>>Welcome! This is Secure Tokin’ and Doobiekeys: How to roll your own cou… counterfeit hardware security devices. Um, so I know it was a really, really long line to get in so I know a lot of you sat through that last talk just to be here. Right? Just to make sure you got a really good seat in the front row? [audience hollers] I'm sure of that, right? Yea. Okay I thought so. [audience applause] Um, so I'm securelyfitz, this is r00tkillah and he’s figuring out how to use Lennox to display. And, uh, you can push a button somewhere, it makes that change. Um. [inaudible] Whoooa. Man I can't see it but that's okay. That's okay. I don't know, I just talk anyway, so. Anyway. That’s you. >>Oh! >>Woo! >>Okay. Hi. Uh, um… I'm Mike Leibowitz also known as uh, I.. Awesome. There’s actually a screen there too so I can see everything. Uh, my name is Mike Leibowitz. I work for uh, a large time conductor company. Uh. I work for Intel. And Uh, they’re likely to say that, uh, all of the… all of the things I present are not a representation of Intel and not their opinion. And all the, all of the uh, registered trademarks of all of the things that we show are theirs and we make no claim. Um, you know. And my day job is uh, is working on the red team there. I, I hacked the mothership and then the rest of the time I just fooled around with electronics and uh, submitted the DEF CON CFPs. >>So I'm Joe Fitzpatrick. Um, I used to work for a large time conductor company so now I can say whatever the f**k I want. [audience laughs] Um, I do hardware hacking, hardware security training and stuff. I own a pair of shoes with LEDs in them and a unicorn shirt. But that's not what I'm wearing today. Or at least now. I was wearing it yesterday but then that turned into today. You know how that goes. So, um yea but that’s that. You can find me if you want to. Uh I was gonna start out with a Call to Hacking. Um, So I'm just gonna read an excerpt from the, uh, first book of POC or GTFO. Um, uh, chapter 5, what, what is, 5? 7? Something, section 7 issue 5.. Whatever. Um. Dear Acolytes of electricity, let us spend a moment remembering the daily struggles from the time before enlightenment. For let us not forget that there was a time when even the most modest system upgrade required a screwdriver. And let us recall the dark moments when we were alone with DIP switches not knowing what to set or where to seek divine guidance. Thank you, Daniel, for letting me borrow this. So let's get on to what you uh, came here for. So wouldn't it be really cool if we had, like, some sort of magical device oh wow I can see it through the screen hanging up back there, that’s kinda neat. Sorry. Um, [audience laughs] it’s this cool device, uh it could encrypt things for us, it could authenticate things for us. Um, it authenticated us to others and pretty much solved all our insecurities, you know, whether they were digital, cyber, uh personal insecurities, whatever. This would be great. Um, and that, even better, like what if this thing only cost a couple dollars? It fit in the palm of our hand and it was easy to use. Like, this sounds great. And, um, wouldn't it be really lame if I turned this into a, a, a, like, a hardware sales pitch? Okay I won't do that. So, um, these things are all improvements and, um, we’ve got an RSA security token, a UB key in the middle and a TPM on the right. So, they're all improvements. They're all devices that allow us to use hardware stuff to make our software more secure, right? The problem is they're not magic and I'm gonna try to jump over to that mic right now so I can walk around because I don't like standing still. [inaudible speaking in the background] [laughter] So I'm gonna stand right here. Maybe I’ll walk around like this. [audience laughs] [mic noise] So, um, [laughter and applause] so anybody who’s, like, looked at a lot of the hardware attacks that can happen, um there are, uh, a lot of common attacks that people talk about, right? There is the evil maid attack, this is where you leave your laptop or your phone or your tablet in your hotel room and the evil maid comes in and fails to clean your room but does manage to implant some sort of hardware or software, something, on your laptop while you’re not there. There’s a supply chain, uh, attackers. Those are the ones who, like, go in and say “okay well you know, we know you buy these chips from this source so we’re gonna go and, like, uh swap out some of our malicious ones.” Um, or even like, you know, we’ll, we’ll go and, like, redirect all your packages from, you know, where you are to some strange warehouse in, uh, I don't know, North Dakota, and then back to you and modify things in the ware in the process. And of course there’s the end user hardware attacks. And when you think about a lot of the video game consoles and jailbreaking type things, a lot of times this is an end user who owns the hardware who just wants to use it for their own purposes. Um, but as a video game consoles, uh, vendor or a uh, cell phone network you kinda wanna protect, uh, against those end users actually using things that they bought because then all hell would break loose. So, yeah we also have common vectors. These are the ways people would usually get into hardware devices, so, right? Well you, we’ll go after the external ports, we’ll see, like, if we open up and we find some pins and also there’s some interesting cases where we might have counterfeit chips and the last thing would be, like, intrusive techniques. Like, you go and you decap your silicon and, like, shoot it with ion beams and lasers to modify how it works. So it’s kinda like, it gets very complicated very quickly and very expensive very quickly. But, who’s ever, like, seen someone say this? I'm sure I'm quoting someone that I don't remember. But, like, don’t attack the standard, attack the implementation. When you think about encryption, right? Encryption’s hard. Right? And people usually don’t get it right. So, the, the math is usually sound and mathematically proven but how people implement it is usually what's all messed up. Um, so, here though let’s, let’s be more specific. We’re not gonna refer to the hardware implementation, we’re gonna refer to the use cases and how people actually commonly use these devices. Because that happens to be a little bit different, uh, when you deal with hardware things than software things. So who’s seen one of these before? Who’s, who’s used one of these? Who, who hates these things? Okay. So, like, if you wanna hack, like, like, RSA, like, what’s the easiest way to do it? Right? A sortof extremely sophisticated cyber attack is really your best approach. So no one's gonna go after the hardware, you just do the phishing email. It works a lot better, it’s a lot cheaper. But that’s not why we’re here. We’re hardware hackers and we like to talk about the hardware that we broke and bricked and maybe even hacked successfully occasionally. So hardware can be hard but hardened hardware is harder. This is right off of RSA’s page about, like, what they expect in terms of, uh, hardware security or tamper resistance. That’s designed to withstand extreme physical conditions including temperature variations, submersion in water and mechanical shock. Right? So really, like, when they’re talking about hardware security they’re, like, talking about durability. Like, “you’re, you’re device is gonna keep working even if you spill water on it or spill beer on it.” Um, seriously, like, [audience laughs] we gotta realize that we’ve got a hardware device that is more privileged than our software stuff so maybe we should protect it a little more, be more careful with it. And they said, uh, submersion in water? Submersion in acetone seems to work a little bit differently. [audience laughs and applauds] So, I mean there’s, there’s a lot of ways to get this case open. We can go and we can , like, pry it off. We can get a dremel and cut it out. Um, there’s actually a little panel on the bottom that you can pop off that exposes the debug port, which, you know, normally that would be the interesting way in but we were thinking of a more destructive path. So, you know, when you… when you… when you have hardware to hack you usually wanna, like, grab, like, lots of things to, to break. And luckily nearly expired RSA tokens are really cheap on Ebay. So I think I bought a bag of, like, a hundred of them for twenty bucks. Um, and of course they’re all expiring they last for three years so three years after they were, um, provisioned, or something they stopped working. Um, but then you just hardware reset them and they start working again. Um, thanks Travis Goodspeed for figuring that one out. Um, so, when we talk about these things this is the model that we come up with. Like, okay… your computer might be owned but this token is separate and you’re not gonna own the token, right? Inside this, this little token is a master key that is used to generate these, these one time uh, codes that you’re supposed to enter. And we’re like, the mindset is this is what the attacker is after and that getting that key out is either gonna be really, really destructive meaning you’re gonna destroy the token. And now the person is gonna notice it’s missing and, you know, report it missing and then the infrastructure gets fixed. Or it’s gonna be really time consuming so you’re gonna have to take it away from the person for a matter of days, hours, something to, to destroy it or get the key off and then get it back to them in a way that they can’t notice that it has changed. Um, so, that’s kinda, like, how everybody thinks about these things but, let's take a different approach. What do we want? We want that verification code, that six digit pin. Right? And that needs to be output into some human readable form to actually use it, right? So why don't we just sniff and relay the display? So, we gotta open these up and start looking at them. Uh, they do have some anti tamper elements to them so, you know, if you, if you open up and show a bunch of wires sometimes they turn off. Or they, they put a little thing marking that they may have detected tampering. Um, so, you know, the first pass I went and I plugged this thing in and, and tried to start soldering it. I got about, you know, a dozen wires in when I realized it was no longer functioning so I said “Okay! Next one.” Um, I, you know, learned. And so what I did is I, you know, to, to give you an idea… I dremeled off the bottom of, or actually, r00tkillah dremeled off the bottom of the token. I taped it between two of these breakout boards and put, uh, little headers in there. And then I soldered little bits of wire between the pins and the headers. And that was a lot easier and, uh, worked pretty, pretty, uh, smoothly. One thing I always like to remind people, like, it looks… that I mean… this is a lot bigger on that screen than it is in real life. And it is kind of small, but, like, don't doubt soldering skills. Even if you don't have them, soldering skills are actually very readily available so you can find someone who’s really good at soldering to help you with these projects and, um, there are lots of people with fine soldering skills. So don’t, don’t rule that out. Don’t say “Oh, it's too small to solder, no one’s gonna hack this.” So I started looking at it and, uh, I used my logic analyzer on the bottom. And I look at all the pins, trying to figure out which is which. And sure enough I can see… I don’t know if you can see the, the resolution but we, we see two different patterns. We see, like, solid grey which is constantly going up and down. And then, like, light, or, dark grey which is where there’s a little bit of space between those toggles. Um, so if looking close it looks like this, right? When it’s on and off very fast, that display… that bit is being displayed. When it’s on and off very slow that bit is not being displayed. So if we take a look, we have that bar on the left side that bills every ten seconds another bar shows up. And sure enough if we look at our logic analyzer we can see… where is the mouse? Can I see the mouse? Oh well. Forget it. Um, we can see on the left side. We see one… uh, oh you don't use a touch pad? Why not? Um [laughter] so, you can see over here, um, that, you know, we’ve got this one that, that toggles right here switches on. And then ten seconds later if we look at the timing this one switches on. And then ten seconds later the next one switches on. So it’s pretty easy, like, once we get the wires stubbed out to figure out what this thing’s doing and how it can, uh, see how it’s going. So let’s make [inaudible] some pseudocode ‘cause pseudocode is about as technical as I would like to get. Um, is LCD on? We sample a pin three times at 128 hertz. If we get 101 or 010 we assume that it’s on, right? We return true. So LCD is on. This works because when we have these fast toggles, it’s on. I believe I may have set up the opposite just a moment ago. If we see the fast toggles, it’s on. If we see the slow toggles, it’s off. Okay? Um, now so, what we’re gonna do on the main thing is we’re gonna, we’re gonna wait until the LCD is on, right? So the second to the last bar is gonna be there and that’s a good time for us to, to, to sync up and find it. For each separate segment element we go and check if that LCD is on and if it’s on, you know, we, we record that. And then we delay 59 seconds. The reason we delay 59 seconds is because we don’t wanna, like, delay more than a second. More than a minute can start missing codes. So we read that. Um and we, we delay when we delay if we’re doing a microcontroller we wanna be asleep because that’ll save a lot of power. So, I’ve been playing with this little guy. Who who was at the 503 party? Who has a 503, uh, Oregon Trail badge? Who’s got a Bender badge? Um, so a lot of these use this little module, uh, it’s a BMD300 or a BMD320. It’s a tiny, tiny, tiny, tiny uh, bluetooth module. It’s got a cortex m4 core on it, it does BLE, it’s really low power. They’re really great. Um, and they’re lots of fun. So, and they have lots of GPIO. So it’s got plenty of, uh, horsepower to read those LCD pins, plenty of connectivity to connect all those pins. Um, and what’s great is we can just leach it off of the battery that’s already in there. Um, who’s ever, like, modified a game console before? To play backup copies of your games? Okay. I actually don’t ever own any games. I, I buy game consoles and, like, do the mods and then I'm like, ah games. They’re kinda silly, I don’t actually play the games. I’ve already, I’ve already played the game. So this is a picture of a, of a gamecube drive chip. What's really cool about these is they’re very user friendly hardware implants right, you just get this thing and then line it up so those holes are in the right spots so it’s really easy to solder. Even if you suck at soldering, you can do this. Right? So I'm like okay, I can, I can do something like that. Let me build a little board that fits right in here. So this is the RSA token to BMD300 uh, uh, adapter. Um and it, you know, it's on Github. I don’t know if I pushed it yet but I’ll push it soon. But, you know, I basically spaced it all out so it lines up just right. You can see we've got uh, a little notch right here and a notch right here. Those line up very well with the plus and minus power here. And we've got a pad here for that little BMD module. You’ll notice it doesn't have pins it has a bunch of, like, surface mount pads. It's like a little module on module so it’s it can be kinda difficult to solder up. So here’s uh, the boards I got uh, a whole bunch of them. Um, and you know I wanted to get really thin PCB’s. You’ll notice uh, there's one missing ‘cause I’ve already started to solder it. There's one on the far right side with a little X in it. They do some basic test of your PCB when you get it manufactured so that kinda rules out the, the, the other failures. Um, most, some of the other failures. The ones you designed in there will stay. Um, you’ll also notice that that is a nice granite uh, surface below. What I'm working on. You might have recognized that as the granite surface in your hotel room. Um, so.. Uh, you know, normally you’d use like, a, a.. What I did for my first couple prototypes was I, uh, I used a hot plate. So like, uh, like you know like you know to cook up your eggs in your dorm room kinda thing. Um, those get really hot, you put the board down on there. What I did was I put a little bit of solder on the pads, put the bit piece on top and it got warm. Of course I didn't bring my hot plate with me to Las Vegas. I did bring my portable hot air gun though, ‘cause everyone brings those, right? Um, so I tried to simulate the hot plate by holding the board over the edge of the table and uh, uh, uh blowing hot air from the bottom trying to, to melt it. I did burn one I don't know if you can really see in this image but the far right side is all black and messed up and that’s because I toasted it. Um, so it takes a couple tries. Eventually you get the module on there. So here we’ve got an RSA token, um, with the whole back taken off. And then this little module pops down in there and soldered in and then the rigado, the bluetooth module, soldered onto that. Okay so now we've got the whole setup. This guy is gonna get power from the battery that’s in there. The battery’s supposed to last for three years on just these tokens alone. But these bluetooth modules are pretty awesome. You know, if you ever uh, they have like these little becon things so you uh, like, you put’em in the beer aisle and you have an app on your phone and you walk by the beer aisle and it says “Hey! Buy beer!” You know, here’s a coupon. Um, it’s this whole, like, business model. I don't know if it actually works or exists but I’ve seen, uh, concepts of this. Um, but the idea is this little device will last two plus, two or three years and some of them use this little bluetooth module that we have. Um, and so you have a device it just broadcasts a little message once every second once every, you know, few milliseconds. Um, we’re only broadcasting once every minute. So we should have a negligible power draw on this whole system. Um, and again they, they, they last for three years normally. Um and there's plenty of battery to last beyond that so we’re not gonna, we’re not gonna do any damage to this thing uh, until probably passed it’s expiration. So… so here we are. Um, and if you look at this, this is the back of one of those modules before I uh, defiled it. Um, or filed it off. Um, and you can see, like, there’s this, like, sticky stuff and these little pins and there's little um, black pale that sticks over there. So I'm pretty sure I have not yet done it because my equipment at uh, in the hotel room is not that great. Um, I believe that I can get just that piece out and get my module in there and then we can put that, that black panel back on top and, like, not actually see that this has been dramatically changed. Um, as you see it fits right in there. Um, we do have a whole bunch of PCB’s so if you wanna try this, you know, we’re gonna toss them out at some point in time. Um, 200 PCB’s uh, for your own, uh, roll, roll your own uh, RSA toker, tokin’. Whatever you wanna call it. Um, we can listen to that verification code that gets sent uh, from the uh, microcontroller on this token to the display. We read those pins on the display and then we broadcast it over bluetooth. Right? Um, we still have to do the work of sealing up the case whether we get it in there without, like, completely destroying it or not. But always think of it this way, if someone manufactured these in the first place, right, you gotta be able to make them again. So, um, and actually the other idea that I had on this is I was kinda working through how many of you really, like, get frustrated when you have to go and, like, dig out your token and then like find it and then you have to type in the six digits and sometimes you mistype them. It’s really annoying. So if we wanted to, if anybody’s interested, like, you can do a, uh, an alternate firmware for this. Where instead of showing up as just a broadcast device you have to show up as a hid device. Right? And you just pair it with your computer and then every sixty seconds it’ll type your code for you. Wouldn’t that be awesome? [audience applause] So with that, I don't have a demo for you. I apologize. But I’ve got PCB’s and I'm sure you like PCB’s better than demos ‘cause you get to take PCB’s home the demo you just sit here and watch. Um, so, onward, uh… Mike’s gonna tell us a little bit about Doobiekeys. Do you wanna hold this or do you want me to put it back? >>No. Put that back. [mic noise] Hello, hello? Alright, so, um. You know the great thing about, about Yubikeys is that hardware security tokens used to be expensive and Yubikeys are cheap. In fact, they’re so cheap that people will just give them away at conferences. Um, and you know, I I really like the idea that, like, there are lots of people out there going to hacker cons getting, getting free pieces of hardware that they then give you all their trust in. Uh, I think that’s fantastic. [audience laughs] So, you know, what, what we really wanna know is, like, how do I know this is actually legitimate hardware? Like, you know, how trustable is this hardware? And this is, you know, a question that was posted in the Yubikey forum and this is actually a, the, the, the initial response and, and so Tom 2 is a Yubikey employee. Or a Yubico employee. So, you know, does it um, does it say Yubico on it? Does it uh, does it have a number? Okay. Good. We’re, we’re good. This is, this is fine. [laughter] but, you know, they, they do provide you some means to, like, actually say if this is a legitimate Yubikey or not. They provide you with a, with a one time password um, um, authenticator, right? This is, this is actually a demonstration of the authenticator that you can then… you, you can use the same API into your website so you can see whether, you know, you can authenticate or keep your passwords from, from Yubikey users. Then they provide a little demonstration and you can say, like, okay… stick it in, push the button, it fills out the little thing. And then it can tell you, like, you know, if Yubikey is legitimate. Well that’s kind of interesting. Um, but you know, one of the things that I noticed about the Yubikey is it comes with, it comes with a, an identity and a key. And like, a lot of people want to customize their Yubikey to provide, like, an identity that they control. And so, like, you can imagine in each case for this, like, if you had a corporation, right? And you wanted to validate that that these keys were all from your organization then you would provision all the keys into there and, and define a prefix and then you would know, like, okay this one’s part of our corporation. This is just some yo-yo with another Yubikey. And so they provided this customized utility, which is great, and allows you to, like, give them… generate a key, implant it into the key and then upload the key to Yubico so that when you use it, it still appears as valid. So you actually, uh, sign the new, um, sign the new key with your existing key and uploaded it and then it’s tracked and they know that you’re you. Or they know that you’re legitimate. Not necessarily you. Um, but they also, uh, provided a, a uh, arduino reference implementation. Or sort of example implementation of a soft Yubikey. And I wanted to make my own Yubikey because I thought that it was neat but I wanted it to have kind of different security properties than they do, right? The Yubikey their property is that, uh, you have, uh, a secure storage in there that you, you can’t get out. Well, maybe I will just wanna make one that, like, has storage in there and tells everyone. Um, so but they gave me a great starting point. You can actually go to Github and you can clone their simulator. And I noticed that, um, the 18 mega, or the arduino pro micro is, like, pretty small and so, like, it’s like almost the size of a Yubikey. Like, how hard could this be? I’ll just make one and it’ll be neat. But how do they… how, how does this really work? You know? How, how does this flow actually work? So you, you know, you have um, you go to a website and you enter in, you know, like, okay your password and etcetera. And then it sends you back this challenge, like, okay now you use your OTP that, that, that we registered before, right? And so you put in your, your yubikey, it blinks and you touch it and it gives the key and then they go to talk to the yubico authenticator and they give the signature to the yubico authenticator and then it says, like “yes, this is good.” Um, and that’s like, basically the, the use case file. And then on the other side, you know, what are all the different components that are in, you know, what are all the components that are in there? Well, there’s a public identity and a private identity and the AES key and a Counter. So, basically, um, and they have their… it looks like jibber.. jibber jabber strings up there but they have their own… it’s a hex string. They just have an alternate encoding for, for hexadecimal. And basically uh, if you make a signature again and again you'll see that the prefix comes through and you can, and it’s the same every time. And then the other part rotates because it’s being mixed in with the Counter encrypted, uh, with the AES key and then it goes to yubico and they can, they know your AES key. They decrypt it and they can check them, it’s called a monotonic counter. So they can protect against replays by making sure the monotonic counter is greater than the one they last saw. And the reason they don’t, like, say that, you know, it’s plus one because you can make an, you can make an accidental signature, right? That just, like, went into your, you know, into your document or whatever. Into your, into your editor >>Into your Slapchat. >>Into your slapchat. [laughter] No one’s done that. Um, and so it just needs to make sure that it, that it’s big. So, okay. How hard could this be, right? Like you see the… apologize for the, for the, for the dark photograph, but you see on the on the left you see, like, a legitimate yubikey. I mean, probably. And then just to it’s right you see a arduino pro micro and you can see, like, okay… that’s, like, kind of about the same size, you know? And arduinos are open hardware, like, how hard could this be to make your own? So, um, it’s not that hard I think I'm just not that good at it. [laughter] So I went through, um, two generations. Like the first one on the left, which looks pretty good but it has a few, like, flaws, you can see, like the Y is upside down. And uh, and the USB leads are just slightly too long but what you can’t see is that, you know, left and right are hard and so the USB connectors are actually reversed. And you plug that in and it just, uh, shorts out. [laughter] So uh, yea it’s, it’s funny. If you, if you look at the USB connector and you look at the pin out it shows you, like, okay this is ground and this is power and etcetera but if you actually look inside the PCB is upside down facing the other way. So in my defense, like, that was a little bit tricky. [laughter] And then, um, you know, um… I, I, I, I like to work on deadlines so, like, I had to have boards emergency made so they could get here in time for Vegas. And uh, I had them made by two different PCB houses. And it was like a race, like, okay so who can get me these PCB’s before I fly on a plane to Vegas? And um, so we actually have the same design in the far right and the next to far right. [clears throat] It’s just that each PCB house f****d it up a little bit differently. [laughter] So the, um, the one, just, the one next to the far right to the almost far right, um, with all the speckles on it, those are vias. They connect, um, the top layer to the bottom layer. And the reason it’s all speckled is because they’re not tented. So tented would be that that solder mass, that black layer, would be over them. Um, and then they wouldn't be all speckled and they would look prettier but the side affect of them look pretty, looking pretty is that the chip actually has a ground pin underneath it. And there’s not a whole lot of extra space on that board so I that, that ground pin is not used for electrical purposes. Mostly it’s for, um, you know, mechanical purposes. Make sure you have a really good bond to the, to the PCB so, like, if you drop the board the chip doesn't pop off. That’s only happened to me a few times. And uh, so what happened was you solder these up and that, that, that, uh ground pin under, under there just shorts out with all of, all of those, uh, vias. And uh, it doesn't work at all. You plug it in, it gets hot and nobody’s happy. Um, so I, I got, like, one working by, by, by, like, you know, frantically, like, taping the… you know, putting tape on the bottom of the microcontroller and soldering it and, like, reflowing it and, and, and trying to make sure it would work. And then, so. But the other ones arrived. And the other ones I'm like “oh this is perfect. Look at them, they the text is the right way, the vias are tented this is gonna be great.” And I, and I soldered it up and I programmed it. On the bottom is a programming header that you break off and goes into the plastic. And um, it programmed great and I plugged it in and nothing happened. Nothing happened. Nothing happened and I'm like “oooh what’s going on??” And actually, the, the, the one that looks like it’s been destroyed up in the corner there, I think you can see that. Um, so yea, uh, I, I sanded it off to be like “what the hell is going on?” And it turns out that uh, the board houses had different tolerances for, uh, for the feature size. I mean, I was within the feature size that the board house said but, whatever. The ground plane for the USB connector actually doesn't connect. So if you power it with the programming connector and plug it in, it actually works fine. Or, or if you ground it with the programming connector and plug it in it works just fine, but if you cut that off and put it in plastic it’s a brick. So you know, um, I think that there’s a, a lot of emphasis on showing, you know, showing the audience like, “I did this! I did this!” and boom, there's blood all over the floor and, and in reality there’s, like, a lot of f**k ups on the way. And like, you know, these are some of the f**k ups. So, you know, that's a PCB but, like, I don't, I don’t plug the PCB in I plug in this, like, plastic and, and, you know, it says yubico on the bottom and, you know, you, you can’t make that. So, um, thanks to the wonderful world of 3D printing, it turns out that uh, you can. Uh, so, let’s see I, I’d wave one around at you but like, it’s gonna be microscopic and you won't see it anyway. But yeah, I made, like, little 3D printed um, cases that the PCB fits right into. And um, and it, you know, looks pretty good. A little bit more skill on the part of my 3D printing and it probably would look really good. But, you know, time was uh, time was running out so they just look pretty good. And then, you know, this is, this is, like pretty close. You can see if I were to cut that debug header off and, like, smooth out… you know smooth out that top layer it would look pretty good. Um, the Y’s like inverted but, that's fine. [laughter] >>Why not? >>Why… Yeah, that’s right. [laughter] Why not? [laughter] Yeah, so, uh and, and, you know, would you really notice that? I don’t, I don’t think so! [laughter] The tape you might notice but, I'm sure I can, like, in the next rev, like, get the tape out of there. Actually the, the, the tape is there because I had to cut off the bottom of the, uh, I had to cut off the bottom of the connector to get the debug header out. Because I sure as s**t wasn’t gonna destroy my only, like, working one that had a working USB plug [laughter] uh, just before I got on stage. So, you know, can we, can we, uh, can we take this, can we… like, well, can we, test that our yubikey is, uh, legitimate? Sure! Can we test that our doobiekey is legitimate? Sure! Like, this is, uh, this is sort of a prototype. Um, this is the signature from it. Um, and then this is the actual, like, key, this is like an arduino pro micro with a paperclip sticking out. Um, you know, that, that, that will fool the unica servers but it probably won’t fool the user. But like you said, you can, you can see that… [inaudible interruption] [laughter] you can see that they’re actually, like, pretty close in size. Like, that’s what got me kinda going down this road in the first place. Okay. So, this is the scary part. It’s demo time! Uh, okay now I'm displaying in two places and I have to figure out how this all works. Um… that’s not what I want. This one. Okay. How do I get rid of the… how do I get rid of that, like, demo time thing or whatever? Okay. >>It’s, like, harder when you can’t see. >>Kinda harder when you can’t see what you’re doing. Okay, so… we got a, uh, brand new out of the box yubikey. And we got the yubikey customizer. And I can probably find the USB port on this. And, okay. If this works then it should say that I have a yubikey plugged in. That’s disappointing. [laughter] It says it? Awesome! [inaudible response] I can’t see anything. [inaudible response] Yay! Okay and then the top link should be, like, to customize the OTP. Is it? Easy mode. And, man this is hard when you can’t see jack. Hold on. Eeeeerup. [laughter] Uh… well let’s see, let’s uh, let’s uh click the re-generate button. Uh.. okay. So now that I know which button is which. Boy I shoulda got mirroring work and that would have been way better. You can re-generate and then we can upload to yubico. Okay. [audience speaks amongst themselves] Re-gener… [audience continues to speak amongst themselves] Alright. [audience continues to speak amongst themselves] >>It’s greyed out, though. >>It’s greyed out? Awww! >>Oh no, try it. [audience speaks amongst themselves] [laughter] There we go! >>Oh yay! [applause] Okay, now… why is it… are we why is it greyed out? >>Try figuration on the left. >> Ahh. Yay! Do I wanna do this? That’s yes, right? No that’s no. [laughter] Yeah I wanna do it. Uh… da da da da da.. Aw s**t. [laughter] Wait. Eeeerr. Eeeeerrup. Hold on. [laughter] Uh, okay. [laughter] Uh, yea but I wanna open the file. Uh, okay. So I need to upload I need to, like, drag the window back so you can see it. Which now my mouse just died. I hate computers. >>Whose idea was this anyway? >>[deep sigh] Really? I hate computers. Why did my mouse die? My mouse like, literally, like, can’t move now. Ah f**k, f**k, f**k… [faint question from audience] No it’s the built in one. Arrrrg. Alright. This is gonna be really awkward, I think I have to reboot. [laughter] >>Shall I, uh, entertain them? >>Yeah, yeah. You do the entertaining, I'm gonna do the rebooting. >>How’s it going? So, while Mike reboots and we figure out what's going on right there, I'm gonna step over this so I can walk around in circles. I'm gonna start talking and what can I talk about? Um I can talk about some of the other, uh, projects that we did. So, we had a couple half baked ideas in addition to the token and um, the doobiekey. And one of them was, uh, what was the first one? Oh so we were gonna try and, like, make a, a fake TPM. Right? And then we started looking into it and the TPM is like an open standard. You can, um, basically make your own as long as you read all, like, ten thou oh, sorry one thousand plus pages of the spec. And, uh, and do it properly. One of the other problems with the TPM, is like because it’s supposed to actually be secure, the supply chain is kind of sort of secure. But if you actually want to install, uh, a TPM in a system that doesn't have one already you have to, like, go to sketchy dealers to get it. Which means going to Ebay and buying one at the lowest cost from anonymous seller somewhere. Um, and really what it came down to is we couldn't come up with a, with a, a, a drug reference name for the TPM so we just skipped on that one. And it was hard. Another one we worked on, uh, was messing around with the way, uh, uh Ubuntu does secure boot. Right? So if you think about it, when you have secure boot enabled on your system you’re, you’re checking your signatures and your kernel and your operating system based on keys that are stored in your spy flash chip, your bias. And, uh, that sounds great. That’s hardware. We can kind of sneak in there and modify the contents of that. Um, but there’s other uh, nuances to this. The way that that secure boot works on Ubuntu is it actually has a shim that's signed by Microsoft. And that shim is allowed to boot. And that shim goes and boots a signed version of grub. And that grub will go and it’ll boot a secure, uh, signed kernel. Well the dilemma is if it doesn't find a secure kernel it just like, exed the whole secure boot thing and it, um unsecurely boots. So you boot up with, with secure boot disabled. Um But the thing is you know, you're, you, you can, you can do that. You run the system, you’re in charge now. Um. Wouldn’t it be great if we could, uh, exit the secure boot process, um, before we close it out? So we basically found some sort of bug or vulnerability or issue with the way grub does that. Which may be very hard to do ‘cause there’s a lot of different, uh, config files, codes, modules… all sorts of things that grubs loathes. So basically if you, you mess with grub, you allow it to escape. You’re still running arbitrary code in your whole a um, in your whole secure part of your boot process. So we call that the secure boot spliff. Again, um.. That’s all dependant on finding a bug which we didn't find, mostly because we didn't look for it. And if we looked for it and found it we would actually have had to go through disclosure which would have been difficult. So, um.. Burning some yubikeys? [faint response from audience] We blew up a yubikey. Um… so next, uh, that was a secure boot spliff. Then the last one we, uh, were looking at, like, you know, there’s, there’s some.. There’s a paper a couple years ago of, uh last year, sorry. By Invisible Thing Labs about, uh, how state is considered harmful. Anytime you store state, you know, you can store malicious, or potentially malicious configuration or code. So, what the okay. Um, what the, uh… you havin’ fun? >>You can keep talking. >>I can keep talking? So what this, uh, what this idea was like okay… let’s, let’s, let’s make it very simple. We’ll make a, a state board and a logic board. The state board was a flash chip, the logic board was an XOR gate. Like a 1970’s XOR gate. And we figured, okay, we’ll do hardware military grade crypto, we’ll XOR, a key from the spy flash with data streaming through. The problem is, this, this quad input XOR gate that you can get nearly anywhere for a couple cents has the same footprint as an ATtiny84. Um, so we programmed an ATtiny84 to perform like an XOR gate, um, except it also logged the last 128 bits of the key. So, this was the altered state demo, right? We, we have a stateless board that turns out not to be stateless. >>Okay, so now you talk [inaudible] >>Uh, you talk, uh, I can, whatever. You talk. I'm good at talkin’. But I have to be able to see what you’re doing. So now, we’re, we’re uploading our key to yubico to tell it that we’ve changed our, our ma our magic key. And it, upload usually works perfectly. But we’re also going to take that same key and we’re gonna cramp it into an arduino sketch somewhere. Under, uh, doobie private. And we put in the public key under doobie public. Um. Yeah. [inaudible] I th… well. No ‘cause the video demo is gonna take longer. So then we go we put our public key and our… [inaudible] Oh, wow. Video demo. >>Oh wait, wait , wait,. >>Wait we got it. Duh do do do duh duh. So we’re plugging these keys in, we’re gonna compile this and flash it into a doobiekey, right? And now we have a yubikey and a doobiekey that both have the same, uh, master key, MES key and all that stuff. Um, so we can take the legitimate doobiekey and authenticate with yubico servers once. And then, uh, we can take the doobiekey and perhaps uh, uh authenticate in the future but we have that monotonic counter so, you know, we can’t go back and forth and use them both. So we’ve, we have not truly cloned, we haven't taken anything off of yubikey we just programmed both the yubikey and the doobiekey to have the same key. So it’s sorta cloning but not the same. And now we’re typing make command lines. Oh you can see that. >>Yeah you can see… >>Okay. >>Everyone can see the f**k ups live. >>Live f**k ups. Um, so here we go. We compile and it maybe works or not. Let’s see. Doobie, doobie, doobie. >>Doobie do. >>Doobie doobie do. >>Doobie do. >>And now we’re gonna make him stall. >>Yeah. Okay so then, and this is, this is the actual, like, you know, the hardware token. You can see, like, I'm not actually using a real, a real yubikey. And it has, like, a bunch of debug stuff ‘cause, like, nothing works, you know, just before your demo, right? Uh, okay so now we, we need a, a web page to, to go to. So that you can, like, you know. That’s cool you just type in your password on stage. It’s fine. Um, so that’s good so we 2 two tabs here. So, okay so we have, like, basically… whoops. We have… a, a mid panel that, that shows, like, hey here’s the doobiekeys we've seen, right? ‘Cause we programmed in the public identity and we know the counter. Um, we know the private identity and the AES key so all we need to know actually is in our malvertising network was periodically to make signature… is to… for you periodically to check in, give us the monotonic counter value and which doobiekey you are with the public identity and then, um, because we advance farther, like, in the meantime we can make signatures as you, uh, so we just need… so we just need a, a web page [laughter] that kind of gets the user's attention for a moment and let’s see if this works. So what’s happening is, you know, uh, a yubikey is a, is actually a, a HID keyboard. Um, but, you know there are all kinds of HID devices. So this is actually a, a HID mouse as well and it uses a, uh, very subtle I, I doubt you, kind of, saw it, a very subtle encoding mechanism to encode that identity and in, uh, in the mouse wheels that the webpage, the javascript then reads out. And indeed yay it worked! We, we actually got the counter and the, uh, and the uh, uh identity. So now, uh oh crap. Now we have to, like… eeeh. It’s fine. Everyone yeah. We’ll just do, we’ll just do it live. >>Well good thing they didn’t see the nude yubikey pics. >>[laughter] Uh, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do, do. >>Just to recap your life flashing before your eyes. >>Okay, demo time. Uh, I, okay we don't need that one. Okay. [laughter] So what happened here? Um, it was like I said we, we periodically post this [laughter] we periodically post the identity through our, uh, the mouse movements with the ID and the.. Jesus. [laughter] Watch where you stick that thing. Um, the ID and the counter. And then, like, the, the best part about, um, the best part about, um, making, you know, you know, hardware is that we can share. So, like, uh, as you can see we have a lot of these boards. We have, like, about 150. Uh, these are the boards that I mentioned before with the f**k up where they don't plug in over USB but, you know a little blue wire between the ground pin and, you know, a capacitor somewhere will, like, make them work. Uh, okay you’ll flip through that. >>So, yeah, I already talked about the half baked ideas. We got, like, 2 minutes left so, uh, the secure boot spliff. We got the altered state where we had like a state board that had your, your state. And then the logic board, pure logic. Which is also supposed to be stateless if you subscribed to later timelines. Um, but of course this ATtiny on the left and the 74SN86 on the right, one of those is stateless, one of them is not. And how do you tell the difference? Uh, yeah, you decap the chip and figure it out, right? Um, anyone can make a TPM but no one could come up with a good drug reference. So we poked around a couple hardware security devices. These are all important and great things and easy to use. Nothing that we’ve presented should make you stop using any of these things, okay? I just wanted, I think I said it at the beginning, I wanna say it again. Keep using your yubikeys, keep using, uh, your, your tokens. They’re good things. But we do have to consider that, um, um hardware attacks are different and they improve security, sorry, but hardware threat model is a little more complicated than we give it credit for. Just letting go and keeping cont, constant view of your device is not necessarily enough. Um, we also, uh, think, we have to remember that software hacking is looking at layers of abstraction and finding a way through, but hardware is just another layer of abstraction that hides layers upon layers of more abstraction. So, uh, be aware of that and don't trust your hardware implicitly, which seems to be what a lot of people just do. Uh, yeah. All the way down to electrons and atoms. So, do you still trust your hardware implicitly? If so, what are you smoking? Thank you. [applause]