Automotive pen testing 101. A walk-through
Side channel differential power analysis.
This involves defeating various differential power analysis protection methods employed by the PIN entry device vendors.
The crypto processor – One can attach to the power lines and/or position an EM probe to capture emissions during crypto processes. EM signals are monitored to factor the key.
Examples of bypassing EM protection to enable key recovery through differential power analysis techniques:
A example copper tamper grid – These are positioned covering crypto processors to “block” some of the EM emissions and provide a physical barrier. Breaking of the grid causes keys to be wiped
These can often be trivially circumvented by shorting the grid, allowing crypto chip EM to be monitored
Peeling a silver ink trace – this does not “block” EM but instead provides protections against physical access to the chip.
This is generally more difficult to circumvent than the copper example above
These are the balls on the underside of a BGA crypto processor. Removal of the BGA results in the master key being erased. Instead, we gain direct access to the power lines to perform differential power analysis as well as to collect EM emissions for Differential Electromagnetic Analysis making key recovery possible
Epoxy protecting sensitive pins – Some organisations use epoxy to prevent access to pins. This protection simply does nothing but delay an attacker for ~10 mins. It can be removed by milling or a sharp knife
Physical attacks against chips
Decapping may be required to carry out certain types of glitching and reverse engineering
Milling or acid etching can be used
Varying levels of glitching are carried out, depending on risk factors and protection methods in use
From basic attacks, such as dropping a firmware EEPROM PIN to ground during the boot process, or microprobing to inject faults
Data signal from flash memory pulled to ground at critical point during boot, preventing the kernel from being loaded.
uboot is interrupted and allows access to an interactive terminal which allows firmware to be read and updated.
Component analysis is carried out to identify potential debug and test points
Also likely candidates for storing firmware, keys and other useful data
Components may be removed using hot air, although high-end IR rework stations are used for larger or more sensitive components.
Laser reballing is used to allow any BGA package to be reballed regardless of layout.
Full component removal may be necessary for JTAG identification
Here we can see all components removed, allowing us to fully trace paths for JTAG and other test point identification
We often have to create custom connectors during vehicle component testing
In this case we have created a custom connector to interface with a port on a vehicle IVI. From this port we obtained an interactive shell and compromised the IVI
Here we have sniffed EEPROM communications using a logic analyser
This is then converted in to binary using a SniffROM
3rd party tools are often used to reduce time taken to perform certain tasks
Here we have used a jtagulator to correctly identify the custom breakout from a vehicle IVI board
High power microscopes are used to trace accurately
X-ray images may be taken for detailed tracing.
Here we can see ball-to-via mapping which allowed us to deduce the JTAG test points, resulting in firmware being extracted from a smart fridge
Once reballed and JTAG identified, custom adapters are used to read the firmware from the chip
Custom RF protocols will typically be reviewed with a spectrum analyser
Packet analysis and susceptibility to replay, jamming and other attacks can be carried out
In this image we are disabling a 866Mhz wireless alarm, having reverse engineered the protocol
Tools such as the ubertooth and other software defined radios are used for Bluetooth, Wi-Fi, Zigbee, Z-wave etc
Here we have intercepted, reverse engineered and recoded vehicle alarm deactivation signals
Encryption on-chip is rarely a particular challenge to reverse engineer if no HSM is employed
Encryption in memory is more challenging and may require differential power analysis techniques
Here we are reverse engineering encryption on a flash module
We often find cryptographic flaws. In the example below an encryption key was derived from a device serial number
Through reverse engineering and custom coding, we successfully extracted plain text