Blog:

Automotive pen testing 101. A walk-through

Ken Munro 02 Jul 2017

Side channel differential power analysis.

This involves defeating various differential power analysis protection methods employed by the PIN entry device vendors.

The crypto processor – One can attach to the power lines and/or position an EM probe to capture emissions during crypto processes. EM signals are monitored to factor the key.

Examples of bypassing EM protection to enable key recovery through differential power analysis techniques:

A example copper tamper grid – These are positioned covering crypto processors to “block” some of the EM emissions and provide a physical barrier. Breaking of the grid causes keys to be wiped

These can often be trivially circumvented by shorting the grid, allowing crypto chip EM to be monitored

Peeling a silver ink trace – this does not “block” EM but instead provides protections against physical access to the chip.

This is generally more difficult to circumvent than the copper example above

These are the balls on the underside of a BGA crypto processor. Removal of the BGA results in the master key being erased. Instead, we gain direct access to the power lines to perform differential power analysis as well as to collect EM emissions for Differential Electromagnetic Analysis​ making key recovery possible

Epoxy protecting sensitive pins – Some organisations use epoxy to  prevent access to pins. This protection simply does nothing but delay an attacker for ~10 mins. It can be removed by milling or a sharp knife

Physical attacks against chips

Decapping may be required to carry out certain types of glitching and reverse engineering

Milling or acid etching can be used

Varying levels of glitching are carried out, depending on risk factors and protection methods in use

From basic attacks, such as dropping a firmware EEPROM PIN to ground during the boot process, or microprobing to inject faults

Data signal from flash memory pulled to ground at critical point during boot, preventing the kernel from being loaded.

uboot is interrupted and allows access to an interactive terminal which allows firmware to be read and updated.

 

Component analysis is carried out to identify potential debug and test points

Also likely candidates for storing firmware, keys and other useful data

Components may be removed using hot air, although high-end IR rework stations are used for larger or more sensitive components.

Laser reballing is used to allow any BGA package to be reballed regardless of layout.

 

 

Full component removal may be necessary for JTAG identification

Here we can see all components removed, allowing us to fully trace paths for JTAG and other test point identification

We often have to create custom connectors during vehicle component testing

In this case we have created a custom connector to interface with a port on a vehicle IVI. From this port we obtained an interactive shell and compromised the IVI

Here we have sniffed EEPROM communications using a logic analyser

This is then converted in to binary using a SniffROM

3rd party tools are often used to reduce time taken to perform certain tasks

Here we have used a jtagulator to correctly identify the custom breakout from a vehicle IVI board

High power microscopes are used to trace accurately

X-ray images may be taken for detailed tracing.

Here we can see ball-to-via mapping which allowed us to deduce the JTAG test points, resulting in firmware being extracted from a smart fridge

Once reballed and JTAG identified, custom adapters are used to read the firmware from the chip

Custom RF protocols will typically be reviewed with a spectrum analyser

Packet analysis and susceptibility to replay, jamming and other attacks can be carried out

In this image we are disabling a 866Mhz wireless alarm, having reverse engineered the protocol

Tools such as the ubertooth and other software defined radios are used for Bluetooth, Wi-Fi, Zigbee, Z-wave etc

Here we have intercepted, reverse engineered and recoded vehicle alarm deactivation signals

Encryption on-chip is rarely a particular challenge to reverse engineer if no HSM is employed

Encryption in memory is more challenging and may require differential power analysis techniques

Here we are reverse engineering encryption on a flash module

We often find cryptographic flaws. In the example below an encryption key was derived from a device serial number

Through reverse engineering and custom coding, we successfully extracted plain text