Home page logo

pen-test logo Penetration Testing mailing list archives

Grabbing the CORE of a Dallas DS-2250 and DS-5000
From: "Holmes, Ben" <Ben.Holmes () getronics com>
Date: Fri, 1 Mar 2002 19:05:44 +1100

Hash: SHA1

I have been given the (possibly hard) task of extracting the core
program from a Dallas DS-2250 chip.  The chip is part of a currency
validation device and we are assessing its security.

In the same family is a Dallas DS 5000, info on this chip would also do.
As far as I know, the chip is not using any external RAM.  The chip is
battery backed.

At the heart of this processor is a piece of software that defines what
it is looking for in the currency.  Basically, if I can get this piece
of software from this "secure processor" I can show the system to be
"not completely 100% secure".

Apparently the chip has safeguards against extracting this, and it can
wipe the data, in this case I class that as "failed".

Please don't just point me to resources on the web and tell me that I
can disassemble the chip layer-by-layer, as this is not an option,
however resources on the web where protocol or encryption based attacks
can be used would be great!

The chip can be interrogated and the software can be uploaded and
downloaded somehow, that is how I have to do it!  I have access to some
excellent electronics hardware and software techs and a full electronics

If anyone has had any experience with this sort of thing, could you
please respond.

Basically though I get almost no chance for error, one slip and the chip
wipes itself!

I really prefer pen-tests on Windows NT :)

- -- Benjamin Holmes
Getronics, Brisbane.

E&OE. All spelling and grammatical errors are for your enjoyment and
entertainment only and are copyright Benjamin Holmes.  This message is
guaranteed free of exotic diseases. This e-mail message and any
attachments are confidential and may be privileged.  If you are not the
intended recipient, please notify me immediately by replying to this
message and please destroy all copies of this message and attachments.
Please also try to forget everything you have read that was contained in
this E-Mail message, except this part, and you may not copy it. Thank

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Pee Gee Peeeeee!


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]