This post provides additional technical details about the physical part of the encrypted USB attacks that we demonstrated a few month back in our talk at BlackHat USA 2017. In particular I will cover how to remove the epoxy and how to reball a BGA chip. If you are considering auditing your own USB key or are curious about the challenges we faced, this article is for you.
Welcome to my electronic lab! Over the last few years or so many people asked me about my personal lab, so today I am giving you a virtual tour of it.
We will go over what gear I use and how I set everything up so I can do my experiment efficiently. Along the way I will answer the questions that has been asked about my setup in my various posts. In particular, I will provide a rationale of why I choose one type of hardware versus another. The quantity of hardware described in this post might seems overwhelming but keep in mind here that it took me years to build this lab. I merely add a new piece here and there based of my needs and opportunity.
Disclaimer: I don’t claim my setup is the best but it works for my use-cases: tinkering with electronic, doing security research and repairing various pieces of equipment. If you have suggestions on how to improve it, let me know.
Hello Jean-Michelle, I have a question about the artivel 'From NAND chip to files'. I copied the content of a NAND chip to a bin file with TNM5000, the bin file is approx. 4,5 GB. Do you have any idea about how to read the files from the bin file? I tried to mount it in Linux but it seems the maximum size is 256MB. Thank you for your help! Best regards, Laszlo
Hi Jean-Michel, I'd like to dump the firmware of my Samsung SM951 M.2 NVMe drive. Do you know how to do that?. If so, could you create a tool to dump firmwares of SSDs (SATA/M.2). I'm telling you this, because there are many people like me that are looking for a tool or utility to do that, but it haven't appeared yet. Thank you!!.
Wow, it’s been quite a long time since I have written in that blog! It also seems that I received many questions but I never received the notifications. I’m sorry for that. This seems to be related to some automatic changes on the settings. Problem should now be fixed.
Considering that I now have to answer a bunch of questions (received either by email or through this blog) and that many of them are overlapping in some way, I decided to do a sort of FAQ post instead of replying individually.
If you asked me a question and you don’t find an answer in this post, don’t be shy and ask again, either through the dedicated section on this blog or by email.
Thank you for your reply at 7 January. I have a additional question about the demonstration in Airbus CyberSecurity’s blog. Would you please suggest the specifications (like the product name ) of your experiment equipment DOOR SENSOR, ZWAVE controller USB, ALARM DEVICE? Because I really want to follow your project! Thank you.
Hello. I've wanted to contact you with the e-mail but there isn't any information about you. I have some questions about your project presented in Blackhat 2014. That's are about the ZWAVE protocol. Firstly, I downloaded the grc(Zwave in grc) files from the 'bitbucket'. Is it just for the sniffing the Zwave pkts? It can do the TX like directly turning off the Zwave light? and Could I get the demo videos and the descriptions about it ? Thank you!