Overview
Syllabus
Intro
Supra iBox
ekey Android app
Programmed auth flow
Must access firmware
Physical access
Board photos
Internals
Reverse-engineering steps
MSP430 firmware extraction
BSL Overview
Existing BSL attacks
Voltage glitching attack
Results of voltage glitching
BSL timing attack
Timing attack problems
Timing attack game plan
Timing attack results
Modified attack results
Timing attack conclusions
MSP430 JTAG security
MSP430 1/2/4xx fuse
"Paparazzi" attack: Why?
MSP430 firmware reversing
IrDA
Firmware reversing finds
Supra crypto architecture
Syscode Key
Third authentication mode
Brute Force
Hardware backdoor
Flash write terase attack
Conclusions/solutions
Taught by
Black Hat