6502.org Forum Projects Code Documents Tools Forum
It is currently Thu Oct 03, 2024 1:28 pm

View unanswered posts | View active topics


Board index » 6502.org Users Forum » Hardware

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Previous topic | Next topic 
Author Message
Cray Ze
PostPosted: Fri Jan 06, 2017 4:15 am 
Offline

Joined: Sat May 02, 2015 6:59 pm
Posts: 134
I found an interesting 6502 video (not obvious from the title) that others may find interesting.
The video details the cracking of a pay-tv box, leading to the discovery of a WDC 65c02 (just called 6502 throughout the video) at the core of the access control chip.

Link:
https://www.youtube.com/watch?v=lO4TNnkN64A

Notable parts in the video:

Decapsulation and delayering to read the ROM
https://youtu.be/lO4TNnkN64A?t=1082

Identifying the CPU architecture and discovering its a 6502.
https://youtu.be/lO4TNnkN64A?t=1526

Glitching the chip and getting user code to run in ram.
https://youtu.be/lO4TNnkN64A?t=2112
Top
 Profile  
Reply with quote  
BigEd
PostPosted: Fri Jan 06, 2017 12:52 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10943
Location: England
Brilliant! Some stills, and a link to the slides, at
http://hackaday.com/2016/12/27/33c3-chr ... ks-pay-tv/
Top
 Profile  
Reply with quote  
Cray Ze
PostPosted: Fri Jan 06, 2017 1:40 pm 
Offline

Joined: Sat May 02, 2015 6:59 pm
Posts: 134
Thanks for tracking down / posting the additional links, double brilliant!
Top
 Profile  
Reply with quote  
BigEd
PostPosted: Fri Jan 06, 2017 3:27 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10943
Location: England
Some points which might be worth making:
- this is the sort of licensed 65c02 which we'd not normally know about, which is the bulk of WDC's business
- the 65c02 inside is not a structured design, it's a synthesised design perhaps from HDL (or perhaps delivered as a logical netlist)
- this Access Control Processor does lots of realtime DES decryption, but using hardware acceleration
- the 6502 is running a multitasking application
- care has been taken to keep secret data only in RAM, to generate the clock on-chip, to place reset-trapping addresses within the key data areas of RAM, to have no means to modify the code that's running
- the chip was, ultimately, found to be vulnerable to glitching the power supply very precisely
- the chip is from 1998 and only now, after 18 years and with a great deal of effort, is the protection broken

Edit: capturing program flow by glitching the power supply is covered from about the 39min mark.
Top
 Profile  
Reply with quote  
Aslak3
PostPosted: Tue Feb 07, 2017 3:16 pm 
Offline

Joined: Mon Aug 05, 2013 10:43 pm
Posts: 258
Location: Southampton, UK
I was just about to share this video with a friend when I clicked the link and... it's gone. Gah!

_________________
8 bit fun and games: https://www.aslak.net/
Top
 Profile  
Reply with quote  
BigEd
PostPosted: Tue Feb 07, 2017 5:16 pm 
Offline
User avatar

Joined: Thu Dec 11, 2008 1:28 pm
Posts: 10943
Location: England
The official video is still up, at
https://media.ccc.de/v/33c3-8127-how_do ... ble_pay_tv
and on YouTube at
https://www.youtube.com/watch?v=lhbSD1Jba0Q
Top
 Profile  
Reply with quote  
Cray Ze
PostPosted: Wed Feb 08, 2017 1:40 pm 
Offline

Joined: Sat May 02, 2015 6:59 pm
Posts: 134
Thanks BigEd.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 

Board index » 6502.org Users Forum » Hardware

All times are UTC


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
6502.org is an ongoing project by Mike Naberezny and contributors.