This project was initiated due to our client's concerns regarding the robustness of a security device they were using extensively to secure their global operations. Special concern was the physical security of the product and the strength of its anti-tamper features.
The product, being utilized in high-risk environments, is vital to our client's operations, making its security and robustness paramount. A breach could potentially disrupt operations and significantly damage our client's reputation.
The successful completion of this project required a high level of specialization and detailed knowledge in multiple technical areas. These areas included hardware reverse engineering, proficiency in delayering complex multi-layered Printed Circuit Boards (PCBs), and a deep understanding of reverse engineering proprietary Microcontrollers (MCUs).
Hardware reverse engineering
Our team successfully demonstrated that it was possible to bypass the product's physical security and anti-tamper features. This was achieved through comprehensive hardware reverse engineering, including removing potting compound, delayering the 8-layer PCB, redrawing the main signal circuitry, and reverse engineering the proprietary MCU pinouts.
Our team successfully applied a publicly known glitching attack of the same vendor's MCU for the proprietary MCU used in the product. The glitching attack was used to bypass security fuses and reactivate the debug interface on the device.
The findings were reported to the client along with an estimate of their criticality and recommendations. Through the report, the client can communicate the findings internally and assess the necessary steps to take moving forward.