BugTraq
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack Feb 11 2013 09:11AM
Adam Laurie (adam algroup co uk) (1 replies)
Re: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack Feb 12 2013 10:32AM
Adam Laurie (adam algroup co uk)
On 11/02/13 09:11, Adam Laurie wrote:
> The Atmel AT91SAM7XC series of microprocessors contain a crypto
> co-processor which is DES and AES capable. They include a write-only
> memory for key storage and multiple physical security measures to
> prevent decapping etc.
>
> However, due to poor memory management, in certain circumstances it is
> possible to recover the crypto keys from a live system via the standard
> JTAG programming interface. These circumstances are made more likely to
> exist in the wild by the fact that the example software provided by
> Atmel is itself vulnerable.

It has been pointed out that in fact the example code is not vulnerable
due to a subtlety in variable declaration. I have amended the post to
take this into account, and apologise for the mis-information. However,
the point about lack of clarity on this issue still stands, and, as
we've seen, the potential for error still exists.

>
> Full story here:
>
>
> http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processo
r-key.html

cheers,
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 20 7691 7776
61 Victoria Road
Surbiton
Surrey mailto:adam (at) algroup.co (dot) uk [email concealed]
KT6 4JX http://rfidiot.org

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus