CT Scanning is one of the gold standards for hardware hacking. It enables a user to slice and dice a 3D model of the device in question and most importantly it will allow a user to selectively slice through the model to extract key features such as the copper layers on multi-layer boards, embedded vias, embedded components, etc. It is these copper layers that represent the device’s circuit and therefore extracting them is a key method in enabling the reconstruction of the schematic from the physical device. This technique will allow non-destructive analysis of the device in question and will greatly shorten the phase of reversing the physical device to a logical schematic. I will also cover the construction of the Decapinator–an accurate non-destructive chip de-capping device that precisely exposes the silicon inside the epoxy chip package without damage to expose it for micro-probing, masked rom, and other detail extraction.
Zac Franken recently retired from 20 years as the Operations Director of DefCon. Zac’s research focuses on embedded systems security, access control systems, and biometric devices, and he has spoken and trained at information security conferences in Europe and the US publicly and for private and governmental audiences. He is responsible for identifying major vulnerabilities in various access control and biometric systems, and has a passion for creating devices that emulate access control tokens either electronic, physical, or biometric. Zac has been responsible both directly and indirectly for changing access control standards for several Western governments.