Close

Hack Chat Transcript, Part 1

A event log for Side-Channel Attacks Hack Chat

Reverse Engineering through the side door with Samy Kamkar

dan-maloneyDan Maloney 03/25/2020 at 20:150 Comments

samy kamkar11:56 AM
<3

brainsmoke joined  the room.11:59 AM

Hello everyone, hope your self-imposed or otherwise lockdowns are going as well as can be expected. Today we're going to be welcoming Samy Kamkar to the Hack Chat, to talk about side-channel attacks and reverse engineering.

Welcome back, Samy! I normally ask guests to tell us a little about themselves, but that seems silly in this case. Maybe just start off by telling us how you're keeping sane these days?

Lazer.Coh3n12:00 PM
Hi

samy kamkar12:00 PM
Hey all, thanks for having me!!

Mark J Hughes12:02 PM
Hi @samy kamkar

samy kamkar12:02 PM
lately have been working on a number of projects - personally some more side channel experimentation with RF, some proof of concept projects and vacuum system building at home for sputtering and physical vapor deposition, and professionally a lot of research and hardware at openpath.com building physical access control

samy kamkar12:03 PM
hi @Mark J Hughes!

Dylan Caponi joined  the room.12:03 PM

So I guess WFH isn't a big deal for you?

Mark J Hughes12:03 PM
@samy kamkar With the sputtering -- are you preparing samples for SEM or something else like making sub-mil traces , etc..?

stansanders12:04 PM
samy!

Mark J Hughes12:04 PM
Also -- what does your setup look like?

samy kamkar12:04 PM
@Mark J Hughes atm one of the projects on my plate is creating a prototype "usb condom" -- these are meant to be devices that remove the data lines from USB and only allow power to prevent a malicious charger from exploiting something like your phone

morgan12:05 PM
yeah, itneresting in building my own sputtering setup

samy kamkar12:05 PM
but i'm a bit confused by the implementation as most of the usb condoms I've seen are opaque -- so how do i know the device itself is not malicious?

samy kamkar12:06 PM
so i've begun a PoC of creating an entirely transparent USB condom where you can visually see the data lines get cut off and the power run through...

morgan12:06 PM
won't that disable power level negotiation?

samy kamkar12:06 PM
except, it's a lie. i'm building the sputtering setup in order to sputter ITO (indium tin oxide), which as a thin film is a transparent conductor

@samy kamkar - Sort of like the inverse of the PowerBlougher that @Brian Lough makes - it cleans the power off a USB port and only lets data through

samy kamkar12:07 PM
thus, the data lines will continue, transparently, and one of the USB lines will be tied to a transparent antenna for nearby RF pickup

samy kamkar12:07 PM
i've used some ITO plastic but it's just too obvious hence the desire for a sputtering setup.

Seth12:07 PM
Hahaha, that's super sneaky!

Condoms break, just saying

Mark J Hughes12:08 PM
@samy kamkar You could make it transparent and use a 4-layer PCB. Hide the USB diff pair on an internal layer.

samy kamkar12:09 PM
my setup atm: Leybold Trivac D2.5E (two stage rotary vane) -> foreline trap (which I recently baked out way too long and destroyed the zeolite) -> Edwards EXT255Hi turbomolecular pump -> chamber -- with an MKS901P Pirani gauge and BPG400 Bayard-Alpert gauge

Mark J Hughes12:09 PM
@samy kamkar What is the least expensive entry into side-channel analysis? Last thin I heard about was the chip-whisperer.

samy kamkar12:11 PM
please note this is a very diy project so i'm fabricating some of the parts and trying to keep this as low cost as possible -- hence my high voltage feedthrough is really a J99 spark plug with a turned KF16 connector, my high voltage setup is a variac -> microwave oven transformer -> high voltage diode -> spark plug

samy kamkar12:12 PM
@morgan it would if the lines weren't going through but in this case they will -- however even without negotiation you'll still get 500mA

Seth12:12 PM
Yowza! Are you current limiting the MOT somehow?

samy kamkar12:12 PM
@Mark J Hughes the ChipWhisperer is awesome! i highly recommend it as well as Colin's site, videos, documentation. i was fortunate to take his class on side channel work as well

Mark J Hughes12:13 PM
@samy kamkar Since the lines are going through anyway, won't the user realize the negotiation has taken place and they're charging at greater than 500 mA?

stansanders12:13 PM
@samy kamkar whats the use case you imagine where someone knows enough to want to use a usb condom but doesn't know about your evil one

stansanders12:13 PM
or is this more a poc around "look we can hide circuits in things"

samy kamkar12:14 PM
@Mark J Hughes technically you can get away with cheaper though if you wanted, though it wouldn't be as advanced as a setup. in my previous supercon talk on side channels, near the end i demonstrated a new project using a Teensy 3 to perform bootloader debug protection bypassing *non-invasively* in order to dump flash from protected microcontrollers

Mark J Hughes12:15 PM
@samy kamkar what you save in money you make up for in time. Usually many times over. :)

Mark J Hughes12:15 PM
@samy kamkar What's the hardest microcontroller family to attack?

adellelin joined  the room.12:16 PM

samy kamkar12:16 PM
@stansanders hi!! i think the hiding in plain sight is the thing that piqued my interest, and the usb condom was just for me to tease the current implementation since i really do think it's silly to have an opaque device that you can't open (i realized this after i was given a USB condom in another country and it had an aluminum casing that couldn't be removed easily and i started to become suspicious)

charliex12:16 PM
https://www.riscure.com/gocheap/ https://github.com/Riscure/cheapSCAte is cheap and basic , talk by alyssa too

charliex12:17 PM
for sca

adellelin12:17 PM
Hi @samy kamkar !

anfractuosity12:17 PM
@samy kamkar Hey, what are you doing with RF + side channels?, that sounds really interesting!

samy kamkar12:17 PM
@Seth the variac before the MOT allows control of the voltage but i don't have current limiting atm - however i'll likely get another small variac and use that for current control

samy kamkar12:17 PM
hi @adellelin !!

samy kamkar12:19 PM
@anfractuosity one of my never ending projects is around intentional electromagnetic interference. there's a lot of amazing research on EM (and other side channels) revealing secret material of a system, but i've been more fascinated with the opposite, such as inducing voltage in a circuit to control it

samy kamkar12:19 PM
specifically air gapped systems that are intended to be "secure" as they're not connected to any network

samy kamkar12:19 PM
the problem is "air" is a terrible gap

samy kamkar12:19 PM
pretty much everything goes through it

samy kamkar12:19 PM
especially RF

anfractuosity12:19 PM
oh interesting, using a coil you mean above the chip, or..?

Steve Bossert (K2GOG)12:21 PM
hey y'

samy kamkar12:21 PM
i've been doing work around further field injection in the ISM band on input devices -- close enough that you're in proximity but not so close that you're touching the device in question or have it opened up. the example would be going into a corporate office, grabbing lunch with someone, and leaving your "phone" on someone's desk near a keyboard

stansanders12:21 PM
@samy kamkar ever thought about trying to exploit something's natural interference to create a sidechannel i.e. spitting the right sequence at a nic causes the hardware to sidechannel itself

samy kamkar12:22 PM
keyboards are pretty neat...typically connected via USB which used shielded twisted pair for the data signals and differential voltage which prevents most EM interference

samy kamkar12:23 PM
however as soon as that USB is terminated to the MCU, you're essentially left with a plastic shell and nice, long copper antennnas--i mean traces, to each of the keys

Steve Bossert (K2GOG)12:23 PM
hay y'all.... back in the day, it was a common thing to add a short length of wire to a filter tap on a pole mounted CATV system.... to make it leaky....and then aim a TV antenna at the "created air gap on a closed system" to essentially get "free CATV" same logic applies to adding a wire to most microcontrollers and other systems...to leak signals for passive theft.

samy kamkar12:24 PM
@stansanders hmm can you give me an example? like +++ATH0 of the dialup days? for those who aren't familiar, that's the AT "hang up" command that you can send your dialup modem to hang up. problem is you could get users on a chat like IRC to respond with an IRC PING of whatever you sent to them, and the modem would interpret it as the command and execute. essentially a DoS from anyone on IRC

anfractuosity12:24 PM
oh neat, re. keyboard, i bought a cheap mini-whip vlf antenna to try and pickup keyboard stuff, but don't have an SDR that can go that low atm

samy kamkar12:24 PM
and worse you could send other AT commands, eg +++ATH0,AT1900xxxxxxx

samy kamkar12:25 PM
@anfractuosity you can use your sound card

anfractuosity12:25 PM
that's a good point!

anfractuosity12:26 PM
i'm not sure if i might have tried that for something else actually, when i was tapping the earth of our mains to try and pickup the keyboard stuff

charliex12:26 PM
you can look at crosstalk and emi leakage on the usb hub as well

samy kamkar12:26 PM
@anfractuosity nice! that's an awesome technique. i'm not sure it will work well with USB keyboards but with PS2 was effective

anfractuosity12:26 PM
yeah with ps2 that was

samy kamkar12:27 PM
@charliex ooh yeah that would be cool - have you seen any projects successfully employ that?

pj joined  the room.12:27 PM

charliex12:27 PM
@samy kamkar heya , yeah https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-su.pdf

samy kamkar12:28 PM
@Steve Bossert (K2GOG) interesting!

stansanders12:30 PM
@samy kamkar exactly that, exploiting the device's own foibles in the RF / EM realm in order to attack without physical access necessarily

samy kamkar12:30 PM
@Mark J Hughes regarding saving money -- while that's true, i'm in general trying to build things so i understand them...i definitely am spending more resources by doing it but it's definitely a pref of mine to get into the nitty gritty and diy to get a better grasp on things as otherwise i'm a pretty slow learner. i've never been good at just reading and understanding something, things only seem to click for me when i apply it

samy kamkar12:31 PM
@Mark J Hughes the "hardest" mcu family to attack, i haven't tried attacking some of the secure variants of chips but they're on my list as i improve the vacuum system i would like to perform more invasive attacks. i've been doing IC decapsulation and optical reversing of (old) silicon but the "secure" chips often have metal masks/protective layers that i'm interested in defeating, again with home made made devices

Dan Fruzzetti12:34 PM
how many of the "secure" chip builds can you get your hands on to test different jigs and cutters and such with, for example for abrasive methods?

samy kamkar12:36 PM
@stansanders yeah, that is super interesting. there are some neat tricks -- Travis Goodspeed found a neat technique on nRF24L01's (super inexpensive Nordic 2.4GHz GFSK transceivers) - they don't support any "sniffing" modes, you must receive on a specific address, but found by using the preamble (0xAA's or 0x55's aka 0b10101010 or 0b01010101) and disabling basically all other checks (CRC, specifying a length, removing any other header requirements), the preamble would trigger the address detection and you'd be able to promiscuously eavesdrop packets on the channel (within limitations of the chip of course, such as the size limit, 32-bytes I believe, and modulation/encoding)

Mark J Hughes12:37 PM
@samy kamkar Oh, I'm sorry, I meant for me. I agree entirely with that statement. I'll often find a $100 solution to a $20 problem just so I can own it.

samy kamkar12:37 PM
@Dan Fruzzetti getting chips isn't too hard if you buy products using them - i think with the modern technology you'll need a focused ion beam or similar to remove/add metal

samy kamkar12:38 PM
@Mark J Hughes ahh! haha i misunderstood, but yeah, i guess that's what makes us all hackaday'ers :)

Mark J Hughes12:38 PM
I just want to mess around a bit.

Dan Fruzzetti12:41 PM
@samy kamkar outside my area. abrasion wouldn't be - you can blast with pretty small media now. hey anyone know of any curve-fitting libraries for Arduino that they like

stansanders12:42 PM
@samy kamkar very cool. i'm also more thinking of things like knowing there's an inductor that emits a magnetic field and if you do something that loads and unloads it in a certain way the inductor interferes with something else interesting

samy kamkar12:42 PM
@stansanders aggr-inject was also a cool example of the "packet in packet" technique (which +++ATH0 is an example of) -- specifically in open (unencrypted) 802.11n networks, a victim could visit a site / access some data, let's say a large, malicious image, and if any of the packets got dropped, the image itself contains a packet delimiter and wifi packet in itself. it would normally just be "data" as part of the image, but since the previous packet was dropped, the NIC is now looking for a new 802.11n frame -- and what do you know, it sees one and interprets it

Tom Redman joined  the room.12:42 PM

stansanders12:42 PM
nice

samy kamkar12:43 PM
thus the victim received an raw 802.11n frame which could be anything, such as an arp packet redirecting traffic

Dan Fruzzetti12:43 PM
fatal

stansanders12:43 PM
so thats the same principle, but im imagining that the sidechannel manifests as a hardware thing

Dan Fruzzetti12:43 PM
so reading the old-timey LEDs on a hub

Dan Fruzzetti12:43 PM
"omg it's just... the data"

samy kamkar12:44 PM
@Dan Fruzzetti true, removing the metal is possible, however typically these chips will no longer work and you'll essentially want to reconnect the metal as well (hence the FIB), but i'd definitely be interesting in super precise abrasion techniques if you know of any

Tom Redman12:45 PM
Hey @samy kamkar! Just wanted to say I love what you do and really appreciate your project posts. Thanks for sharing those. I'm endlessly fascinated with this stuff. Really enjoyed your darknet diaries episode too!

Seth12:46 PM
Super-precise abrasion techniques... Dunno if you have access to a machine shop, but that sounds like a surface grinder to me. Easily hits tolerances of 0.0001".

samy kamkar12:46 PM
awesome, thanks Tom!

charliex12:46 PM
yeah surface grinders are good for decap, joe grand did a thing on it a while ago

Tom Redman12:46 PM
If I ever end up with a second career, it'll be hacking or pen-testing :)

Dan Fruzzetti12:47 PM
@Tom Redman i love human-factors exploits

charliex12:47 PM
iirc he did pcb's cant recall if he did any chips

Dan Fruzzetti12:47 PM
if you really want to test a medium-sized enterprise, HFVs are the equivalent to side-channel attacks

Tom Redman12:48 PM
@Dan Fruzzetti the stories I've heard from some pen testers sound straight out of some tom clancy book. I'd probably barf but I love to think I could do it haha

Christopher Bero12:48 PM
What's an HFV?

Dan Fruzzetti12:49 PM
@samy kamkar in an ideal universe are you hoping to carefully decouple the shields from the chips in order to reattach them later? and

Tom, the getting scared part is the part that'll thrill you and make you old

Dan Fruzzetti12:49 PM
speaking of old, i don't look that young anymore

Tom Redman12:50 PM
@samy kamkar in the dd episode you talked about using smartphone microphones to pick up ultrasonic freqs of CPU instructions. Has there been a POC of this? Has it been used in the wild to you knowledge? It feels like there'd be too much noise in an uncontrolled environment.

Discussions