|
|
|
|
|
|
by WhiteDawn
1039 days ago
|
|
|
Great post! I find the quote from Bunnie in the blog pretty relevant: “The JTAG boundary scan approach was rejected on the grounds that the TRST# pin, used to hold the JTAG chain in reset, was tied active in a manner that was difficult to modify without removing the processor.” Gives me flashbacks to simpler times where disk based systems lacked any real form of DRM because of the assumption that a consumer wouldn't be able to afford to press their own CD-ROMS. Maybe still not as easy as burning a CD-R, but BGA rework stations have come down in price and utility enough that they are practical for the semi-serious tinkerer. Most modern designs account for this, but I wonder if other techniques, maybe like decaping or some future unknown, will start to open new, simple, vectors of attacks on our hardware today. I don't really have a point to make here I guess, just that most assumptions made today tend to not quite work out as expected, and that's kinda neat. |
|
|
Things like laser glitching are feasible in the $thousands range and power or RF glitching is in the $hundreds range.
With low cost fiber laser cutters and etchers, lots of techniques can be applied. I imagine with the high resolution X-ray stuff starting to come onto the used market, lots of things for hardware hacking will become extremely affordable.