Tag: Hardware

Disclaimer. This article is for informational purposes only and is not intended to instruct or encourage any illegal activity. Our goal is to describe the existing vulnerabilities that can be exploited by attackers, to warn users, and to provide recommendations on how to protect their personal information online. The authors are not responsible for how the information is used. Remember to always prioritize the security of your personal data.

When developing hardware solutions based on microcontrollers (MCUs), manufacturers seek to protect their firmware from falling into the hands of attackers, because it may contain sensitive information, encryption keys, unique valuable algorithms, and so on. To achieve this, most microcontrollers implement flash memory readout protection technologies. But do they really provide sufficient protection?

Hi there, it’s Positive Labs! Here we perform different kinds of embedded R&D. Regretfully, most of the cool stuff is not allowed to be shared due to the NDA, but I still want to introduce you to the awesome adventurous spirit of our lab. It happens that my current job is pretty similar to my long-time hobby, the security research of game consoles. So it’s high time to continue my Xbox 360 trilogy[1][2][3] (Rodrigo Copetty has a really good summary of it here). Yup, today’s topic is how the most used Xbox 360 modding method, RGH3, was born.

Did I ever tell you what the definition of insanity is? Insanity is doing the exact… same ******* thing… over and over again expecting… **** to change… That. Is. Crazy.
Far Cry 3

Intro

The peripheral device industry has once again sacrificed security in the name of speed. Media sizes have risen dramatically, and with them the requirements for how fast we can process media. It just takes too long to copy hundreds of gigabytes of RAW images, even with Ultra High Speed 2 (UHS-II) SD cards. And so the SD Association heard the cries of DSLR geeks, and made a move. They released SD Express¹.

Our team at Positive Labs have embedded and system security as a main focus, so we’ve kept our eyes on this development. The standard was in fact published in 2018, but SD Express hasn’t gotten much traction since — until recently. Which is somewhat sad — the speed gains are enormous. But speed is not what got our attention — the way it’s achieved is. It appears that the “express” bit in the name stands for “PCI Express”, and when we hear “PCI”, we think “A-ha! Possible memory access!”.

But alas, nobody wanted to integrate SD Express into their consumer electronics until around 2022. We’re even beginning to worry — maybe this time they’ll be serious on the DMA threat front, and everything will be secure and locked up.

So while we wait for more devices to implement it (or for the industry to abandon it), we will talk about why the honorable PCI bus gets so much of our attention.