Attn: Entire SX family unsecure to light attack!

SxPilot450

Hello,

Recently, I was investigating the security of the SX28 device from Ubicom.· I admired the floor plan of the layout where-as there was a ram and a flash area to the left with pure-logic all over on the right (no sign of microcode anywhere unlike a PIC).

While the security/config fuses were no so obvious without delayering, I found that the by simply focusing light over the fuse area, you can dump any locked SX device!· In order to do this, the attacker must know how to open your chip up which is tedious.· Once opened, the attacker needs to only focus a halogen lamp into the corner of the die.· Leaving the light on, he tells the device to read out.· 3 of 5 reads will result in the true code of the SX device!@!#@!

Coder BEWARE!· This is no lie!

Paul Baker

This phenomenon exists with any microcontroller using a fuse to protect code where a blown state (ie protected) is represented by a depleted gate. The light causes the formation of hole-electron pairs, and one of the two moves into the silicon while the other stays near the surface (my recollection is too hazy to remember which, but I think the electrons moved into the silicon). This causes a depletion and accumulation region within the polysilicon gate and can turn on the transistor. All silicon transistors exhibit this behaviour, each acts like a weak phototransitor when exposed to light. Have PICs passed a similiar test? One problem with this is all transisotrs exposed in this way would be affected, possibly corrupting the operation of other chip functions, a well focused IR laser would produce even more predictable overrideing of the security fuse.

SxPilot450

This is normal LOW halogen output coming down through the objective onto the die.· The fuses are protected by M3's metal planes so the light is not affecting the actual cell itself.·

This is an unexceptable result.· Most chips act funny under high intesity light from your obhective and you can turn the light down and all is well.· In this case, the chip unlocks itself and returns the correct user-code from inside if you just put a dimmed light source in the corner of the die!

You don't know me from Adam but I eat silicon for my meals.· I normally post on Avrfreaks and to be honest, I love the AVR but I study all kinds of micros not just Atmels.

Good day!

Paul Baker

Gotcha, it is peculiar behavior for this to happen with low levels of light. If you remove the light does the fuse return to locked status or does it remain unlocked?

It is possible that a transistor connected to the fuse subcircuit but not protected by the metal 3 layer is causing this problem, if the logic which drives the security setting signal is being thrown into an artificial state, the fuse could be bypassed. If this were the case then it would fall into the "unanticipated design flaw" catagory.

Post Edited (Paul Baker) : 5/5/2005 11:39:01 PM GMT

SxPilot450

Looks like it Paul. Removal of the light returns the chip to a locked state. They would appear to latch their state (locked or unlocked) on a reset edge else I would expect to see a mix of scrambled output with good output (as almost all other chips do).

This could be the downfall of the SX because exposing the bare die is nothing unusual for persons in my line of study. This is something Sergei Skorbotov would have loved to have added to his paper he recently released. Looks like he never caught this because he rated the SX with decent security (and it has decent security since the fuses are buried under M3 and out of plain sight. It takes a wet-etch with HF to remove M3 and only then if you understnad semiconductors would you spot them.

James Newton

I am very curious to know if PICs are any more secure... I don't assume SxPilot450 has engaged in cracking of PIC, or SX's for that matter, but it sounds as if you know your way around it. Are you aware of any security issues with the PIC parts?

My reason for asking is this: People who have been working with SXs and who are concerned about their products being duplicated, are going to want to know if they can migrate to PICs and feel safer. I would like to have some idea of what might be a reasonable answer.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
---
James Newton, Host of SXList.com
james@sxlist.com 1-619-652-0593 fax:1-208-279-8767
SX FAQ / Code / Tutorials / Documentation:
http://www.sxlist.com Pick faster!

SxPilot450

I do know the PIC's very well in fact they do not have this problem (nor any other current microcontroller I know of). The problem with PIC microcontrollers is their configuration fuses are too easilly spottable. On the newest devices you can delayer the chips and spot them right away.

New or old PICs are not very secure.

James Newton

So, we know Ubicom is NOT going to change the die (see other threads on this forum) and I assume that means there is no way this SX vulnerability is going to be corrected.

We also know that PICs are vulnerable in other ways (and I have heard that from any number of sources) so we don't really have anywhere to go.

That leaves the question: What can we do about it? Probably nothing, but here is an idea that may or may not be useful:

- I believe you can use an external osc that does not depend on drive from the SX, (I haven't done it personally) and it may be possible to blow the bond out wire on the OSC2 pin by applying a quick pulse of high voltage (this has been done to the programming pin on some PICs) which renders the SX unable to report its programming via that pin. I would guess that if the SX has been opened up, it would still be possible to make contact with the OSC2 pad on the silicon, but maybe that is not so easy?

And finally there is the real question: Do we really care? As Sherlock Holmes said: "What one man can invent, another man can discover." The best defense is to produce the next generation code while your competitors are stealing the last generation.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
---
James Newton, Host of SXList.com
james@sxlist.com 1-619-652-0593 fax:1-208-279-8767
SX FAQ / Code / Tutorials / Documentation:
http://www.sxlist.com Pick faster!

Bean

James is right. No matter what you do, someone will find a why to get around it.
Bean.

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
"SX-Video Display Module" Available Now.

www.sxvm.com

"I thought I was wrong once...But I was mistaken [noparse];)[/noparse]"
·

Jon Williams

Exactly ... who has time to crack the lids off of chip to pull the code out of them, anyway?

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Jon Williams
Applications Engineer, Parallax
Dallas, TX· USA

Orion

Right on!

SxPilot450

Jon Williams said...
Exactly ... who has time to crack the lids off of chip to pull the code out of them, anyway?

I do!· I love to study semiconductors however I was expecting some kind of a challenge from Scenix.· I was alittle disappointed at no fight.

Just an FYI to fellow engineers out there.

Jon Williams

You have far more time on your hands than me!

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Jon Williams
Applications Engineer, Parallax
Dallas, TX· USA

LoopyByteloose

For what it is worth, there seem to be two world views. One is hostile, the other is peaceful. It really is up to the individual which one he prefers to evoke. S. Pilot450 seems to enjoy being engaged in a hostile world. Even though my communicative skills can fail at times, I personally don't.

Obviously this is something that could be resolved by some kind of armored packaging technology that would destroy the chip before access is gained.
I suspect it could be done if necessary, but I personally don't have so much invested or to hide in a SX chip. I am here to learn from others. It is a fellowship, a community.

In a hostile world, you are on your own. You have to think of everything. There are no friends, no teachers, no mentors. A Tibetian rinpoche once commented that paranoia is highly intellegent - but not truly wise.

Scenix may be wiser than this little scare.

I hope you get my drift. It is something like, "We all live in a yellow submarine."

▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
G. Herzog in Taiwan

Post Edited (Kramer) : 5/16/2005 3:27:45 PM GMT