[Cryptography] Fwd: Open Source USB stick for cryptography

Joshua Marpet joshua.marpet at guardedrisk.com
Tue Jan 14 23:49:30 EST 2014


Howdy Josh,

I'm too damned busy these days to join any new projects, but I'm happy
to provide some pointers.  Please forward this to the list if you
think that'd be handy, and also tell them that I'm happy to contribute
free Facedancer PCBs toward their effort.

My solo disk work is available as the video of my talk from 29C3 and
as a short article in Poc||GTFO 00:02, which can be found by googling
for pocorgtfo00.pdf.  The first covers active disk antiforensics with
a Facedancer board, and the second with an iPod running Rockbox.
Sadly, I never got around to finishing my blog post from 29C3, so
suffering through that long video is necessary.  (I'm a sinner, I
know!)

I also did some work on replacement firmware for a Seagate drive with
Jonas Zaddach and a few other fine folks.  We were making a remotely
accessible backdoor, but the exact same principles can be used to
patch the antiforensics tricks that I mentioned at 29C3 and in
PoC||GTFO into a real disk.
https://archive.org/details/Acsac13Zaddach

There's not much value in doing an FPGA, as fast microcontrollers with
excellent USB controllers are cheap and plentiful.  I still think that
the best way to do it is with antiforensics destroying the information
on detecting tampering, but an excellent and well verified crypto
implementation in a smart card chip might remove the danger of
accidentally triggering a disk's self destruct.

It will also be worth looking at Bunnie's talk from 30C3, where he
reverse engineered an SD card's controller chip.  Patching a perfectly
vanilla, hello-kitty-branded card is definitely the best way to do
this in the field, and his lecture provides a damned good resource for
that.


Drinks in Philly the next time I make it to Samland?

Cheers from München,
--Travis


On Mon, Jan 13, 2014 at 12:06 PM, Joshua Marpet
<joshua.marpet at guardedrisk.com> wrote:
> The Metzdowd cryptography mailing list was making noises about epoxying
> chips on a USB stick, and  i coughed and mentioned you.  They asked.
>
> " I Googled him and saw his recent blog
> posts.  He seems like quite a brilliant hardware hacker.
>
> I'd be interested in his thoughts on an open-source usb stick for
> crypto.  Would he go totally open, making everything probable, or
> would he encase it in epoxy?  Is there value in making the
> microcontroller an open-source synthesized core in an FPGA, or can we
> trust an Atmel microcontroller?  Do we really have to have an external
> ppwer supply, because that wont fit in my pocket?  Is this whole idea
> a waste of time, or is it doable in a useful way?"
>
> If you want to get involved, these are some serious crypto people, but
> mostly people without funding.  Lots of academics, Silent circle people
are
> on there, just figured I'd mention it.
>
> J
> --
>
> Joshua A. Marpet
>
> Managing Principal
>
> GuardedRisk
>
>
>
> Before the Breach and After The Incident!
>
>
> 1-855-23G-RISK (855-234-7475)
>
>
> Cell: (908) 916-7764
>
> Joshua.Marpet at guardedrisk.com
>
> http://www.GuardedRisk.com
>
>
>
>



--
.us +1.267.401.2597
.de +49.152.23.90.76.92



-- 

*Joshua A. Marpet*

Managing Principal

*GuardedRisk*



*Before the Breach **and **After The Incident!*


1-855-23G-RISK (855-234-7475)


Cell: (908) 916-7764

Joshua.Marpet at guardedrisk.com

http://www.GuardedRisk.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140114/997515c6/attachment.html>


More information about the cryptography mailing list