lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <511A1A3C.5010501@algroup.co.uk>
Date: Tue, 12 Feb 2013 10:32:28 +0000
From: Adam Laurie <adam@...roup.co.uk>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: Atmel "secure" crypto co-processor series
 microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack

On 11/02/13 09:11, Adam Laurie wrote:
> The Atmel AT91SAM7XC series of microprocessors contain a crypto
> co-processor which is DES and AES capable. They include a write-only
> memory for key storage and multiple physical security measures to
> prevent decapping etc.
>
> However, due to poor memory management, in certain circumstances it is
> possible to recover the crypto keys from a live system via the standard
> JTAG programming interface. These circumstances are made more likely to
> exist in the wild by the fact that the example software provided by
> Atmel is itself vulnerable.

It has been pointed out that in fact the example code is not vulnerable 
due to a subtlety in variable declaration. I have amended the post to 
take this into account, and apologise for the mis-information. However, 
the point about lack of clarity on this issue still stands, and, as 
we've seen, the potential for error still exists.

>
> Full story here:
>
>
> http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processor-key.html

cheers,
Adam
-- 
Adam Laurie                         Tel: +44 (0) 20 7993 2690
Suite 117                           Fax: +44 (0) 20 7691 7776
61 Victoria Road
Surbiton
Surrey                              mailto:adam@...roup.co.uk
KT6 4JX                             http://rfidiot.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ