Wednesday, December 22, 2010

Atmel SecureMemory Key Cracker

A couple of years ago, Atmel started selling EEPROM chips dubbed as "SecureMemory" (AT88SC153, AT88SC1608). These chips are still in use today on many contact smartcards and other devices.
Data sectors on that device can be read-/write-protected by requiring a proprietary challenge-response authentication. In addition, these devices also feature a basic password protection which is reasonably easy to circumvent as flylogic has demonstrated. The challenge-response authentication algorithm is vulnerable to a unroll/meet-in-the-middle attack to the effect that the secret key can be guessed from only a few eavesdropped authentication sessions - researchers from the Radboug University Nijmwegen have published a paper on this a couple of months ago.
I've implemented their attack and recovered keys of several such devices successfully. However, an even more primitive, yet effective vulnerability is a man-in-the-middle attack: an attacker can easily take control of the bus after the authentication / password verification has taken place and inject data at his will. It's not hard to come up with some piece of hardware that does just that.  This is also a successful attack against the successor family, the AT88SC...C devices, which implements a slightly better authentication scheme.

Tuesday, December 21, 2010


I've been poking around in the BIOS of a Fujitsu Lifebook A530 (source).
What is wrong with this function: