HARDWARE
Mark Wong
10th October 2014
hacking101
www.omgbazinga.com

DISCLAIMER
While the following has been conscientiously researched.
Neither the organizers nor the author will accept any
liability if you render your device inoperable as a result of
these instructions. Proceed at your own risk. DO attempt
these experiments, tests, trials, or any activity in this
presentation at home, work, or anywhere else for that
matter. Have fun, gain more experience and knowledge,
be safe and use common sense!

WHAT WE DO

WHAT WE DO

HAQDLOFU-ALOIKFME

233 MHz
Pentium
w/ MMX

So the learning journey begins…

1997
Evolution of my Rigs
SMOOTHER
GAMES
1999
2002
2004
2006
2008
2009
2012
Coming
soon
2015
Pursuit of
No $?

How does hardware affect
me?
HARDWARE
ROCKS

iB Secure Device token
UNLOCKS YOUR
MONEH

Coin
Cell
Battery
Epoxied resin IC die “Chip-on-board”, ‘glob-top’
Button contacts
Infineon BC857BL3
PNP transistor
Assorted SMD
resistors
Test /
programming
pads
Manufacturer
information
silkscreen
32.768kHz Ceramic Crystal Oscillator
LCD junction pads

Technical Specifications
• Weight: 14 grams
• Dimensions: 9.8 x 25.9 x
62.7mm
• Display: 8-characters LCD
• Keypad: one-button
• Real-time clock to
provide time value to
DIGIPASS algorithm
• Supported crypto
algorithm: DES, 3DES and
AES, DIGIPASS time and
event based
• OATH event (HOTP) or
time (TOTP)
• Battery: non-replaceable,
lifetime expectancy 7
years
https://www.vasco.com/products/client_products/single_button_digipass/digipass_go6.aspx

What have we learnt?
OATH - Initiative for Open
AuTHentication
HOTP: An HMAC-Based One-Time
Password Algorithm (RFC 4226)
Supports: TOTP -Time-Based One-
Time Password Algorithm (RFC
6238)
Standards set by: Internet
Engineering Task Force (IETF)
Then HOTP(K,C) is mathematically defined by: HOTP(K,C) = Truncate(HMAC(K,C)) & 0x7FFFFFFF
K is a secret key, C is a counter key
For HOTP to be useful for an individual as a system input, result must be converted into a HOTP
value, (6–8 digits number) where HOTP-Value = HOTP(K,C) mod 10d, d is the desired number of digits
http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm
http://www.sourcemediaconferences.com/CTST09/PDF09/D/Tuesday/BajajSiddharth.pdf
http://www.globaleventspanama.com/clab2010/files/conf_donald_malloy.pdf

Somebody already hacked it!
https://http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank%27s-security-token/#.VCIywxbgzgU

https://www.youtube.com/watch?v=k87vSrfhof4

What can I do with what I’ve learnt?
The “stuff” Who makes it? How
did they do it?
Learn everything
about it, try it.
Learn about
cryptography
Learn about
low-cost
manufacturing
or electronic
packages
Make your own
crypto-key
generator
Be happy
having learnt
something

http://www.empf.org/empfasis/dec04/improve1204.htm
http://www.digikey.com/catalog/en/partgroup/avr-cryptocontroller/32031
http://www.maximintegrated.com/en/products/digital/microcontrollers/MAXQ1010.html

How do I
Start?

Tools of the trade
Screwdriver. Multi-meter. Pliers. Cutters.

What the heck hack is
inside
IT?

HOW DOES A CAR
WORK?
HOW DOES YOUR EZ-LINK
WORK?

If you don't know how things work,
how can you design interfaces with
dreams to change the
world?
How do you improve something if you
don't know how it works?

Build. Fail.
Rebuild.
Results.
Outcome.
Find out
How?
Why?
System
design /
Adoption
Hardware
Lifecycle
Summary
3-stage Block diagram

Teardowns!!!

BOM (Bill of Materials), Datasheets

https://www.ifixit.com/Teardown/iPhone+6+Teardown/29213
http://www.techinsights.com/teardown.com/apple-iphone-6/

• ultra-small (2mm x 2mm)
– WOW!
• Tri-axial
• Measurement of
accelerations in 3
perpendicular axes
• Senses tilt, motion, shock
and vibration
- Low power consumption
of 130 μA – NICE!

Don’t be
afraid to blow
things up

Online Resources
Complexity
& Ability
Time

3-stage Block diagram
Controller /
Process /
Decision
Measurement
/ Input
Outcome

Input
•Keyboard
• Sensor
• Touch screen
Process
• Processor
•Microcontroller
• Signal
conditioning
•Analog-to-digital
Converter
•Application
software /
firmware
Output
• LEDs
• Screen
•Sound
Design your system

The good ‘Ol days

Today’s
Platforms

Apollo Guidance Computer (AGC), 1966
16-bit, 55Watts
<1MIPS, 4K RAM, 32K ROM, 8 GPIO
1.024 Mhz
31 kilograms
$15 Million
Arduino UNO platform, 2009
8-bit Atmel atmega ATmega328
20MIPS, 2K RAM, 32K ROM, 14 GPIO
16Mhz
27 grams
$20

Hardware platforms change
all the time. The key is
quick adoption.

Diodes
Boring.
Not Fun.
http://startingelectronics.com/beginners/components/LED/
http://dangerousprototypes.com/docs/Basic_Light_Emitting_Diode_guide

What does it
• ONE WAY VALVE
• PLUS (+) and
MINUS (-)
• Makes pretty
lights
do?

What are you
gonna make?

Iterative prototyping

Learning Curve
Complexity
& Ability
I kick-ass


Valley of despair – “who’s dumb idea is this”
Can’t live without!
Time
Increase in
skills
Associative
stage
Autonomous
stage
GOD-LIKE
Trial & Error
Cognitive stage ‘I suck’ threshold

Mark.wong@omgbazinga.com
@fusion2x
@fusion2x