Samy Kamkar - FPGA Glitching & Side Channel Attacks

Sdílet
Vložit
  • čas přidán 17. 06. 2024
  • I will explore some of the incredible work that has been done by researchers, academics, governments, and the nefarious in the realm of side channel analysis. We’ll inspect attacks that were once secret and costly, but now accessible to all of us using low cost hardware such as FPGAs. We’ll learn how to intentionally induce simple yet powerful faults in modern systems such as microcontrollers.
    Note: Due to technical difficulties with the live stream, Samy's talk slides are shown for the first portion of the talk, with live video beginning at about the 6:30 mark.
    Read the article on Hackaday:
    hackaday.com/?p=402241
    Follow Samy on Twitter:
    / samykamkar
  • Věda a technologie

Komentáře • 30

  • @Xoferif
    @Xoferif Před 4 lety +34

    Common problem with Hackaday talk videos: Edited to show the presenter talking and misses lots of slides. Perhaps a picture-in-picture view, or something?

  • @simonstergaard
    @simonstergaard Před 4 lety +4

    Samy is great! Also loving the sound of "the party van" at 15:20

  • @Evil_ddddd
    @Evil_ddddd Před 4 lety +2

    Nice talk, Thanks for Samy's share.

  • @Munden
    @Munden Před 4 lety +3

    Very nice work Samy!

  • @Willam_J
    @Willam_J Před 4 lety +9

    Sammy - Hopefully, you’ll see this. @20:30 The “photo-acoustic effect” you’re referring to, works with a special type of microphone, often used in cell phones and IOT interfaces, such as Amazon Alexa and Google Assistant. An audio-modulated laser beam can be directed through glass, hitting the IOT interface microphone, allowing you to issue commands like “Hey Alexa. Open the garage door.” While light doesn’t have mass, it does have energy, which can interact with MEMS microphones. MEMS = Micro-ElectroMechnical System, which are nanoscale moving parts, on a silicon die. In the case of the MEMS microphone, it’s a diaphragm. Source: I’m and EE and also perform IOT hardware security research.
    Edit: I just found a good link for this exploit: Destin, from the Smarter Every Day channel, demonstrates the effect and explains it pretty well. czcams.com/video/ozIKwGt38LQ/video.html

  • @gcm4312
    @gcm4312 Před 4 lety +11

    relevant slides are not shown in the video... is there a link to the presentation?

  • @sudocdhome
    @sudocdhome Před 2 lety

    Nice talk. Thank you HACKADAY.

  • @mehrdaddashad6159
    @mehrdaddashad6159 Před 4 lety +3

    Wonderful!!!!!!

  • @KeiranR
    @KeiranR Před 4 lety +2

    Love this bloke ....

  • @fernandoblazin
    @fernandoblazin Před 4 lety +10

    Hey haven't seen anything new from this guy in a while

  • @melkenhoning158
    @melkenhoning158 Před 2 lety +1

    Sammy is my hero!

  • @emilio_wayne
    @emilio_wayne Před 3 lety

    Chipwhisperer is a great tool. Side Channel Attack and Correlation Power Analyze. Excellent efficiency vs prices...Great video pip...

  • @Aali4500
    @Aali4500 Před 4 lety +2

    Some new sort of hack ... Thanks man ...

  • @alpagutsencer
    @alpagutsencer Před 4 lety +3

    Correct me if i am wrong but you dont need to erase eeprom for write new info. Erasing means chage all bytes to 0xFF which is actually write operation. And you dont need that. Just put new info.

    • @frab88
      @frab88 Před 4 lety

      EEPROM works like UV (EPROM). A "write" operation means that you can only flip a bit from "1" to "0" (not viceversa). You cannot "write" a "1" where there's already a "0". Hence you need to perform an "erase" operation to reset all bits to a known default state (i.e. 0xFF) before the actual "write" operation. In other words you could say that the EEPROM "write" is NOT atomic.

  • @cvspvr
    @cvspvr Před 6 měsíci

    samy is my hero!

  • @hobrin4242
    @hobrin4242 Před 3 lety

    your timing hack reminds me of what I tried in minecraft once we figured out remote chunk loading, to see if it was loaded from disk or generated newly or already loaded. We tried using timings but over the network that was too unreliable. Then we tried out to do the timing on the server's side, so you could time the delay between 2 events and inbetween those you do the chunk loading. Didn't find a good second event though.

    • @godfather7339
      @godfather7339 Před 2 lety

      I remember using some mod that showed whether a chunk was already generated or not and mark the pre generated ones red on screen.
      Do the mods these days use the timing hack or something else?
      The mods were pretty accurate and we would follow the trails to find people's bases.

    • @hobrin4242
      @hobrin4242 Před 2 lety

      @@godfather7339 yeah so how that works is that minecraft generetes chunks in 2 phases but it loads chunks in 1. So when the chunk generation sends an additional large block update packet when loading the chunk, so therefore it must have been newly generated your client assumes. This works most of the time.

  • @element4element4
    @element4element4 Před 3 lety +1

    The comments under the video say
    "Note: Due to technical difficulties with the live stream, Samy's talk slides are shown for the first portion of the talk, with live video beginning at about the @ mark."
    I think you are apologizing for the wrong thing. The problem was not that there were slides in the first portion, the problem is that the live video started at 6:30 mark and removed the slides and made it much harder to follow. The people editing talks like this are clearly not among the people watching these talks. In the institute where I did my theoretical physics PhD we had a team hired to record all lectures and talks. But they always insisted on fancy cutting the camera between different angles, showing the speaker speak from different perspectives, while the scientists at the institute just wanted the slides (or sometimes blackboard) + the voice. There is little info in looking at the speaker while he is pointing to slides we can't see.

    • @element4element4
      @element4element4 Před 3 lety

      The best way to record talks like this is to have picture in picture, where the slides are shown in nearly full screen and the speaker in a small picture in the corner.

  • @syntempl2426
    @syntempl2426 Před 4 lety

    hey so if a non volatile sram is used it is much more vulnerable to memory imaging?

  • @ismailb4334
    @ismailb4334 Před 4 lety

    Link to the slides please? or his email so that I can ask him for them?

  • @triangleenjoyer
    @triangleenjoyer Před 4 lety

    Is there a link to the slides?

  • @TS-jm7jm
    @TS-jm7jm Před 4 lety +3

    Why are some of the links redacted?

    • @Willam_J
      @Willam_J Před 4 lety +1

      Tristan smith - They’re from the NSA “Playset”. It’s a catalog of NSA hacking tools, which was leaked by Edward Snowden, exposing what the NSA was doing/capable of. It’s not hard to find. It’s been in the wild for several years now.

    • @TS-jm7jm
      @TS-jm7jm Před 4 lety +1

      @@Willam_J ah, noted thanks

  • @PHamster
    @PHamster Před 4 lety +1

    **Wears Tin Foil Hat**

  • @danielwhite6441
    @danielwhite6441 Před 3 lety

    I wish he would hack wms bluebird wms 550 or some slot machines. I'd like to run different roms on mine.