HACKABLE SECURITY MODULES

More documents

Recommendations

Info

MASTER BACKUP KEYS 256 bit AES or 128 bit (?) 3DES Key Used to encrypt backups of cryptographic keys Can be split into many shares using an n out of m scheme (XOR for 2 out of 2, Shamir's Secret Sharing otherwise) Keys inside the HSM are not encrypted using the MBK but using the Device Key
TOOLS csadm: Command line tool to manage both PCIe and Network HSMs p11tool2: Command line tool to use the PKCS#11 API cxitool: Command line tool to use the CXI API cat / p11cat: Java versions of the above
Page 1 and 2: HACKABLE SECURITY MODULES: REVERSIN
Page 3 and 4: OUTLINE What is an HSM and HSM secu
Page 5 and 6: USAGE Securely store cryptographic
Page 7 and 8: BIG PLAYERS Gemalto Bought Safenet,
Page 9 and 10: BIG PLAYERS Utimaco Primary target
Page 11 and 12: WHERE ARE THEY USED?
Page 13 and 14: DNSSEC Root Zone operators store ke
Page 15 and 16: ONE DOES NOT SIMPLY Implement serio
Page 17 and 18: GENERAL INFORMATION As HSMs are use
Page 19 and 20: FIPS 140-2 Defines 4 different secu
Page 21 and 22: FIPS 140-2 FIPS 140-2 validation ha
Page 23 and 24: COMMON CRITERIA Interesting fact: I
Page 25 and 26: VARIOUS MODELS OF THE CRYPTOSERVER
Page 27 and 28: THE HARDWARE Network HSMs are Linux
Page 29: DEVICE KEY A single key created whe
Page 33 and 34: USERS Every user has: An authentica
Page 35 and 36: COMMUNICATION PROTOCOL Custom commu
Page 37 and 38: FORMAT A single blob in a custom .m
Page 39 and 40: MTC FILES Individual firmware modul
Page 41 and 42: MTC FILES $ binwalk adm_3.0.18.1_c5
Page 43 and 44: MTC FILES $ hexdump -C adm_3.0.18.1
Page 45 and 46: MTC FILES $ strings csadm | grep CO
Page 47 and 48: MTC FILES Now what???
Page 49 and 50: MTC FILES We can now extract the CO
Page 51 and 52: MTC FILES
Page 53 and 54: MTC FILES (Insert multiple slides w
Page 55 and 56: THE TMS320C64X DSP Steps to write o
Page 57 and 58: BLOCK DIAGRAM
Page 59 and 60: PARALLEL EXECUTION 8 execution unit
Page 61 and 62: REGISTERS A0-A2,B0-B2 are also cond
Page 63 and 64: DELAY SLOTS Most instructions are e
Page 65 and 66: REVERSING TOOLS Still wondering why
Page 67 and 68: ABI - CALLING CONVENTIONS No stack
Page 69 and 70: ABI - REGISTERS 12 callee-saved reg
Page 71 and 72: IMPLEMENTING THE DISASSEMBLER We kn
Page 73 and 74: THE CAPSTONE DISASSEMBLY FRAMEWORK
Page 75 and 76: WHERE DO WE START? Clone the projec
Page 77 and 78: THE TABLEGEN FILE Let's first gener
Page 79 and 80: WHAT'S ACTUALLY NEEDED? In our case
Page 81 and 82:
HOW DO WE DEFINE REGISTERS? Simple,
Page 83 and 84:
HOW DO WE DEFINE OPERANDS? def memo
Page 85 and 86:
HOW DO WE DEFINE INSTRUCTION CLASSE
Page 87 and 88:
HOW DO WE DEFINE INSTRUCTION CLASSE
Page 89 and 90:
HOW DO WE DEFINE INSTRUCTIONS? defm
Page 91 and 92:
LETS FINISH THIS THING!
Page 93 and 94:
PROBLEMS FACED Instructions that us
Page 95 and 96:
CONGRATULATIONS! We have a disassem
Page 97 and 98:
REVERSING THE FIRMWARE Let's check
Page 99 and 100:
REVERSING THE FIRMWARE We've got sy
Page 101 and 102:
CAN WE PROFIT? These products are m
Page 103 and 104:
EXTRACTION OF MBK DATABASE BACKUP S
Page 105 and 106:
WHAT ABOUT OTHER BUGS? All the code
Page 107 and 108:
DOWNLOADS Reversing tools: https://
show all

HACKABLE SECURITY MODULES

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?