Glitching, third-party attacks and hacking projects on Kickstarter (continued)

Published on August 07, 2015

Glitching, third-party attacks and hacking projects on Kickstarter (continued)

    The continuation of the list of hacker projects on Kickstarter that I found during the execution of the "home" for the course on the withdrawal of the project on Kickstarter . Start here .

    ChipWhisperer-Lite: A New Era of Hardware Security Research

    ChipWhisperer is laughing at your implementation of AES-256. But laughs with you, and not at you.

    ChipWhisperer is the first Open Source toolkit ( GPL licenced ) for hardware security analysis, including analysis of attacks on third-party channels and glitching ( glitching ).

    The closest commercial equivalent of such equipment costs $ 30k - $ 400k, with closed source, which complicates research and development. The project took second place at the 2014 Hackaday Prize

    Fees - $ 88,535 ($ 50,000)
    Project Start - February 27, 2015
    Project Page on Kickstarter

    image


    image
    System

    image
    Design Iron Design

    image
    Target IO Interface

    image
    Capturing traces from the Chip Whisperer-Lite

    image
    Cracking the encryption key on the previously recovered traces

    Video - homemade


    Chips:
    mass media
    Бац.
    А список СМИ я не нашел. Видать команда работает с сообществом хакеров на конференциях и мероприятиях. На русском языке тоже нет ни одного материала.

    Есть подкаст-интервью создателем #239 – An Interview with Colin O’Flynn – Aspirated Adamantine Attacks

    attracted cool actors
    image

    image
    award visualization
    image
    burned and broke
    image

    image

    image

    Examples of vulnerabilities are provided:
    Side-Channel Analysis Example
    Side channel analysis takes advantage of the fact that changing the state of a digital line uses a small amount of power. We can use this to actually break cryptographic implementations of otherwise secure algorithms (such as AES-128 or AES-256).

    For more details see my write-up on the theory of a CPA attack,
    along with a nice example of step-by-step breaking of the AES using
    Python
    from the ChipWhisperer tutorial list. For the attack to work, we basically just need to be able to tell the encryption/decryption
    algorithm to operate while we monitor the power, and know either the output or input to the system.

    This can be done with ~20 power traces on an AVR device for example, so it's not a case of taking an unrealistic number of measurements. For example see a real-time example of me breaking an AES-128 implementation in 120 seconds.
    Glitching Example
    Glitching is another devious attack on embedded systems. This takes advantage of the fact that at some point in your code you'll have a test of the input password, signature, or whatever else. So consider we have this code:
    image
    It's actually possible to manipulate the system to cause that check to fail, or for instructions to be skipped. You can glitch a Raspberry Pi as this video shows for example as I show you in the following video:

    This attack works with the ChipWhisperer-Lite too (we tested it already!).


    Developers position regarding flexible goals:
    “No stretch goals. We're not adding things that might delay the main production - so no stretch goals, no cases, none of that nonsense. If we get 10x the amount pledges it means 10x the amount of work already, so we're not going to further cause headaches by promising intricately carved balsa-wood figurines to stage your re-enactment of a Harry Potter quidditch match or something. ”


    Detailed Description and Open Documentation

    Two-minute Platform Overview

    Third-party attack - attacks aimed at vulnerabilities in the practical implementation of the cryptosystem Tutorial

    :
    CHES2013 Tutorial - Low Cost Side Channel Analysis (ChipWhisperer)





    Crypteks USB ™ - Inspired Design meets Ultra-Security

    Flash-fig-get it . Crypteks USB Key differs from other similar products in the presence of mechanical protection: in fact, the drive itself is part of a code lock, so to gain access to information, you will first have to bypass mechanical protection. This is not limited to information security concerns - the contents of the drive are encrypted in hardware using the AES algorithm (256-bit hardware encryption).

    Fees - $ 196,404 ($ 12,000)
    Start of the project - November 23, 2011
    Project site - crypteks.com ( oops , there are a lot of hieroglyphs, see the domain has already gone to another owner)
    Project page on Kickstarter

    Video - studio


    The Crypteks USB project is an “old man” and the very first on Kickstarter in the field of information security.
    But here the problems began.
    A 2013 article describing that everything is bad: Buyer Beware: Crypteks' USB Kickstarter Campaign Highlights the Perils of Crowd Funding
    And it happens.



    Shield - Home Internet Security Appliance

    iGuardian , aka Shield , is a network security system for home use that protects computers, tablets, smartphones and other Internet devices from malware, exploits and other harm. With lifetime updates.

    A modern digital or “smart” house contains many insecure devices that very easily allow criminals to enter the home network, steal personal information and gain access to bank and other accounts. iGuardian is a small device equipped with two 1.0 GHz MIPS6 processors, with 1GB DDR3 RAM, as well as 64 MB of flash memory.

    imageThe device is based on Linux and is designed to block cyber attacks, filter malware and inappropriate content. It is automatically installed within 5 minutes and does not require any configuration and technological knowledge. iGuardian protects only against known attacks by comparing network traffic with patterns recorded in the threat database. At the same time, iGuardian uses Snort in its work as a linear system of intrusion prevention.

    Fees - $ 174,382 ($ 125,000)
    Start of the project - August 7, 2014
    Project website - itusnetworks.com
    Project page on Kickstarter

    Chips :
    excellent work with the press
    image
    flexible goal visualization
    image

    Video - Studio





    myIDkey: Passwords at the tip of your finger

    MyIDkey flash drive with biometric
    data protection
    has a fingerprint scanner and recognizes the voice of the owner. The screen displays the desired information by voice command. If necessary, you can delete all the contents by pressing the button located on the USB flash drive. The main task of this device is to store passwords and keys, but in principle there are no restrictions. You can connect to other devices via USB or Bluetooth.

    The most interesting feature is the erasing of information with one button. Encryption - AES 256. It is also possible to recover lost data from a backup that was previously made and saved on a PC or in the online cloud.



    The project attracted 1,281 backers per day , who invested $ 132,800 in the project.

    Fees - $ 473,333 ($ 150,000)
    Project start - February 20, 2013
    Project page on Kickstarter

    Video - studio


    Chips :
    press
    image
    award visualization
    image
    flexible goals
    image





    More crowdfunding projects, but not from Kickstarter


    The TrueCrypt Audit (Indiegogo)

    image
    Fees - $ 46,420 ($ 25,000)
    Start of the project - December 2013 Indiegogo
    project page

    The idea of ​​conducting a TrueCrypt audit and at the same time tidying up its code, license and assembly procedure on all platforms arose in the wake of the story with total wiretapping by the US National Security Agency, which became known thanks to Edward Snowden. The publication of information on the activities of the NSA has raised many concerns about the availability of special services bookmarks in open cryptographic products.

    A group of cryptographers who audited the source code for TrueCrypt disk encryption software completed work in April 2015. A full 21-page report was published on the Open Crypto Audit Project website.

    image
    During the audit of the code, 11 errors were detected - none of them critical, four errors of medium danger, four - low and three in the informational category - that is, practically insignificant in terms of security. In the 32-page report ( PDF ), for clarity, the bugs found are summarized in a diagram for signs of risk and ease of use.

    Chips :
    Original description of awards for bakers. The


    peculiarity of the project is that the result of the project is “a little ephemeral”, this is not a product, or even a training course, but a report.

    Articles and discussions on Habr once , two
    Article in Computerra: TrueCrypt: audit passed, the intrigue is saved
    Article in Xakep.ru:TrueCrypt Audit Completed: Everything is OK
    Strange Consequences: The TrueCrypt Website Announces the Closure of the Project and Suggests Switching to BitLocker




    Bitcoin Dark Wallet (Indiegogo)



    Anonymous, protected from any snooping bitcoin wallet. The first plan was to release a lightweight extension for the Firefox and Chrome browsers.

    Behind the development of Dark Wallet is the 26-year-old American programmer Cody Wilson (Cody Wilson),
    widely known as the creator of the world's first gun, fully printed on a 3D printer , as well as the British programmer Amir Taaki (Amir Taaki). They lead a team of several Internet activists and developers who calls themselves unSystem.

    The basic principle of work of Dark Wallet is based on the so-called CoinJoin Bitcoin “laundering” mechanism. With its help, any transaction - whether it’s buying socks or drugs for bitcoins - is protected from tracking, mixing with the transactions of other wallet users.

    “I want to have a completely anonymous means for paying with bitcoins any goods on the black market. These can be over-the-counter drugs, soft or hard drugs, or weapons. Yes, bad things sometimes happen on the shadow Internet. Freedom is a dangerous thing. Dark Wallet is a real nightmare for law enforcement. They believe that going into the shadows is a big problem. But with Bitcoins, this departure cannot be avoided. ” Cody Wilson, Dark Wallet Developer


    image
    The latest version of Dark Wallet simultaneously contains an independent peer-to-peer bitcoin exchange. Here, users can buy and sell bitcoins, while the development team plays the role of arbiter (third party).

    Fees - $ 52,075 ($ 50,000)
    Start of the project - autumn 2013 Indiegogo
    project page

    Accepted contributions in both dollars and Bitcoin
    image




    Novena - [BUNNIE] 'S Open Source laptop (Crowdsupply)

    A laptop developed in accordance with the principles of Open Hardware.
    image
    hackaday.com/2014/01/12/bunnies-open-source-laptop-is-ready-for-production
    www.crowdsupply.com/sutajio-kosagi/novena

    The story began in 2012.
    image
    Andrew Huang, a well-known free hardware activist recently honored with the 2012 Pioneer Award, presented his new Novena project, which began the development of a laptop that was developed in accordance with Open Hardware principles. The motherboard used in the laptop, as well as the battery management board, will come with full provision of circuits and specifications, distributed under free licenses. Using the published open circuits, any manufacturer, if desired, can arrange the production of components prepared by the project and take part in their development and development.

    The documentation and guidance for creating software for Novena (including software already created) will be open. So from the components it will be possible to assemble not only a laptop (with any size of the display, case and a set of accessories), but also a router, and everything else that you want.
    image
    Novena is based on a 1.2 GHz quad-core ARM processor and Xilinx FPGA . And here is a special Linux distribution for this laptop.

    Project Launch - April 2014
    Fees - $ 783,055 ($ 250,000)
    Project Page on Crowdsupply

    Video


    Chips:
    well thought out and well written Stretch Goals
    www.crowdsupply.com/kosagi/novena-open-laptop/stretch-goals

    We’re very flattered to have reached almost 70% of our goal already and would like to thank our supporters. A lot of people have reached out to us to extend Novena and make it even better, and so we’re offering these stretch goals to provide you an even better open laptop.

    Partnering with Jon Nettleton for Open 2D/3D Graphics Drivers on Novena: +$50k ($300k total) [COMPLETE AS OF MAY 12!]

    We designed Novena to be the most open platform we could practically build. The hardware blueprints and software source code are available for download. The entire OS is buildable from human-readable source, and requires no binary blobs to boot and run well. However, there are elements of the i.MX6 SoC that lie dormant, due to a lack of open source drivers. In particular, the 2D/3D graphics accelerator in the i.MX6 has closed-source drivers. While we don’t force you to use these closed-source drivers, a major impediment to us being “libre” is the lack of open source drivers for these components.

    We’re excited to announce a partnership with Jon Nettleton, an expert on Linux graphics drivers, to enable this crucial piece of the libre puzzle. Here is a short statement from Jon Nettleton himself on the prospect:

    Novena Backers and OSS enthusiasts,
    I am very pleased to announce myself, Jon Nettleton (a.k.a. jnettlet, linux4kix), as a stretch-goal partner for the Novena Project. I will be taking on the task of assuring that the shipping Novena platforms will not require a binary userspace driver for 2D/3D graphics acceleration.

    Utilizing my experience working on Linux graphics drivers along with my strong community involvement, I will be making sure that contributing developers have everything they need to keep the Etnaviv driver project moving forward.

    To accomplish this we are requesting an additional $10,000 of funding. This additional capital will be used to not just fund my development effort, but to also provide incentives for other contributing developers. It will also benefit me the time to coordinate with other hardware vendors interested in supporting an open source graphics driver implementation for the Vivante chipset, and getting them involved. There is no “US“ and “THEM” in this effort. “WE” will bring to fruition a modern graphics accelerated desktop platform for the Novena Project.

    Therefore, if we can raise $50k over our original target of $250k, we will donate the $10k that Jon needs for the effort for providing open 2D/3D graphics drivers for the Novena platform. The remainder of that raised will be used to help cover the costs of building the hardware you ordered.

    Significantly, since this is an open source effort, everyone in the i.MX6 community can benefit from the outcome of this funding. Because of this, we’ve added a “Buy Jon a Six Pack ($30)” pledge tier (capped at 417 pledges) so that existing i.MX6 users who want to contribute toward this goal without buying our hardware can participate. For every dollar contributed to this pledge tier, we will give Jon Nettleton at least 80 cents, regardless of our ability to reach the first stretch goal. The other ~20 cents go toward compulsory campaign operation costs and financial operator transaction fees.

    General-Purpose Breakout Board: +$100k ($350k total) [COMPLETE AS OF MAY 16!]
    image

    We include a FPGA and a nice high-speed connector, but many users just want to toggle a GPIO or take a simple analog reading without having to design and build a PCBA from scratch. If we can raise an additional $50k over the previous stretch goal, we will include a General Purpose Breakout Board (GPBB) with every piece of hardware we ship.

    The GPBB buffers 16 FPGA outputs and 8 FPGA inputs to be compatible with either 3.3V or 5V, gang-selectable via software. It also provides six 10-bit analog inputs (up to 200ksps sample rate) and two 10bit analog outputs (~100ksps max rate), all broken out to an easy-to-use 40-pin male 0.1” dual-row header.

    The GPBB is handy for all kinds of control and sensing situations. Because the GPBB is backed by a powerful FPGA, each of the buffered FPGA output lines can be programmed for a wide range of applications. For example, an FPGA output could be configured as a precision PWM channel with hard-real time feedback control for demanding robotics motor driver applications. Or it can be used to interface with bespoke serial protocols, such as those found in modern LED strip lighting.

    For users who don’t want to muck with FPGA code and prefer to grapple a GPIO from the command line, we have user-space drivers for the board prepared in Linux, through a combination of the Linux GPIO API, and the Linux I2C API. As a result it’s a snap to script up simple applications using your favorite high level language.

    Significantly, the GPBB isn’t vaporware – we developed this board originally for use as a breakout for production testing circuit stickers from our Chibitronics product line. At this very moment, the GPBB design is being used to drive mass production of circuit stickers.

    ROMulator Breakout Board: +$150k ($400k total) [COMPLETE AS OF MAY 16!]
    image

    We designed Novena to be a versatile hacking tool. Case in point, last December we reported results at 30C3 revealing a secret knock that can allow arbitrary code execution on select SD card controllers. We discovered this in part with the assistance of Novena.

    We used Novena as a ROMulator – a FLASH ROM emulator. For this application, we developed a flexible PCB that’s so thin, it can be soldered in between a TSOP FLASH ROM and the underlying PCB. In this mode, we can use the FPGA built into Novena to snoop the traffic going to and from the FLASH ROM.

    Alternately, the FPGA can be used to emulate a ROM device using its local 256 MiB of DDR3 memory. Since the DDR3 controller implementation is multi-ported, during ROM emulation one can inspect and modify the ROM contents on the fly without disrupting target operation. This has a number of powerful applications, from ToC/ToU attacks to speeding up firmware development on devices that load from NAND.

    If we can raise an additional $50k over the previous tier, we’ll include a ROMulator Breakout Board (in addition to the General Purpose Breakout Board) with every piece of hardware shipped.

    MyriadRF Software Defined Radio: +$250k ($500k total) or >200 backers for the desktop/laptop/heirloom version [COMPLETE AS OF MAY 16!]
    image

    Software! Defined! Radio! We’re very excited to offer the possibility of teaming up with MyriadRF, to provide a custom-made SDR solution for Novena. Their open hardware SDR solution operates in all the major radio bands, including LTE, CDMA, TD-CDMA, W-CDMA, WiMAX, 2G and many more.

    The retail price of the MyriadRF is $299, and MyriadRF has graciously pulled strings with their fabrication partner and enabled a low minimum order quantity of 200 units to build this custom version for Novena. If we can clear a total raise of $500k or at least 200 total backers for the desktop/laptop/heirloom version, we’ll include with every desktop/laptop/heirloom version a MyriadRF SDR board. Since the MyriadRF is such a high ticket-item, only desktop and higher tiers are eligible to receive this reward.

    Significantly, the MyriadRF extends beyond the front of the Novena case, so part of the money from this tier is going toward buying the extra tooling to provision a removable panel on the front edge of the case, so that when the SDR module is installed it can comfortably hang out of the case, giving easy access to the U.FL RF connectors.

    Thanks for your support!

    bunnie and xobs


    mass media
    WIRED
    “The project is part of larger movement towards open source hardware.”

    Mashable
    “A Linux-powered machine where every component can be modified by the user. Anyone who owns one will be able to rewire and reprogram individual components.”

    VentureBeat
    “The machine is designed to be open, flexible, and powerful.”

    Tested
    “It’s the most ambitious attempt yet at a fully open hardware platform.”

    VentureBeat
    “It seems like something you just wouldn’t do or couldn’t do on a commercial laptop.”

    The Next Web
    “The actual design of the laptop itself is fully open, and users can adapt it to suit any other use cases they can think of.”

    Boing Boing
    “I’ve put in for one of the laptops. I can’t wait.”

    Laptop Mag
    “Appealing to hardware hackers, a new build-your-own laptop kit, called Novena, puts you in the manufacturer’s seat.”

    Tecmundo
    “developed for those who want to build your own computer without having to be limited to the choices made by various manufacturers in the market.”

    Backerjack
    “This is a compact, modifiable solution for any kind of software or hardware development needs.”

    Adafruit
    “They’ve worked on many Adafruit products/projects and an open source hardware laptop needs to be celebrated.”

    Makezine
    “The World’s First Open Source Laptop Makes Its Debut.”

    PC World
    “Allows users to drop in their own components and reprogram the machine as they see fit.”

    GEEK
    “Novena took the form of a laptop you could build yourself.”

    IDG CONNECT
    “Crowdsourcing Innovation: Andrew “Bunnie” Huang.”

    liliputing
    “Novena is designed from the ground up with openness in mind.”

    Linux.com
    “Novena is more than just an open hardware laptop; it’s designed from the outset to be a flexible compute platform”

    TechCrunch
    “Huang knows hardware, and this is one of the coolest projects he’s done”

    The Next Web
    “This is proof of the demand that exists among developers who want the freedom of doing hardware experiments.”



    Competition





    Everyone, for sure, has friends who are conducting experiments with cold fusion in the garage .
    Perhaps they want to bring their project to a crowdfunding platform, or maybe they (like proud hedgehogs) should be kicked for this well.
    Briefly share the essence of the project (in comments or by e-mail alexey.stacenko (dog) gmail.com), but for our part, being biased and inadequate, we will give two invites to the course on creating a campaign on Kickstarter . One invite to the most beautiful girl to the author of the project, and the second to the one who “passed it”. (priority for projects in the field of information security and OpenSource)

    Already one project on its own surrendered.
    catalytic afterburner
    image

    Прямая подача тепла сгорания топлива (воздуха) в помещение без использования теплообменников (котлов), теплопроводов (труб), тепловыделителей (радиаторов), с очисткой воздуха (продуктов сгорания) катализатором.

    image