Language: English
From quite manual to semi-automated, these are targeting the conversion of pictures into a proper binary that can then be analyzed using the usual tools.
One issue that is reportedly described is the presence of scrambling within the memory array making converting the pictures to something sensical a task involving trial and errors that can lead in the worst case scenario to a project halt if the scrambling scheme is not trivial.
Furthermore, when encryption is used, there is no obvious option to try solving it. This is generally where fully invasive techniques become the method of choice, involving a much more equipped lab with an FIB and micro-probing station but also the need to analyze digital circuit and to potentially bypass counter-measures such as security shields for example.
This lecture aims at showing that ROM dumps including descrambling and decryption can be done using a fully analytical methods where pictures of all of the layers of the memory including control circuitry, row and column decoders can be converted into a HDL langage which make it possible to simulate the memory to retrieve its content independent of internal scrambling schemes. By extension, the description will be pushed to decryption circuitry which is another bloc of logic that can be modeled and simulated accurately.
The lecture will include demonstrations of the method using simple to professional setups so as to clearly outline their benefits and limitations.
The talk will start with the context introduction and a classification of the ROM dump feasibility and difficulty from non-encrypted, non-scrambled to fully encrypted and scrambled.
Then, the usual dump techniques will be reviewed quickly to introduce the proposed method which is generic to the various cases discussed previously.
The talk will include demos that are showing how the method can be accomplished using simple and affordable tools. A second demo will show how professional tools do the job in a blink of an eye. These two demos will be used to outline potential limitations and use cases.
As the method does not require expensive FIB, micro-probing station and other custom lab equipment, it will benefit to a wide range of Reverse-Engineer from “hobbyist” to “professional” of the sector.