### Die Hard 7: Passwords Plz

Extracting secrets from hardware

#### Intro to the talk

 No time for \$whoami! • How to make a chip How to break a chip emo • How to protect a chip • Fin

#### Physical Security Matters



#### Define the chip and describe it

#### **VHDL Code**

-- Here we define the AND gate that we need for -- the Half Adder library ieee; use ieee.std\_logic\_1164.all;

entity andGate is
port( A, B : in std\_logic;
 F : out std\_logic);
end andGate;

-- Here we define the XOR gate that we need for -- the Half Adder library ieee; use ieee.std\_logic\_1164.all;

entity xorGate is
 port( A, B : in std\_logic;
 F : out std\_logic);
end xorGate;



#### Simulate the design and timings

#### **VHDL Test Bench**

--import std\_logic from the IEEE library library ieee; use ieee.std\_logic\_1164.all;

entity fullAdder\_tb is
end fullAdder\_tb;

architecture tb of fullAdder\_tb is

component fullAdder is
 port( A, B, Cin : in std\_logic;
 sum, Cout : out std\_logic);
end component;

signal A, B, Cin, sum, Cout : std logic;

#### **Timing Simulation**



### Break each functional part into standard blocks







#### Join the blocks and create the chip layout



http://web.eece.maine.edu/research/vlsi/2007/Bellamine/

### Get Sand (like, really pure sand)



#### Get the chip doped up and metalled \o/



#### Get the chip doped up and metalled \o/



semiconducto.png

#### Slice and Dice





http://electronics.stackexchange.com/questions/4 2765/orientaion-flat-on-semiconductor-wafer

https://upload.wikimedia.org/wikipedia/commons/d/d7 /Wafer\_2\_Zoll\_bis\_8\_Zoll\_2.jpg

#### Bond out the wires into the chosen package



#### Package and Sell, Sell, Sell!



http://www.soselectronic.com/a\_info/img\_data/Taiwan\_Semiconductor/reel.jpg

#### So why did I go through this

- Because it makes me feel like a real man
- You need to know how a chip is constructed to then attack it effectively.
- Identifying common structures in a chip allows you to reverse its functionality.
- And knowing these structures allow you to identify areas to attack

#### Reversing a silicon chip

#### Step 1. Get samples to research!



#### Get all the infos needed for the chip.

| 47/                                            | SGS-THOMSON                                                                                                                                                                                                           | 5   |           |                 | A/41B/<br>A/42B/ |              |  |
|------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----|-----------|-----------------|------------------|--------------|--|
|                                                | COMPLE                                                                                                                                                                                                                | MEI | NTARY     |                 | ON PO            |              |  |
|                                                |                                                                                                                                                                                                                       |     |           | 110             |                  |              |  |
| SGS-T                                          | HOMSON PREFERRED SALESTYPES                                                                                                                                                                                           |     |           |                 |                  |              |  |
| epitaxial-t<br>TO-220  <br>medium p<br>The com | TION<br>11A, TIP41B and TIP41C are allicon<br>asse NPN power transistors in Jedec<br>Jastic package, interted for use in<br>ower linear and switching applications.<br>plementary PNP types are TIP42A,<br>dt TIP42C. |     | (         | T0-22           | )<br>1 2 3<br>0  |              |  |
|                                                |                                                                                                                                                                                                                       |     |           |                 |                  |              |  |
|                                                |                                                                                                                                                                                                                       | _   |           |                 |                  |              |  |
|                                                |                                                                                                                                                                                                                       |     | INTERNA   | SCHEMA          | TIC DIAGRA       | M            |  |
|                                                |                                                                                                                                                                                                                       |     | BO E C    | (3)             | 30(1)<br>5006810 | )            |  |
| ABSOLU                                         | TE MAXIMUM RATINGS                                                                                                                                                                                                    |     |           |                 |                  |              |  |
| Symbol                                         | Parameter                                                                                                                                                                                                             |     |           | Value           |                  | Unit         |  |
|                                                |                                                                                                                                                                                                                       | NPN | TIP41A    | TIP41B          | TIP41C           |              |  |
| Vcro                                           | Collector Rose Voltage (I. = 0)                                                                                                                                                                                       | PNP | 50 TIP42A | TIP42B<br>80    | 100              | - v          |  |
| VCBO<br>VCEO                                   | Collector-Base Voltage (I <sub>E</sub> = 0)<br>Collector-Emitter Voltage (I <sub>B</sub> = 0)                                                                                                                         |     | 60        | 80              | 100              |              |  |
| VEBO                                           | Emitter-Base Voltage (Ig = 0)                                                                                                                                                                                         |     |           | 5               | .00              | 1 v          |  |
| Jc.                                            | Collector Current                                                                                                                                                                                                     |     |           | 6               |                  | Å            |  |
| Ісм                                            | Collector Peak Current                                                                                                                                                                                                |     |           | 10              |                  | A            |  |
|                                                |                                                                                                                                                                                                                       |     |           | 3               |                  | A            |  |
| IB                                             | Base Current                                                                                                                                                                                                          |     |           |                 |                  |              |  |
|                                                | Total Dissipation at T <sub>case</sub> 25 °C<br>T <sub>amb</sub> 25 °C                                                                                                                                                |     |           | 65<br>2         |                  | w            |  |
| IB<br>Ptot<br>Tstg                             | Total Dissipation at T <sub>case</sub> 25 °C<br>T <sub>amb</sub> 25 °C<br>Storage Temperature                                                                                                                         |     |           | 2<br>-65 to 150 |                  | w<br>w<br>°C |  |
| I <sub>B</sub><br>Ptot                         | Total Dissipation at T <sub>case</sub> 25 °C<br>T <sub>amb</sub> 25 °C                                                                                                                                                |     |           | 2               |                  | w            |  |

| ERRAT                                             | A SHEET                                                                                                           |
|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|
| Date:<br>Document Release:<br>Devices Affected:   | May 17, 2006<br>Version 2.1<br>LPC2214, LPC2214/80                                                                |
| This emats sheet descr<br>cal specifications know | ibes both the functional deviations and any deviations from the elect<br>in at the release date of this document. |
| Each deviation is assig                           | ned a number and its history is tracked in a table at the beginning of                                            |
|                                                   |                                                                                                                   |
|                                                   |                                                                                                                   |
| 2084 May 17                                       |                                                                                                                   |

#### Decapsulate (decap) the chip!



#### Look a chip - look at it.



#### Safety is important\*



### \*maybe not that safe...

#### Don't inhale deeply... (snare)



#### Use Scanning Electron Microscope to work out how many metal layers the chip has



http://m.eet.com/media/1158119/120420\_techinishgts1.jpg

# Dissolve each layer using scary stuff and image using high resolutions



John McMaster is awesome - watch this: https://www.youtube.com/watch?v=ZKT2Giq-lbQ

### Stitch it together using geo-mapping software.



Image courtesy Olivier THOMAS @ Texplained Dmitry Nedospasov (@nedos on the twitter) http://www.texplained.com/

#### Identify the components



**Olivier THOMAS Texplained Dmitry Nedospasov** http://www.texplained.com/ (c) Detected Interconnects

#### Reconstruct the circuit



Olivier THOMAS Texplained Dmitry Nedospasov http://www.texplained.com/

# Image the ROM and read of - if the chip is >40uM size (i.e from the 90's)



Image courtesy Travis Goodspeed - Read POC ||GTFO for more goodness https://www.flickr.com/photos/travisgoodspeed/3425845978/in/album-72157616476990240/

#### Microprobe key signals



https://www.flickr.com/photos/travisgoodspeed/3422351458/in/album-72157616476990240/

#### Reset protection fuses with UV



Image courtesy Bunnie Huang - google everything his does! http://www.bunniestudios.com/blog/?page\_id=40

#### Edit the chip using a Focused Ion Beam



Image courtesy Andrew Zonenberg - who is way smarter then the presenter http://siliconexposed.blogspot.com.au/2014/03/getting-my-feet-wet-with-invasive\_31.html

#### Glitch areas of the chip using a laser

Backside optical fault injection attack setup

 chip on a test board under microscope with 20× and 1065nm laser



Image courtesy Dr Sergei Skorobogatov @ University of Cambridge England <a href="https://www.cl.cam.ac.uk/~sps32/ECRYPT2011\_1.pdf">https://www.cl.cam.ac.uk/~sps32/ECRYPT2011\_1.pdf</a>

### So how do we protect chips

# Integrate a metal layer mesh over critical areas



Image courtesy Oliver Kommerling

https://www.usenix.org/legacy/events/smartcard99/full\_papers/kommerling/kommerling.pdf

# Obfuscate the layout of critical areas of the chip

Couldn't find a good image 
Just thing of a VLSI chip that looks like spaghetti
Make it hard to automatically decode a chip area.

#### Scramble/Encrypt on-chip memories

- Helps protect memories from static memory dumping attacks
- However if you can probe the encryption engine you might be able to dump
- Helps but is not a "Silver Bullet"

The encryption of the internal memory contents is accomplished under software control supported by a dedicated hardware AES engine, with selectable key sizes of 128, 192 or 256 bits. The key is generated under ROM control at battery attach using the true random number generator and is kept on the battery domain. The key itself is stored in a hardware key register that is not mapped on the AHB/APB buses and is cleared on certain security events.

# Generate and roll unique crypto keys for each device.

- Attacks are physical in nature
- And take time
- And equipment
- And money
- So if you (securely) roll the crypto keys
- You'll force the attacker to work quickly
- and they'll only have a small time window to exploit
- And since keys are should be unique per device they can't take one "Master" key and break all your stuff.

#### Have active tamper detection mechanisms

- Used in banking terminal High Security Modules
- External meshes
- Cryptographic keys wiped if tamper detected
- Environmental protections
- Side channel protections.





#### So the Fedz Vs Apple...

- Apple did a pretty good job considering threat model of 2+ years ago
- Unique keys per user/device! Not accessible in software mechanisms, Encrypted Memory!
- But memory wipe counter is stored in the flash
- So this can be "reset" by reflashing it with a good image.
- From iPhone 6 (A7 processor) they added a "Secure Enclave" block.
- Which is used to hold fingerprints and the counter.
- But physical attacks are also practical and feasible.

#### "Secure Element" for banking





NXP65V10 NFC controller and secure element

#### So iPhone 7

•Will probably add "Secure Element" style protections on the die. And active tamper responses to deter attack And a pony

#### Wrapping Up.

- Physical attacks are pretty cool
- And feasible given time and equipment
- But can be mitigated!
- Break stuff and look at it.
- Just don't breathe the acid it in.
- Or touch it well room temp. 70% nitric is fine (just makes your skin turn yellow for a little bit)
- Read and watch <a href="http://www.murdochspirates.com/">http://www.murdochspirates.com/</a>

#### People I stole stuff from/references

- Andrew Zonenberg <u>http://siliconexposed.blogspot.com.au/</u>
- Dmitry Nedospasov <u>http://www.nedos.net/about/</u>
- Oliver Thomas <u>http://www.texplained.com/</u>
- Oliver Kömmerling/Markus Kuhn
- Dr Sergei Skorobogatov <u>http://www.cl.cam.ac.uk/~sps32/</u>
- Bunnie Huang <a href="http://www.bunniestudios.com/">http://www.bunniestudios.com/</a>
- Travis "Good Neighbour" Goodspeed http://travisgoodspeed.blogspot.com.au/
- John McMaster <a href="http://uvicrec.blogspot.com.au/">http://uvicrec.blogspot.com.au/</a>

And all the other I missed 😣

#### Definitely a Con's



https://wrongisland.org/

http://unrestcon.org/