8/13/2020 0 Comments Toshiba Hdd Password Crack
IIRC, there was a deliberate wobble in the track error correction marks which was used to both protect and region lock the disc.But its what Raphal Rigo is into, and truth be told, were glad its how he gets his kicks.Not only does it make for fascinating content for us to salivate over, but its nice to know theres somebody with his particular skill set out there keeping an eye out for dodgy hardware.
Toshiba Hdd Series Of PostsIn a series of posts on his blog, Raphal tears down the drive and proceeds to launch several attacks against it until he finally stumbles upon the trick to dump the users encryption PIN. Its not exactly easy, it did take him about a week of work to sort it all out, but its bad enough that you should probably take this particular item off the wishlist on your favorite overseas importer. Hes able to identify a number of components on the board, including a PM25LD010 SPI flash chip, Jmicron JMS539 USB-SATA controller, and Cypress CY8C21434 microcontroller. By hooking his logic analyzer up to the SPI chip he was able to dump its contents, but didnt find anything that seemed particularly useful. Raphal goes into great detail about the attack that eventually busted the device open: cold boot stepping. This method allowed him to painstakingly copy the contents of the chips flash; pulling 8192 bytes from the microcontroller took approximately 48 hours. By comparing flash dumps he was able to eventually discover where the PIN was being stored, and as an added bonus, found it was in plaintext. A bit of Python later, and he had a tool to pull the PIN from the drives chip. Weve even been witness to a safe being opened over Bluetooth. Seems like this whole Security by Obscurity thing might not be such a hot idea after all. Its an open hardware open firmware project, and I think being open in the cryptosecurity space makes all the difference. Since I use that TRNG, I wanted to see that AN so that I could at least see how they evaluated its quality and perhaps learn something. Six weeks of trying to get them to let me see it and they finally told me to pound sand. Or are you saying more that this is a technique which might be useful on other devices. But even if you dont do that the core problem is the above approach works, and if the data or program are stored off chip then something can sniff it, and even if it is on chip there are ways. The issue I have with the stand alone security chips is that you can just remove them and put something else there thats been done in my local community as a project recently for a particular piece of electronics Replace on chip and you are good to go. And they should NOT store the pin and then enable access to the encrytped data on the drive. The best thing to do is to encrypt the data with something derived from the PIN. Or to make changing the PIN easier, encrypt the real (random) key with the pin.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |