security research repository of nathan andrew fain / cyphunk
On Thursday (Oct 4 2018) Bloomberg claims to have been informed of widespread modifications of server hardware made by Super Micro, a company that manufacturers their hardware in China. Amazon, Apple, and now the US DHS and UK GCHQ have refuted their claims. Most of the claims made by Bloomberg’s intelligence sources appear to come from a…
Update2: Apple responded to a request for clarification in a rather noncommittal manner. Until they clarify or until I have a chance to test the attack I would assume it effects the current iPhone 6 hardware and possibly the to-be-released iPhone 7 hardware as well. Update: This was published only a few days before the news…
I revived the Embedded Analysis wiki entry from 2010 and updated it for the 2014 31C3. The updated version includes some additional information:
I will be speaking on Embedded Security at the ECRYPT. I will be around for the duration of the conference and the workshops and will be happy to find people to collaborate with. See you there?
Update 10/06/12: Another response from CAM gives more detail of the feature in question and claims Microsemi do not inform their customers of the fuse that disables the Internal Test mode. Microsemi implied that they do. Questions rest there. To those aware of the “backdoor silicon” paper episode I’ll summarize it in one run-on sentence: Someone mistakes undocumented JTAG instructions…
Update: video online (src). From a talk on hardware embedded analysis at REcon on the 10th of July. In addition to some of the information I’ve presented before, as well as some updates, myself and photographer Hanna Fuhrmann spent the better part of a couple months prior working on making the documentation of these techniques and tools more digestible…
I will be giving a workshop at the CCCB in Berlin on Embedded Analysis (starting the 12th at 20:00). Anyone is welcome and attendees are asked to bring a potential target (router, mp3 player, phone, etc) for analysis. I will walk through the process of documenting and analysis based on the information and tools I released…
Herein I will describe a simple technique that attempts to determine the location of a user in relation to their proxy. Obvious use-cases include restricting content based on location of user, augmenting existing fraud metrics for banks and online payment systems or by law enforcement. For anonymity systems this technique should exmplify why onion based routing systems…
Myself and Vadim Vygonets gave a talk on embedded analysis at the CCC 27c3 conference in Berlin 2010. The purpose of this talk was to explain and simplify hardware embedded analysis. We went over various tools mentioned at this blog. Full documentation/reference for the tools discussed can be found on the wiki. Full video of…
I gave a talk on embedded analysis at 0sec in Berne Switzerland. Released some new tools and covered a couple other tools I’ve worked on over the past couple years. JTAGenum, release of a RS232enum serial scanner and Parallel FLASH dumper and overview DePCB, the PCB trace analysis tool in the works. Code includes documentation.