
Manual chip decapsulation [video] - whiteyford
https://duo.com/decipher/dont-try-this-at-home-chip-decapsulation
======
philipov
Putting the video in a modal window that disappears and resets playtime when
you click anywhere has got to be the worst UX decision ever. Can't even resize
the tiny little viewport.

~~~
amatecha
You can watch the video in its own window/tab here:
[https://fast.wistia.net/embed/iframe/kf4tdpqvyd](https://fast.wistia.net/embed/iframe/kf4tdpqvyd)

~~~
cf498
How did you get the link? I didnt even get a full screen button

~~~
amatecha
Just "Inspected" the page with Chrome Developer Tools (built into Chrome). If
you haven't tried it before, you can do a lot of fun stuff with it, on any
site!

Like another commenter said, I found that the video is contained in an
<iframe> so I grabbed its URL and found it works nicely to watch the video in
a separate window or browser tab. :)

I searched around to see if the video host ("Wistia") displays videos in some
more YouTube-like layout, but it seems not.

------
SlowRobotAhead
While I like duo, this video is a little misleading in the all of the chips
shown a DIP package. Let’s see the same UV erase tried on WLCSP BGA parts.

This is a pretty old technique. Almost every modern produce chip has
mitigations for UV erasing.

~~~
dsl
I don't know much about the decapping/chip security process.

What is the benefit in selectively erasing part of the chip? How does that
help you read the part that isn't erased?

~~~
SlowRobotAhead
The idea is that you can reset just the config bits. So the bits that keep the
JTAG/SWD/ICSP from reading out the flash.

So imagine your flash is over here, and your SRAM is over here, and over on
this other side is the SFRs and inside those are bits that once set disable
the debug interface. Reset just those and you can dump the firmware.

------
jacquesm
Interesting. I did not realize that you could still erase such chips using UV
light, and that this would also wipe out the 'fuses' used to protect readout.
I always figured that blowing those fuses actually physically destroyed a
conductor in the chip. But once you have things opened up to this degree even
that could probably be repaired using a pantograph and a very steady hand.

~~~
kabdib
The fuses I have experience with are indeed "blown" \-- actual metal traces
are physically opened with a large current -- and can't be intentionally
reset.

Often you blow fuses in multiples and take a vote, because the fuses can
occasionally re-connect or have awkward leakage due to how the metal bits
behaved during the over-current, and that's embarrassing for a fuse
controlling a security feature.

~~~
jacquesm
Have you tried re-instating those?

------
baobrien
Here's the blog of a group doing the same sort of things to recover rom and
firmware from arcade machines:

[http://caps0ff.blogspot.com/](http://caps0ff.blogspot.com/)

------
baybal2
Believe me, or not. Inside the carding scene, mass decapping is now a thing.
That includes decapping of chips that were specifically designed to be
decapping-proof. I remember that began at around 2010-2011, when first mass
wave of chip and pin cards began to hit carding networks.

~~~
amatecha
What are they decapping for the purpose of carding? Just curious, as I know
little about that "scene"

~~~
tialaramex
Chip cards have some private key burned into them that makes them unique,
depending on the chip they may just use this to witness a transaction (so the
issuer knows this card was used) or something more involved so that the issuer
can verify the card was really told the correct PIN and transaction amount.

In principle you can uncap the chip and get that key back out. You could then
clone it, or bypass any restrictions built into the chip like "I won't
authorise more than £200 total spend without going online". I'm not sure how
that would be worth doing unless it's surprisingly easy and quick.

Unlike with cloning magstripe cards though this would trash the original, take
substantially more than a couple of minutes and be readily detectable by the
issuing bank if they are paying attention. So it seems crazy to me and my
default position would be to believe it's not actually being done, certainly
on an "industrial" scale.

~~~
baybal2
How they prime majority of such cards get to carders is through bought post
workers that steal replacement credit cards sent by post.

So, even when a card is does not arrive, most people will assume that the post
simply lost it, and call for another replacement.

As I understand, a great lot of banks still ship fully active cards that
require no "activation" by phone or online, assuming that nobody can recover
the pin.

~~~
topranks
Ah ok... that is an interesting attack.

Is the actual pin on the chip though? I would have assumed only a hash of it
was stored, enough that it can verify the right pin has been supplied without
having to store the actual code?

~~~
baybal2
I there are full rainbow tables available for each used hash algo for 4 digit
pins. They are routinely bruteforceable.

~~~
tialaramex
Whereas I don't have criminal contacts who'd know whether anybody actually is
stealing chip cards and de-capping them, I do know plenty about algorithms and
data structures.

Rainbow tables make no sense here, the rainbow table is a clever optimisation
of the normal time-space tradeoff where we don't want to pay the full space
cost, and will accept a time penalty (and usually in practice an accuracy
penalty) to avoid using so much space.

For a four digit PIN there is no concern about space, storing and indexing 10
000 possible hashes is trivial, (whereas storing and indexing say three
trillion password hashes is kind of a pain so that's why you have rainbow
tables)

~~~
baybal2
Well, they are trivial, actually I ha e no idea of details

------
abalone
In case you are wondering, this technique probably doesn't work against
security-hardened chips. But other might, like what nation-states can afford.

"More security-focused mircocontrollers like the ones used in hardware
security modules (HSM) to store encryption keys, trusted platform modules
(TPM), and SIM-cards have have hardened chipsets to make these invasive
attacks more challenging, Davidov said. They have countermeasures such as
protective shielding and an active mesh layer to detect when a trace has been
cut. Light sensors, when tripped, could automatically destroy all stored
secrets if the chip powered on after the molding component was removed. While
there are ways to bypass these features, they require extremely specialized
equipment and 'significant investment.'"[1]

[1] [https://duo.com/decipher/new-diy-method-researchers-
recover-...](https://duo.com/decipher/new-diy-method-researchers-recover-data-
hardware-chips)

~~~
akira2501
> to make these invasive attacks more challenging

The problem with that is, there are fewer people capable of attacking their
countermeasures and so they don't get a strong test before being deployed.
I'll always remember Christopher Tarnovsky's talks at DEFCON.

[https://www.youtube.com/watch?v=Bp26rPw90Dc](https://www.youtube.com/watch?v=Bp26rPw90Dc)

