1 of 30

Matt Galvin

Elixir, Erlang - Americas�matthew.galvin@erlang-solutions.com

www.erlang-solutions.com

Nerves

Datacenter application

2 of 30

Hacking is fun

Whether hardware, software, or both!

3 of 30

1. Hacking

Hardware hacking terms

Software�Consists of bits
Hardware�Consists of atoms
Firmware�Code that is embedded in the embedded device, so basically software

4 of 30

Targets vs Attacks

Software Attack�Hardware Attack��We can flip bits in memory by running Rowhammer code on the CPU.

Hardware Attack�Hardware Target

Attack a ring oscillator by glitching supply voltage.

Hardware Attack �Software Target

Inject a voltage glitch on a CPU that influences an executing program.

Software Attack�Software Target��We can perform a buffer overflow on a network daemon.

DRAM: The Rowhammer attack exploits DRAM bit flips by causing victim rows to be page tables. Page tables are structures maintained by an operating system that limit the memory access of applications. By changing access control bits or physical memory addresses in those page tables, an application can access memory it normally would not be able to access, which easily leads to privilege escalation.

LKSCREW is an example of a CPU overclocking attack. Because software on mobile phones can control the CPU frequency as well as the core voltage, by lowering the voltage and momentarily increasing the CPU frequency, an attacker can induce the CPU to make faults. By timing this correctly, attackers can generate a fault in the RSA signature verification, which allows them to load improperly signed arbitrary code.

P. 14

5 of 30

Side Channel Attack�

�“It is easy for an attacker to measure the execution time, down to the resolution of a single clock cycle!” �O’Flynn, Woudenberg 14

6 of 30

Timing Attack

Code: 1337

Recording the time delay between pressing the V button and the error LED illuminating. 248 O’Flynn��So, imagine the correct pin is 1337. First guess is 9,8,7,6 (see top, LED after short period). Next guess is 1,2,3, 4 (bottom). Now we think the first number is 1, so we can guess 1,1,1,1. If not improved, guess 1,2,1,1, then 1,3,1,1 and so on.

�Instead of 9 × 9 × 9 × 9 = 6561 guesses, it becomes 9 + 9 + 9 + 9 = 36 . If the password is random (generally isn’t), then on avg. we’d only have to guess halfway through numbers.

strcmp() or memcmp() to verify a password or PIN… Both of these C functions have an early termination condition, as they return after the first differing byte, giving an attacker who can measure timing the information of which character of an entered PIN differs from a stored PIN. O’Flynn 404

Keep in mind C may optimize your security away!

�the strcmp function in C determines whether two strings are the same. It compares characters one by one, starting at the front, and when it encounters a differing character, it terminates. When using strcmp to compare an entered password to a stored password, the duration of strcmp’s execution leaks information about the password, as it terminates upon finding the first nonmatching character between the attacker’s candidate password and the password protecting the device. The strcmp execution time therefore leaks the number of initial characters in the password that are correct.

So, how would you measure this time?

7 of 30

Rigol

DS1054Z

8 of 30

Other side channel attacks

Power Analysis

Differential Power Analysis
Simple Power Analysis

9 of 30

You have probably heard about quantum computing and its ability to break cryptographic algorithms….��

Won’t get into this too much b/c i don’t have a quantum computer, but what I can tell you is you can break things with DPA and SPA that you can’t with a quantum computer.��Ignore?:�Why use an oscilloscope, won’t quantum computers do this? Of course oscilloscope presupposes access to the device.��“the worst affected are RSA- and ECC-based systems, which are “trivially” broken using quantum attacks. However, even if we consider quantum computers, symmetric algorithms such as AES remain mostly secure.”

Best known quantum attacks for symmetric algorithms only halve the effective number of bits of the algorithm. 301

Quantum breaking AES-128’s 128-bit key is like breaking a 64-bit key on a classical computer
AES-256 under quantum attacks is as strong as brute-forcing 128 bits
Brute-forcing a 128-bit key is effectively Impossible (even for) 2022

10 of 30

In the news…

Oscilloscope requires physical access��https://techmonitor.ai/hardware/quantum-encryption-rsa-cryptography�“Despite the claims in the paper holding a lot of promise.. the Chinese team “failed to deliver on the promise” of its research.�

Harvest now, decrypt later (““Harvest now, decrypt later” refers to an attack where threat actors collect encrypted data from target organizations today, anticipating that data can be decrypted later on when quantum computing reaches a maturity level capable of rendering some existing cryptographic algorithms obsolete, according to Deloitte”)

However, we can break RSA with power analysis...we will look at an SPA attack on RSA soon. It can break symmetric crypto too, but we don’t get into that here

�Ignore?:

So, long story short, (D)PA transformed the breaking of AES-128 implementations from the impossible (even with quantum computers), to an achievable reality. 311. Of course, DPA and SPA presuppose access to the hardware… ��var consents = document.querySelectorAll("[id*=consent]");

for(var i=0;i<consents.length;i++) {

consents[i].remove();

}

11 of 30

Spycraft

One of the images has the entire text of Hamlet encoded in it. Can you tell any difference?

Boady, boadycs.gitlab.io

Harvest now is a nice segway to discuss something interesting, even though it isn’t specifically hardware hacking…

Steganography is a type of spycraft. It is a method of hiding data inside of images [James Stanger, 2020]. This practice has been used for centuries when people want to communicate secretly with others, but need to do it in a public place.��Valuable for attackers b/c results don’t have to be sent back to the attacker; they can just be posted on some public website in encrypted form, where the attacker can fetch them at their convenience. - Steinhart, 358��https://boadycs.gitlab.io/alg-foundations/content/099_cool/001_steg.html?highlight=spycraft

Right is hamlet��made by replacing the least significant bit on each pixel of the image with the corresponding least significant bit from the secret message. Another approach��recently published by researchers Chang Xiao, Cheng Zhang, and Changxi Zheng at Columbia University, encodes messages by slightly altering the shape of text characters.

12 of 30

‘a’ in ASCII is 97�97 in binary is 0110 0001�So, we need 3 pixels to fit a whole letter, with one extra bit.��R: 1111 1111 = 255 , G: 0000 0000 = 0, B: 0000 0000 = 0

Pixel 1 Color

Pixel 2 Color

Pixel 3 Color

Pixel 2 Color

Pixel 3 Color

R: 1111 1110 = 254, G: 0000 0001 = 1, B: 0000 0001 = 1

R: 1111 1110 = 254, G: 0000 0000 = 0, B: 0000 0000 = 0

R: 1111 1111 = 255, G: 0000 0000 = 0, B: 0000 0001 = 1

13 of 30

Simple Power Analysis (SPA) can break real cryptographic systems, including RSA.

O’Flynn, Woudenberg 264

14 of 30

www.erlang-solutions.com

RSA:

m = message

c = ciphertext

mod n = modulus operation

m^e = c mod n

15 of 30

Here is one possible implementation of a modular exponentiation algorithm.

This algorithm happens to be at the heart of an RSA implementation you might find (this) taught from a classic (cryptography) textbook. This particular algorithm is called square-and-multiply exponentiation, hard-coded for a 10-bit secret key, represented by the secret_data variable. (Usually the secret_data would be a much longer key in the range of thousands of bits, but for this example, we’ll keep it short.)��Variable m is the message we are trying to decrypt.��SPA relies on the observation that each microcontroller instruction has its own characteristic appearance in power consumption traces. For example, a multiplication operation can be distinguished from a load instruction: microcontrollers use different circuitry to handle multiplication instructions from the circuitry they use when performing load instructions. The result is a unique power consumption signature for each process. 253 Hardware hacking��SPA can be used to look at the execution of this algorithm and determine its code path. If we can recognize whether P * s has been executed, we can find the value of one bit of secret_data. If we can recognize this for every iteration of the loop, we may be able to literally read the secret from a power consumption oscilloscope trace during code execution��When might you want to do this?

“When there is a secret key embedded in a chip, and the hardware is doing cryptographic operations, it can leak a lot of information”- youtube video slide 26

16 of 30

SM,S,S,S,SM,SM,S,S,S,SM

10001100010

17 of 30

18 of 30

Sound interesting?��How I got started…�and you can too

19 of 30

Learning to:�SPA attack

Code�Arduino/Embedded C
Microcontroller�ATmega328
Shunt Resistor�100 ohms

20 of 30

21 of 30

22 of 30

23 of 30

24 of 30

25 of 30

SPA Attack

26 of 30

SPA Attack

27 of 30

28 of 30

29 of 30

Opportunities

for the BEAM?

Genetic Programming

30 of 30

Learning resources

HackTheBox