[quote author=Coding Badly link=msg=2663225 date=1457979564]
This is a nice overview...
@Grumpy_Mike is correct about removing the cover. It is possible (and quickly becoming less expensive) to mechanically shave off the plastic package exposing the chip. However, the attack I read about involved using an electron scanning microscope to place "micro probes" so memory could be directly accessed.
I have seen accounts of manufacturers placing sold metal plates over memory in the misguided belief that will protect access. It does not.
Consider this... the processor is able to read Flash. If tiny wires can be placed on the same bus used by the processor then Flash can be accessed just like the processor.[/quote]
I have a bunch of old memory chips from the 80s AND an SEM, so I am gonna try this! (don't know when though, maybe this summer.)
In WWII, the Germans used a set of wheels, they were wired so if you pressed A, that wheel would output R
the next wheel would see R and output j
then next wheel would see j and output x
I think that each wheel would rotate a few degrees so that on the next key entry, you could input A and that wheel would output F
then the next would see F and output D
the next would see D and output x
so, at the end of a short message, like the lyrics of 99 Luftballons in french, or the Red Queens speech, would come out as
you would have to have the way the wheels were wired and how much each rotation was in order to turn this back into anything meaningful.
and since the number of letters and spaces are the same, you might get the location of Captain Kids pirate treasure, a link to where they keep the alien bodies from the Roswell crash or Jimmy Hoffa's last speech.
MorganS:
No, an Enigma message is always transmitted as groups of 4 morse code letters. It's written as:
XXXX XXXX XXXX XXXX XXXX
(Uppercase since Morse has no cases.)
if you were presented with a memory chip, a file, a transmission, a piece of paper that had nothing bu X's ad spaces, how could you convert that to what the writer has coded ?
I do not believe that the enigma transmissions were all of any single character, but just scrambled letters that were so scrambled as to be meaningless without the code.
just knowing the number of wheels was fantastically helpful.
aarg:
Well, it's harder to prove that something is impossible, than that it is possible. After all, the latter takes only one example.
Given enough time, money, effort and resources, no code is unbreakable. Look what has been accomplished with DNA. (Yes. I know that DNA is not a code, but it's very code-like.)
However, only being able to read a secret coded message after many years of code breaking effort will be of little use to you, if you need to know what the message is today.
Well, one of the problems with the Enigma was that it couldn't produce a long string of identical letters. It doesn't look "random enough" to the generals buying the thing. By introducing some non-random rules to make it look random, they made the code easier to break.
Having worked in several "dark" areas and dealt with some of this stuff, I can honestly say that the only "unbreakable coded message" is the one that never got sent. If it can be decoded on the other end, it can be decoded somewhere else too. You can make it very difficult to break, but it can be decoded. I remember one of the first instances back in the early Unix days when they started encrypting the passwords with the DES algorithm. They thought it was virtually unbreakable ... until someone got the clever idea of running the dictionary through the DES encryption and comparing the results with the encrypted passwords. Hmmm - look at all the matches !! (they added some additional features since then to make it more secure).
gpsmikey:
Having worked in several "dark" areas and dealt with some of this stuff, I can honestly say that the only "unbreakable coded message" is the one that never got sent. If it can be decoded on the other end, it can be decoded somewhere else too. You can make it very difficult to break, but it can be decoded. I remember one of the first instances back in the early Unix days when they started encrypting the passwords with the DES algorithm. They thought it was virtually unbreakable ... until someone got the clever idea of running the dictionary through the DES encryption and comparing the results with the encrypted passwords. Hmmm - look at all the matches !! (they added some additional features since then to make it more secure).
Sorry, but you are simply incorrect. It is mathematically provable that a one time pad is absolutely unbreakable. Actually you don't have to be good in math to understand why.
dave-in-nj:
any memory chip can be opened and the contents read if 'they' have the actual chip.
memory is a physical thing that can be seen under a microscope.
but, you can encrypt the bejeebers out of it and make it so an ordinary person cannot read it.
I seem to remember that there was a Playstation or Xbox that had some really tough encryption. The data was encrypted in memory. It was encrypted during the transmission from memory into the processor, so just spying on the memory bus was impossible. It was encrypted while the processor was working with the data. You could cut open the processor chip and spy on the wires between the parts of the processor and still you couldn't get the real data.
But there was some condition of causing a major reset at some exact moment during the initial startup that would let certain information about the key be released on some debug channel. Then the hackers only had to try a billion combinations of the other parts of the key to discover the whole thing.
From that key, any box could be hacked to allow it to play illegally-copied games. Owners would pay $150 to have their boxes unlocked. You think you need security?
All I know is that less than 24 hours after I discussed a method of visualizing the physical charge on solid-state electrochemical memory devices used in an Apple chip*, in private conversations over an open phone line, and in this forum, the FBI announced that they no longer require Apple's assistance to decrypt an Apple phone's memory.
MorganS:
I seem to remember that there was a Playstation or Xbox that had some really tough encryption. The data was encrypted in memory. It was encrypted during the transmission from memory into the processor, so just spying on the memory bus was impossible. It was encrypted while the processor was working with the data. You could cut open the processor chip and spy on the wires between the parts of the processor and still you couldn't get the real data.
But there was some condition of causing a major reset at some exact moment during the initial startup that would let certain information about the key be released on some debug channel. Then the hackers only had to try a billion combinations of the other parts of the key to discover the whole thing.
From that key, any box could be hacked to allow it to play illegally-copied games. Owners would pay $150 to have their boxes unlocked. You think you need security?
A company I worked for used a 8051 based secure microcontroller (external memory only, encrypted address- and data bus) in one of our products. Similar to the above attack, reset vector as well as interrupt vectors are known so decryption of the address bus was simple. Knowing that interrupts usually result in a jump instructions revealed the encryption of the data bus
The microcontroller was redesigned to have a small on-chip code memory to be able to keep the ISRs hidden.
