This post will guide you through all the steps it took me to support challenges that were released in 2016 by Riscure. From schematics review to an automation script, you will learn how to extend Chipwhisperer-lite, a versatile platform for side channel attacks and glitching and using it to crack an AES 128bit encryption key in less than a minute.
This post provides additional technical details about the physical part of the encrypted USB attacks that we demonstrated a few month back in our talk at BlackHat USA 2017. In particular I will cover how to remove the epoxy and how to reball a BGA chip. If you are considering auditing your own USB key or are curious about the challenges we faced, this article is for you.
Welcome to my electronic lab! Over the last few years or so many people asked me about my personal lab, so today I am giving you a virtual tour of it.
We will go over what gear I use and how I set everything up so I can do my experiment efficiently. Along the way I will answer the questions that has been asked about my setup in my various posts. In particular, I will provide a rationale of why I choose one type of hardware versus another. The quantity of hardware described in this post might seems overwhelming but keep in mind here that it took me years to build this lab. I merely add a new piece here and there based of my needs and opportunity.
Disclaimer: I don’t claim my setup is the best but it works for my use-cases: tinkering with electronic, doing security research and repairing various pieces of equipment. If you have suggestions on how to improve it, let me know.
Wow, it’s been quite a long time since I have written in that blog! It also seems that I received many questions but I never received the notifications. I’m sorry for that. This seems to be related to some automatic changes on the settings. Problem should now be fixed.
Considering that I now have to answer a bunch of questions (received either by email or through this blog) and that many of them are overlapping in some way, I decided to do a sort of FAQ post instead of replying individually.
If you asked me a question and you don’t find an answer in this post, don’t be shy and ask again, either through the dedicated section on this blog or by email.