SecDocs Feed for author Felix Domke

[Audio] Distributed FPGA Number Crunching For The Masses

Sat, 21 Apr 2012 06:40:25 +0200

Authors: Felix Domke
Tags: cracking FPGA
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: In 1998, the EFF built "Deep Crack", a machine designed to perform a walk over DES's 56-bit keyspace in nine days, for $250.000. With today's FPGA technology, a cost decrease of 25x can be achieved, as the copacobana project has shown. If that's still too much, two approaches should be considered: Recycling hardware and distributed computing. This talk will be about combining both approaches for the greater good. A number of projects (Copacobana, Picocomputing) have shown that with today's technology enough brute force computing power to break limited keylength ciphers (like DES) is affordable even for small companies. But what about Joe Geek at home? Recycling FPGAs is one option (nsa@home), distributed computing another (distributed.net, ...). This project combines both approaches, developing a toolchain that can be used to prototype a project on a low-end FPGA (or even in a free simulator), and then scaling up the effort across different implementations onto a large number of devices. An example client implementation uses an FPGA in a widely available consumer device to provide computing power when the device is in standby. Another approach that will be discussed in detail is how to obtain decommissioned high-end FPGA-based hardware. We will have hardware to show with a live demo!

[Slides] Distributed FPGA Number Crunching For The Masses

Sat, 21 Apr 2012 06:40:25 +0200

[Video] Distributed FPGA Number Crunching For The Masses

Sat, 21 Apr 2012 06:40:25 +0200

[Paper] Blackbox JTAG Reverse Engineering

Thu, 11 Feb 2010 06:13:32 +0100

Authors: Felix Domke
Tags: reverse engineering hardware hacking
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: JTAG is an industry standard for accessing testmode functionality in almost any complex microchip. While the basics of JTAG are standardized, the exact implementation details are usually undocumented. Nevertheless, JTAG often allows you to interact with the chip very deeply, which makes it very interesting since it is often easily accessible thanks to the small pincount. This talk covers reverse engineering of JTAG interfaces when no or only limited documentation is available. JTAG is an industry standard for accessing testmode functionality, and is available on almost any complex microchip. It is often for functional testing while doing wafer sort, during board production, product development and service. While the basics of JTAG are standardized, the exact implementation details are usually not available in public datasheets. Very often, even when signing a vendor NDA, only limited parts of JTAG will be documented (like boundary scan and the CPU debug interface). JTAG, however, often allows a much deeper interaction with the chip, and often, security is falsely established though obscurity by providing undocumented testmodes. JTAG isn't only available on CPUs, but also on a lot of other peripherals, which turns them into an interesting target if they provide busmaster access to a system bus.