
Modchips of the State - Adrock
https://trmm.net/Modchips
======
kw71
I think I found some flaws with this, now I think I am rather experienced but
I haven't seen everything.

1) He didn't demonstrate it in real hardware without outside power and ground,
while he says an arm core is very small, capacitors are large unless you
change the laws of physics. Also I never saw a reliable clock generator the
size of a 0402 (or even 1208 now that I think about it) passive. Like I said I
haven't seen everything, if there are answers to these I'd love to see them.

2) He faked in some addition to unprogrammed memory, he theorizes the change
can only work one way (change a high to low) so an obvious countermeasure is
to fill empty memory with random bit patterns.

3) IIRC he intercepts an spi flash in series on the data (MISO) wire. Not only
does this assume the spi clock is regular, I think it's totally wrong because
he says he turns high to low. Usually the quiescent state of a net like this
is high, due to pullup on one or both sides to Vdd (high state.) The mark on
the data wire is a short to ground against this pullup to get a low state. Now
I haven't seen everything, nor have I looked at any datasheets of parts used
in any real system, of course the pullup can be anywhere along the wire, or in
one or many integrated circuits along the net, but it really strikes me as
incomplete because he says he turns high to low and I didn't notice him
mentioning anything about any pullup and how to deal with it.

So until I see something better than this talk I am writing this off as
feeding the FUD.

~~~
mechagodzilla
1) One could feasibly wire to nearby power/ground, although that would
certainly be more obvious. The clock for this is ~17 MHz (I believe), so one
can certainly achieve 'good enough' with a microcontroller's internal clock.

2) While that is an obvious countermeasure, it's one nobody is currently
taking (judging by the large block of 1's in the SPI flash chip he read from
the server).

3) You're thinking of a protocol like I2C, not SPI. For SPI it's 1 input
driving 1 output, and nothing is bi-directional, so a microcontroller or FPGA
interposing itself on a data line can definitely modify the state (or pass it
through unchanged) as it pleases.

<edit> It's worth pointing out that, given that the contents of the flash get
predictably read out at boot time, you could probably let the device 'train'
to calibrate it's internal (poor) clock and any software-based adjustments to
its timing guesses over multiple boot cycles. Especially if you have access to
identical hardware for initial lab testing.

~~~
kw71
Okay, I am in the habit of using pulls, and even some micros have pulls that
can be switched in. That may be pointless when there is only one slave on the
SPI, as it probably is in the attacked system, as the /CE is probably strapped
active so the device will never switch that pin to high Z.

------
mooseonsquirrel
not all chip functions are documented or even acknoledged by the OEM. white
paper doesnt document all the functions of the chip. look around at various
whitepapers and you will see voids in the documentation, or referals so the
user agreement and lisencing to access info and use of proprietary tech. If
you are into low level programming and IDE design you will see mnemonic
instructions laid out ina table with gaps in the address mapping and an
explanation that they are reserved, or unavailable, same with expected bit
inputs or outputs- reserved "unmaped" or "unused"

------
stcredzero
BMCs are _" typically unsecure with no protection, no detection and no
recovery"_

What are the economic forces behind this, and would it be feasible to change
this state of affairs?

------
walrus01
Time to incorporate a supply chain verification/hardware security firm named
SETEC ASTRONOMY and see who gets the reference.

~~~
auvi
Nitwits, Rubes, and Oafs

~~~
kabdib
Awaits FBI rotundness?

