For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access to a university or work science lab, this is beyond the reach of most hackers, and, even it were to be attempted, difficult and potentially extremely dangerous.
In this talk we will go through our own adventures in tackling the issue from the point of view of the back-room hacker/researcher, and how we have solved many of the problems using only tools and devices that were freely and cheaply available from online sources such as Ebay.
There is also the secondary problem of what to do with the chip once you've decapped it. For example: if you've taken microscopic images of a masked ROM, in theory you can extract the code, but in practice you're looking at thousands of tiny dots, each of which represent a 0 or a 1, which, once correctly read and compiled into HEX, will represent the original byte code. Many projects (e.g. MAME) have used crowd-sourcing as a means of converting the images by eye, but we will present a software tool that semi-automates this process and we'll demonstrate how what was once the works of tens if not hundreds of hours can be reduced to a few minutes.
Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and wrote the world's first CD ripper, 'CDGRAB'. At this point, he became interested in the newly emerging concept of 'The Internet', and was involved in various early open source projects, the most well known of which is probably Apache-SSL which went on to become the de-facto standard secure web server. Since the late Nineties he has focused his attention on security, and has been the author of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centers (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org. Adam is a Director and full time researcher working for Aperture Labs Ltd., specializing in reverse engineering of secure systems.
Zac Franken has been working in the computer and technology industry for over 20 years for major industry players such as ICL, Informix, British Airways and Motorola. Founding his first company, Point 4 Consulting at the age of 25, he built it into a multi-million pound technology design consultancy. Point 4 was the leading provider for critical back end technology in the UK and was used by many major web sites such as The Electronic Telegraph, MTV, United Airlines, Interflora, Credit Suisse, BT, Littlewoods and Sony. Following Point 4 he went on to found Ablaise, a company that manages the considerable intellectual property generated by Point 4, and Aperture Labs Ltd. In his spare time he manages the worlds largest and longest running security conference, DEF CON. Zac's research focuses on embedded hardware with a penchant for access control systems and biometric devices, he has spoken and trained at public information security conferences in Europe and the US and for private and governmental audiences. He is responsible for identifying major vulnerabilities in access control and biometric systems, and has a passion for creating devices that emulate access control tokens either electronic physical or biometric. Zac has been responsible both directly and indirectly for changing access control guidelines for several western governments.