SlideShare ist ein Scribd-Unternehmen logo

got HW crypto-slides_hardwear

G
Gunnar Alendal
1 von 56
Downloaden Sie, um offline zu lesen
got HW crypto? On the (in)security of a Self-Encrypting Drive series
Research motivation is HW crypto more secure? JMS538S SW6316 OXUF943SE INIC-1607E x x x x 2 x x JMS569 INIC-3608
Speakers intro Gunnar Alendal: Master’s degree in Cryptography from the University of Bergen, UiB, Norway. Reverse engineering anything with an opcode; x86, x64, ARM, MIPS, M68k, ARC, 8051, .. Security researcher with 15 years of professional experience. Christian Kison: Holds a Master's degree in Informations- Systemtechnik from the TU Braunschweig , Brunswick, Germany. Started PhD December 2014. Main research topic involve Side Channel Analysis, physical attacks, silicon and digital forensic and hardware reversing approaches. 3
Western Digital My Passport / Book ● Self-encrypting external HDD series* ● crypto done in either: 1. 1st-gen : USB/FW-to-SATA bridge 2. 2nd-gen : HDD itself ● Can’t fit everything in talk ⇒ read full paper * Some models don’t support encryption4
Generic setup 5
Different USB bridges researched Vendor Model (1st-gen/2nd-gen) Architecture JMicron JMS538S Intel 8051 Symwave SW6316 Motorola M68k PLX OXUF943SE ARM7 Initio INIC-1607E Intel 8051 Initio INIC-3608 ARC 600 JMicron JMS569 Intel 8051 6
Overall security design ● User PW ⇒ Key-Encryption-Key (KEK): ○ KDF(salt+PW) = KEK ○ salt + KDF iterations are constant in SWices ● KEK protects Data-Encryption-Key (DEK) ● DEK = holy long-term HW AES Key 7
1st-gen bridges w/AES 8
Overall security design 9
The protected DEK - eDEK ● a KEK-encrypted blob containing the raw DEK ● eDEK stored on disk + USB bridge EEPROM ○ EEPROM is marked “U14” on most PCBs ● retrieve eDEK ⇒ off-device pw brute force 10
Authentication - JMS538S/INIC-1607E 11
Mandatory HW encryption ● No PW set ⇔ hardcoded KEK unlocks DEK ● Hardcoded KEK = “PI” AES-256 key 03 14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 FC EB EA 6D 9A CA 76 86 CD C7 B9 D9 BC C7 CD 86 12
data recovery ● no pw + broken USB bridge? no problem: ○ eDEK stored on HDD + EEPROM ○ decrypt eDEK with “PI” KEK ⇒ DEK decrypts HDD ● pw set? off-device brute force ○ Constant salt + KDF iteration counter ○ GPU-impl. benchmark: ~1 mill pw/s (single card) ○ Pre-calculated hash-table 13
Retrieve the eDEK: “no eeprom for you” ● no EEPROM on boot.. ● ⇒ raw USB-to-SATA bridge or “DFU mode” ● ⇒ read eDEK from HDD VID/PID: 1058/0748 Bridge: JMS538S 14
Retrieve the eDEK ● JMS538S - “no eeprom for you” ● SW6316 - PC-3k / “no eeprom for you” ● OXUF943SE - SATA + hidden eDEK sector ● INIC-1607E - “no eeprom for you” + 3-byte FW patch to dump eDEK 15
Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ OXUF943SE ✓ ✓ INIC-1607E ✓ ✓ 16
Breaking auth. - aka. backdoors ● Two 1st-gen chips fail on authentication ● SW6316 stores the KEK in EEPROM/HDD ○ Protection: Hardcoded key (0x29A2607A..) ● OXUF943SE saves a “PI” encrypted eDEK ○ Protection: Hardcoded key (0x03141592..) 17
SW6316 authentication/backdoor 18
Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ 19
..but before we crack DEKs: 2nd-gen bridges with no AES 20
Initio INIC-3608 / JMicron JMS 569 ● no HW AES in USB bridge ● HDD does crypto: ○ “ATA Security feature Set”; ATA 0xF1, 0xF2, ... ● VSC “status” (0xC045) reports only cipher mode 0x30 (FDE) 21
INIC-3608 backdoor ● INIC-3608 does authentication, no crypto ● EEPROM, U14, contains the raw KEK(!) ● Dump EEPROM ⇒ Get KEK ⇒ authenticate ● ..or get KEK with secret VSC ⇒ authenticate 22
INIC-3608 authentication 23
INIC-3608 backdoor 24
INIC-3608 Backdoor DEMO 25
JMicron JMS569 ● Connect to pc3k in kernel-mode ○ Get privileges as always by bit shifting ○ Erase ATA-module XX ○ HDD unlocks, decrypting everything on the fly ● By now, pc3k found their own way ○ Details in the forums 26
Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ INIC-3608 ✓ ✓ ✓ JMS569 ✓ ✓ 27
JMS538S and INIC-1607E still standing tall* * From the devices available to the researchers28
Recap: Authentication - JMS538S brute force? :( brute force?? 29
Crack DEK directly? ● How is the HW AES-256 DEK created? ● Entropy source? ● can we beat a 2256 complexity? 30
DEK creation ⇒ device “erase” ● How is the DEK created on a device “erase”? ○ aka. “I forgot my password” ● Entropy source(s)? ● Can we assume the factory uses this “erase” command? 31
DEK creation by device “erase” ● “erase” VSC: CDB[0:1] = 0xC1E3 ● 2 entropy sources: ○ host computer ⇒ Key material source 1 ○ on-board RNG ⇒ Key material source 2 32
JMS538S “erase” VSC 33
JMS538S on-board RNG ● Implemented in chip “somewhere” ● Gather samples and plot ● Gather by “status” (4 bytes) or “erase” (32 bytes) VSC 34
/dev/urandom - 32-bit x 10 000 35
JMS538S “status” unmask x 10 000 36
JMS538S on-board RNG ● “status” command masks RNG output: ○ xor with 0x271828af ● “erase” uses raw RNG - no mask ● RNG turns out to be a 8-bit LFSR with period 255 37
JMS538S on-board RNG ● ..eh, a RNG with period of 255?! ● ..adding a poor ~28 to the complexity! ● ..so we have total 232 x ~28 = ~240 complexity! 38
JMS538S “erase” attack ● You erase the drive + set sooper pw ● We recover the DEK with 240 complexity ○ ~236 if set from a MAC ● ..done in “no time” on any computer 39
JMS538S “erase” VSC 40
JMS538S factory keys ● “most people don’t erase their drives” ● ..so what about the factory set DEKs? ● Does the factory use the “erase” command? 41
JMS538S factory keys analysis ● Grab factory set DEK from an eDEK + reverse the “erase” command flow ● Generate 255 possible “Host provided key material” (source 1) ● Find the correct one by guessing…? 42
JMS538S factory keys - RNG leak ● The default out-of-the-box eDEK leaks ● Decrypted eDEK leaks RNG status at creation time ● … which is the same time as DEK creation! 43
decrypted factory eDEK - RNG leak Magic 0x00: "DEK1" CRC 0x04: 3f97 Unknown 0x06: 0000 random1 0x08: b1f065be key 0x3ee2 128 bit 0x0c: dde91629a8f503a41847e9956386a5d3 random2 0x1c: 2aa98576 key 0x3ef2 128 bit 0x20: fea9c0d0ad395397772420a0563a604b random3 0x30: 074195db key 0x3f02 256 bit 0x34: 3b00e300f7002700e1004d003800040069003e00d70048000c00bb0042006400 random4 0x54: 8e832cf3 key size (byte) 0x58: 20 => 256 bits Unknown 0x59: 00000000000000 factory DEK RNG status leak 44
JMS538S factory keys - RNG leak ● The default out-of-the-box eDEK says it all ● It gives the raw DEK ● + the state of the RNG after DEK creation ● ⇒ We know the host provided key material! 45
example host provided key material Raw stream: 14 F9 DD 69 49 81 D4 63 CE 22 30 51 23 1B 2C 18 28 3B 3D 15 0F 3F 98 39 E4 C3 1F 4A 57 F3 9A 79 Little endian, 32-bit values: 69DDF914 63D48149 513022CE 182C1B23 153D3B28 39983F0F 4A1FC3E4 799AF357 srand(0x4fd45d3f) ⇐ Seed with this... rand() ⇒ 69DDF914 ⇐ ... and get these rand() ⇒ 63D48149 ⇐ ... .. rand() ⇒ 799AF357 ⇐ ... 46
example host provided key material ● srand(0x4fd45d3f) is the entropy source ● 0x4fd45d3f⇒ UNIX time ● 0x4fd45d3f⇒ 2012-06-10 08:39:27 UTC ● It was on a Sunday ..and it was sunny 47
DEK created: 10 JUN 2012 08:39:27 UTC Ouch! HDDs have a printed production date.. 48
JMS538S factory DEK attack ● a single 128-bit known-plaintext AES block needed from HDD ⇒e.g. EDEK (00..00) ● Recover the 256-bit DEK with 236 complexity: ○ Brute force creation time (2007 - 2015) + RNG state 49
JMS538S factory DEK attack ● ..done in “no time” on any computer ● ..or instant with a 1.2 TB lookup-table! ○ pre-gen all 236 possible factory DEKs ○ store EDEK (00..00) + seed + RNG idx 50
JMS538S factory DEK attack DEMO 51
Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ (✓) INIC-3608 ✓ ✓ ✓ JMS569 ✓ ✓ 52
badUSB and evil-maid? 53
No FW signing ⇒ security problems ● can patch FW devices, pre authentication ⇒ bad, bad USB ● ..resulting in spreading of evilness ○ malware in 8051, M68k and ARC. Infect-on-the-fly. ○ no easy clean (self-protecting evil FW) ○ add crypto backdoor ○ nullifying poor auth. schemes 54
Summary ● All 6 bridges analyzed had serious security vulnerabilities ● 3 bridges have backdoors, 2 weak key setup, 1 broken auth. ● All 6 vulnerable to unauthorized FW patching ⇒ badUSB, evil-maid, .. 55
Thank You, WD and EFF Questions? 56

Empfohlen

Topic 14 A
Topic 14 ATopic 14 A
Topic 14 Aezasso
 
Piratage informatique
Piratage informatiquePiratage informatique
Piratage informatiqueBrahim Bouchta
 
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...Ist. Superiore Marini-Gioia - Enzo Exposyto
 
If Then
If ThenIf Then
If Thengueste902d
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityMuhammad Zaky Zulfiqor
 
Basys Board Digilent Manual
Basys Board Digilent ManualBasys Board Digilent Manual
Basys Board Digilent Manualzhwryan
 
United States History Ch. 14 Section 2 Notes
United States History Ch. 14 Section 2 NotesUnited States History Ch. 14 Section 2 Notes
United States History Ch. 14 Section 2 Notesskorbar7
 
Vietnam War Background
Vietnam War Background Vietnam War Background
Vietnam War Background history_teacher25
 

Empfohlen

Topic 14 A
Topic 14 ATopic 14 A
Topic 14 Aezasso
 
Piratage informatique
Piratage informatiquePiratage informatique
Piratage informatiqueBrahim Bouchta
 
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...
ICDL/ECDL FULL STANDARD - IT SECURITY - CONCETTI di SICUREZZA - MINACCE ai DA...Ist. Superiore Marini-Gioia - Enzo Exposyto
 
If Then
If ThenIf Then
If Thengueste902d
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityMuhammad Zaky Zulfiqor
 
Basys Board Digilent Manual
Basys Board Digilent ManualBasys Board Digilent Manual
Basys Board Digilent Manualzhwryan
 
United States History Ch. 14 Section 2 Notes
United States History Ch. 14 Section 2 NotesUnited States History Ch. 14 Section 2 Notes
United States History Ch. 14 Section 2 Notesskorbar7
 
Vietnam War Background
Vietnam War Background Vietnam War Background
Vietnam War Background history_teacher25
 
العرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلوماتالعرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلوماتتقانة
 
سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1بندر المجلاد
 
Iwo Jima
Iwo JimaIwo Jima
Iwo Jimaguestef4788
 
Topic 14 B
Topic 14 BTopic 14 B
Topic 14 Bezasso
 
ANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécuritéANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécuritépolenumerique33
 
Pilar
PilarPilar
Pilarjavier-pejenaute
 
Modéliser les menaces d'une application web
Modéliser les menaces d'une application webModéliser les menaces d'une application web
Modéliser les menaces d'une application webAntonio Fontes
 
The digital transformation in physical security
The digital transformation in physical security The digital transformation in physical security
The digital transformation in physical security Paolo Sciarappa
 
United States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 NotesUnited States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 Notesskorbar7
 
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
 
les systèmes d'exploitation.ppt
les systèmes d'exploitation.pptles systèmes d'exploitation.ppt
les systèmes d'exploitation.pptPROFPROF11
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2Aero Plane
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyLinaro
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
FPGA on the Cloud
FPGA on the Cloud FPGA on the Cloud
FPGA on the Cloud jtsagata
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb Connor McDonald
 
Matrix glitcher tutorial
Matrix glitcher tutorialMatrix glitcher tutorial
Matrix glitcher tutorialJosé Mota
 
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheapUWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheapedlangley
 
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernelsMainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernelsDobrica Pavlinušić
 
Erasure codes and storage tiers on gluster
Erasure codes and storage tiers on glusterErasure codes and storage tiers on gluster
Erasure codes and storage tiers on glusterRed_Hat_Storage
 

Weitere ähnliche Inhalte

Was ist angesagt?

العرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلوماتالعرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلوماتتقانة
 
سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1بندر المجلاد
 
Topic 14 B
Topic 14 BTopic 14 B
Topic 14 Bezasso
 
ANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécuritéANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécuritépolenumerique33
 
Modéliser les menaces d'une application web
Modéliser les menaces d'une application webModéliser les menaces d'une application web
Modéliser les menaces d'une application webAntonio Fontes
 
The digital transformation in physical security
The digital transformation in physical security The digital transformation in physical security
The digital transformation in physical security Paolo Sciarappa
 
United States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 NotesUnited States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 Notesskorbar7
 
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE
 
les systèmes d'exploitation.ppt
les systèmes d'exploitation.pptles systèmes d'exploitation.ppt
les systèmes d'exploitation.pptPROFPROF11
 

Was ist angesagt? (11)

العرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلوماتالعرض المصاحب لوحدة أمن المعلومات
العرض المصاحب لوحدة أمن المعلومات
 
سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1سلسلة تعلم البرمجة بلغة C / C++ - 1
سلسلة تعلم البرمجة بلغة C / C++ - 1
 
Iwo Jima
Iwo JimaIwo Jima
Iwo Jima
 
Topic 14 B
Topic 14 BTopic 14 B
Topic 14 B
 
ANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécuritéANSSI - fiche des bonnes pratiques en cybersécurité
ANSSI - fiche des bonnes pratiques en cybersécurité
 
Pilar
PilarPilar
Pilar
 
Modéliser les menaces d'une application web
Modéliser les menaces d'une application webModéliser les menaces d'une application web
Modéliser les menaces d'une application web
 
The digital transformation in physical security
The digital transformation in physical security The digital transformation in physical security
The digital transformation in physical security
 
United States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 NotesUnited States History Ch. 14 Section 3 Notes
United States History Ch. 14 Section 3 Notes
 
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
CODE BLUE 2014 : A security assessment study and trial of Tricore-powered aut...
 
les systèmes d'exploitation.ppt
les systèmes d'exploitation.pptles systèmes d'exploitation.ppt
les systèmes d'exploitation.ppt
 

Ähnlich wie got HW crypto-slides_hardwear

Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2Aero Plane
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyLinaro
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
FPGA on the Cloud
FPGA on the Cloud FPGA on the Cloud
FPGA on the Cloud jtsagata
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb Connor McDonald
 
Matrix glitcher tutorial
Matrix glitcher tutorialMatrix glitcher tutorial
Matrix glitcher tutorialJosé Mota
 
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheapUWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheapedlangley
 
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernelsMainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernelsDobrica Pavlinušić
 
Erasure codes and storage tiers on gluster
Erasure codes and storage tiers on glusterErasure codes and storage tiers on gluster
Erasure codes and storage tiers on glusterRed_Hat_Storage
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
 
MSI X99 Overclocking Motherboards
MSI X99 Overclocking MotherboardsMSI X99 Overclocking Motherboards
MSI X99 Overclocking MotherboardsMSI Gaming
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)PROIDEA
 
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1Yukio Saito
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and InsightsGlobalLogic Ukraine
 
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfBasics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfstroganovboris
 

Ähnlich wie got HW crypto-slides_hardwear (20)

Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case study
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
 
FPGA on the Cloud
FPGA on the Cloud FPGA on the Cloud
FPGA on the Cloud
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb
 
Matrix glitcher tutorial
Matrix glitcher tutorialMatrix glitcher tutorial
Matrix glitcher tutorial
 
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheapUWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap
 
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernelsMainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
Mainline kernel on ARM Tegra20 devices that are left behind on 2.6 kernels
 
Erasure codes and storage tiers on gluster
Erasure codes and storage tiers on glusterErasure codes and storage tiers on gluster
Erasure codes and storage tiers on gluster
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Tr15 1332
Tr15 1332Tr15 1332
Tr15 1332
 
MSI X99 Overclocking Motherboards
MSI X99 Overclocking MotherboardsMSI X99 Overclocking Motherboards
MSI X99 Overclocking Motherboards
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 
GPU: Understanding CUDA
GPU: Understanding CUDAGPU: Understanding CUDA
GPU: Understanding CUDA
 
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
 
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1
Nvidia® cuda™ 5.0 Sample Evaluation Result Part 1
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
 
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfBasics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
 

got HW crypto-slides_hardwear

  • 1. got HW crypto? On the (in)security of a Self-Encrypting Drive series
  • 2. Research motivation is HW crypto more secure? JMS538S SW6316 OXUF943SE INIC-1607E x x x x 2 x x JMS569 INIC-3608
  • 3. Speakers intro Gunnar Alendal: Master’s degree in Cryptography from the University of Bergen, UiB, Norway. Reverse engineering anything with an opcode; x86, x64, ARM, MIPS, M68k, ARC, 8051, .. Security researcher with 15 years of professional experience. Christian Kison: Holds a Master's degree in Informations- Systemtechnik from the TU Braunschweig , Brunswick, Germany. Started PhD December 2014. Main research topic involve Side Channel Analysis, physical attacks, silicon and digital forensic and hardware reversing approaches. 3
  • 4. Western Digital My Passport / Book ● Self-encrypting external HDD series* ● crypto done in either: 1. 1st-gen : USB/FW-to-SATA bridge 2. 2nd-gen : HDD itself ● Can’t fit everything in talk ⇒ read full paper * Some models don’t support encryption4
  • 6. Different USB bridges researched Vendor Model (1st-gen/2nd-gen) Architecture JMicron JMS538S Intel 8051 Symwave SW6316 Motorola M68k PLX OXUF943SE ARM7 Initio INIC-1607E Intel 8051 Initio INIC-3608 ARC 600 JMicron JMS569 Intel 8051 6
  • 7. Overall security design ● User PW ⇒ Key-Encryption-Key (KEK): ○ KDF(salt+PW) = KEK ○ salt + KDF iterations are constant in SWices ● KEK protects Data-Encryption-Key (DEK) ● DEK = holy long-term HW AES Key 7
  • 10. The protected DEK - eDEK ● a KEK-encrypted blob containing the raw DEK ● eDEK stored on disk + USB bridge EEPROM ○ EEPROM is marked “U14” on most PCBs ● retrieve eDEK ⇒ off-device pw brute force 10
  • 12. Mandatory HW encryption ● No PW set ⇔ hardcoded KEK unlocks DEK ● Hardcoded KEK = “PI” AES-256 key 03 14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 FC EB EA 6D 9A CA 76 86 CD C7 B9 D9 BC C7 CD 86 12
  • 13. data recovery ● no pw + broken USB bridge? no problem: ○ eDEK stored on HDD + EEPROM ○ decrypt eDEK with “PI” KEK ⇒ DEK decrypts HDD ● pw set? off-device brute force ○ Constant salt + KDF iteration counter ○ GPU-impl. benchmark: ~1 mill pw/s (single card) ○ Pre-calculated hash-table 13
  • 14. Retrieve the eDEK: “no eeprom for you” ● no EEPROM on boot.. ● ⇒ raw USB-to-SATA bridge or “DFU mode” ● ⇒ read eDEK from HDD VID/PID: 1058/0748 Bridge: JMS538S 14
  • 15. Retrieve the eDEK ● JMS538S - “no eeprom for you” ● SW6316 - PC-3k / “no eeprom for you” ● OXUF943SE - SATA + hidden eDEK sector ● INIC-1607E - “no eeprom for you” + 3-byte FW patch to dump eDEK 15
  • 16. Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ OXUF943SE ✓ ✓ INIC-1607E ✓ ✓ 16
  • 17. Breaking auth. - aka. backdoors ● Two 1st-gen chips fail on authentication ● SW6316 stores the KEK in EEPROM/HDD ○ Protection: Hardcoded key (0x29A2607A..) ● OXUF943SE saves a “PI” encrypted eDEK ○ Protection: Hardcoded key (0x03141592..) 17
  • 19. Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ 19
  • 20. ..but before we crack DEKs: 2nd-gen bridges with no AES 20
  • 21. Initio INIC-3608 / JMicron JMS 569 ● no HW AES in USB bridge ● HDD does crypto: ○ “ATA Security feature Set”; ATA 0xF1, 0xF2, ... ● VSC “status” (0xC045) reports only cipher mode 0x30 (FDE) 21
  • 22. INIC-3608 backdoor ● INIC-3608 does authentication, no crypto ● EEPROM, U14, contains the raw KEK(!) ● Dump EEPROM ⇒ Get KEK ⇒ authenticate ● ..or get KEK with secret VSC ⇒ authenticate 22
  • 26. JMicron JMS569 ● Connect to pc3k in kernel-mode ○ Get privileges as always by bit shifting ○ Erase ATA-module XX ○ HDD unlocks, decrypting everything on the fly ● By now, pc3k found their own way ○ Details in the forums 26
  • 27. Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ INIC-3608 ✓ ✓ ✓ JMS569 ✓ ✓ 27
  • 28. JMS538S and INIC-1607E still standing tall* * From the devices available to the researchers28
  • 29. Recap: Authentication - JMS538S brute force? :( brute force?? 29
  • 30. Crack DEK directly? ● How is the HW AES-256 DEK created? ● Entropy source? ● can we beat a 2256 complexity? 30
  • 31. DEK creation ⇒ device “erase” ● How is the DEK created on a device “erase”? ○ aka. “I forgot my password” ● Entropy source(s)? ● Can we assume the factory uses this “erase” command? 31
  • 32. DEK creation by device “erase” ● “erase” VSC: CDB[0:1] = 0xC1E3 ● 2 entropy sources: ○ host computer ⇒ Key material source 1 ○ on-board RNG ⇒ Key material source 2 32
  • 34. JMS538S on-board RNG ● Implemented in chip “somewhere” ● Gather samples and plot ● Gather by “status” (4 bytes) or “erase” (32 bytes) VSC 34
  • 35. /dev/urandom - 32-bit x 10 000 35
  • 37. JMS538S on-board RNG ● “status” command masks RNG output: ○ xor with 0x271828af ● “erase” uses raw RNG - no mask ● RNG turns out to be a 8-bit LFSR with period 255 37
  • 38. JMS538S on-board RNG ● ..eh, a RNG with period of 255?! ● ..adding a poor ~28 to the complexity! ● ..so we have total 232 x ~28 = ~240 complexity! 38
  • 39. JMS538S “erase” attack ● You erase the drive + set sooper pw ● We recover the DEK with 240 complexity ○ ~236 if set from a MAC ● ..done in “no time” on any computer 39
  • 41. JMS538S factory keys ● “most people don’t erase their drives” ● ..so what about the factory set DEKs? ● Does the factory use the “erase” command? 41
  • 42. JMS538S factory keys analysis ● Grab factory set DEK from an eDEK + reverse the “erase” command flow ● Generate 255 possible “Host provided key material” (source 1) ● Find the correct one by guessing…? 42
  • 43. JMS538S factory keys - RNG leak ● The default out-of-the-box eDEK leaks ● Decrypted eDEK leaks RNG status at creation time ● … which is the same time as DEK creation! 43
  • 44. decrypted factory eDEK - RNG leak Magic 0x00: "DEK1" CRC 0x04: 3f97 Unknown 0x06: 0000 random1 0x08: b1f065be key 0x3ee2 128 bit 0x0c: dde91629a8f503a41847e9956386a5d3 random2 0x1c: 2aa98576 key 0x3ef2 128 bit 0x20: fea9c0d0ad395397772420a0563a604b random3 0x30: 074195db key 0x3f02 256 bit 0x34: 3b00e300f7002700e1004d003800040069003e00d70048000c00bb0042006400 random4 0x54: 8e832cf3 key size (byte) 0x58: 20 => 256 bits Unknown 0x59: 00000000000000 factory DEK RNG status leak 44
  • 45. JMS538S factory keys - RNG leak ● The default out-of-the-box eDEK says it all ● It gives the raw DEK ● + the state of the RNG after DEK creation ● ⇒ We know the host provided key material! 45
  • 46. example host provided key material Raw stream: 14 F9 DD 69 49 81 D4 63 CE 22 30 51 23 1B 2C 18 28 3B 3D 15 0F 3F 98 39 E4 C3 1F 4A 57 F3 9A 79 Little endian, 32-bit values: 69DDF914 63D48149 513022CE 182C1B23 153D3B28 39983F0F 4A1FC3E4 799AF357 srand(0x4fd45d3f) ⇐ Seed with this... rand() ⇒ 69DDF914 ⇐ ... and get these rand() ⇒ 63D48149 ⇐ ... .. rand() ⇒ 799AF357 ⇐ ... 46
  • 47. example host provided key material ● srand(0x4fd45d3f) is the entropy source ● 0x4fd45d3f⇒ UNIX time ● 0x4fd45d3f⇒ 2012-06-10 08:39:27 UTC ● It was on a Sunday ..and it was sunny 47
  • 48. DEK created: 10 JUN 2012 08:39:27 UTC Ouch! HDDs have a printed production date.. 48
  • 49. JMS538S factory DEK attack ● a single 128-bit known-plaintext AES block needed from HDD ⇒e.g. EDEK (00..00) ● Recover the 256-bit DEK with 236 complexity: ○ Brute force creation time (2007 - 2015) + RNG state 49
  • 50. JMS538S factory DEK attack ● ..done in “no time” on any computer ● ..or instant with a 1.2 TB lookup-table! ○ pre-gen all 236 possible factory DEKs ○ store EDEK (00..00) + seed + RNG idx 50
  • 51. JMS538S factory DEK attack DEMO 51
  • 52. Attackers progress... Model no pw set, recovery pw brute force break auth. crack DEK JMS538S ✓ ✓ ✓ SW6316 ✓ ✓ ✓ OXUF943SE ✓ ✓ ✓ INIC-1607E ✓ ✓ (✓) INIC-3608 ✓ ✓ ✓ JMS569 ✓ ✓ 52
  • 54. No FW signing ⇒ security problems ● can patch FW devices, pre authentication ⇒ bad, bad USB ● ..resulting in spreading of evilness ○ malware in 8051, M68k and ARC. Infect-on-the-fly. ○ no easy clean (self-protecting evil FW) ○ add crypto backdoor ○ nullifying poor auth. schemes 54
  • 55. Summary ● All 6 bridges analyzed had serious security vulnerabilities ● 3 bridges have backdoors, 2 weak key setup, 1 broken auth. ● All 6 vulnerable to unauthorized FW patching ⇒ badUSB, evil-maid, .. 55
  • 56. Thank You, WD and EFF Questions? 56