackhat?

  5. From my perspective, I'd like to see the most popular uC that can be found in consumer end-user devices. And I honestly don't know which that would be. Suppose you could look at market data/share or something.

    I could never afford/justify the cost of attending Black Hat but Defcon is always a lot of fun.

  6. Chris I liked ur video about sim cards, I would like you to be my mentor and tutor, can I have that honor from you.
    I like this field of electronics and hardware, so please accept me as your student and drop me an email, I want to learn from you. So tell me where to begin, I am all yours.

  7. I this it is a great idea. I would surely sign up. No suggestion on any particular chip. I like anything that's used in security dongles. (atmel)

  8. Very intersting, if you have more shows lined up in the future send me an email. Thank you

  9. Hello,

    what about chip which is on HP- inkjet cartridges (HP364)
    which is actually same as bankcard chip mady by ?

  10. PIC
    then ARM
    and lastly AVR

  11. Hi Chris!

    I read your blog avidly everytime you update it, and I believe we have a friend in common who also indulges my curiosity from time to time (Fred).

    If I were to attend to Black Hat , which I am not, unfortunately, due to geographical/monetary contraints, I would LOVE you to mix it up a bit, and look at the SLE66CX/SLE88C series of chips, as they are pretty common in high-security designs nowadays.

    Now there might be legal issues behind this, so I'm not going to wait for a picture... :) If it's between AVR, ARM and PIC, I would say ARM might be the most interesting, I might also suggest a chip from ST's Nomadik family, that has an integrated DSP core.

  12. I would pick AVR. And am working out means to attend.

    -Brooke Hill

  13. hey chris,

    Just wanted to say I saw the video of you on Wired thoroughly impressed.

    That tiny circuitry just is just so small. how much did that micro scope cost?

    I am going to try to get a AAS of electrical engineering. some day. I tried soldering the matrix infinity on ps2 with relative success. where did you get your start? Did formal school make it possible or are you just real smart thanks for advice in advance. what does it take to get where you are?

    sincerly Peter

  14. I want to join your work.
    It's interesting.
    AVR first I think

  15. Hello
    If course I would like to know details

  16. If your speaking of Fred that most of us know.I wouldn't run around telling people that.My goodness Chris I hope you wouldn't have anything to do with the likes.

  17. What about FPGA like CPLD Altera MAX 3000?