From gniibe at fsij.org Fri Oct 2 03:21:10 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 02 Oct 2020 10:21:10 +0900 Subject: (ST|GD)32V?F103 flash readout Message-ID: <87eemh4e49.fsf@iwagami.gniibe.org> Hello, In February, Tom Li kindly shared about Flash Readout Attack. Since then, attack technology have been improved (to the direction: worse for our use case). This week, during testing GD32VF103, I also found a vulnerability of its firmware (if my analysis and understanding are correct). Currently, I am asking help of my Chinese friends to contact the vendor. And, then, I found more about recent vulnerabilities around (ST|GD)32V?F103. Basically, now in 2020, when you allow physical access to your token, it's somehow easy for attackers (with enough skill) to readout its flash content, for both of cost and time. I'd recommend some sort of tamper resistance or tamper-evident for case of Gnuk Token. For my own, I use a metal case with FST-01SZ Kit, and something like this: https://www.fsij.org/gnuk/craftwork-fst-01.html Here are two of reports. If you don't have time, just read the second, which also explains about the first. (1) A report on STM32F1 (CVE-2020-8004): Exception(al) Failure - Breaking the STM32F1 Read-Out Protection: https://blog.zapb.de/stm32f1-exceptional-failure/ (2) Another report (CVE-2020-13463, CVE-2020-13464, CVE-2020-13465, CVE-2020-13466, CVE-2020-13467, CVE-2020-13470, CVE-2020-13471, CVE-2020-13472) which also refers (1) of CVE-2020-8004. One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers: https://github.com/JohannesObermaier/f103-analysis/ Also, another work in 2017 by Johannes Obermaier and Stefan Tatschner is worth to read. (0) An attack to STM32F0 (CVE-2017-18347): Shedding too much Light on a Microcontroller's Firmware Protection: https://www.aisec.fraunhofer.de/en/FirmwareProtection.html https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf -- From pollo at debian.org Fri Oct 23 00:54:37 2020 From: pollo at debian.org (=?UTF-8?Q?Louis-Philippe_V=c3=a9ronneau?=) Date: Thu, 22 Oct 2020 18:54:37 -0400 Subject: Where can I buy a token that can run gnuk In-Reply-To: References: Message-ID: Hi! I've finally decided it's time for me to make the jump and start using a GPG hardware token. Sadly, I haven't been able to find a way to get my hands on a token that can run gnuk. I used to have one that I bought from niibe-san at DebConf15 (time flies!), but I don't have it anymore. I also emailed Seeed Studio to see if they were planning on restocking on the FST-01 and they told me it had been discontinued and they weren't planning on selling any anymore :( Any tips? Someone told me it would be possible to have a small batch of FST-01 made by some company that does that kind of stuff, but I don't have any experience whatsoever with that. Cheers, -- ??????? ??????? Louis-Philippe V?ronneau ?????? pollo at debian.org / veronneau.org ??? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From pollo at debian.org Fri Oct 23 02:41:12 2020 From: pollo at debian.org (=?UTF-8?Q?Louis-Philippe_V=c3=a9ronneau?=) Date: Thu, 22 Oct 2020 20:41:12 -0400 Subject: Where can I buy a token that can run gnuk In-Reply-To: References: Message-ID: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> On 2020-10-22 20 h 17, Mike Tsao wrote: > https://shop.nitrokey.com/shop/product/nk-sta-nitrokey-start-6 I was under the impression the nitrokey start didn't run upstream gnuk, but a modified version. Am I wrong? > or just buy a $2 ST-Link clone like this > and flash it to gnuk > like this . Thanks for the link, that's helpful! -- ??????? ??????? Louis-Philippe V?ronneau ?????? pollo at debian.org / veronneau.org ??? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From vagrant at debian.org Fri Oct 23 02:52:56 2020 From: vagrant at debian.org (Vagrant Cascadian) Date: Thu, 22 Oct 2020 17:52:56 -0700 Subject: Where can I buy a token that can run gnuk In-Reply-To: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> References: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> Message-ID: <87eelpahlj.fsf@ponder> On 2020-10-22, Louis-Philippe V?ronneau wrote: > On 2020-10-22 20 h 17, Mike Tsao wrote: >> or just buy a $2 ST-Link clone like this >> and flash it to gnuk >> like this . > > Thanks for the link, that's helpful! At one point I attempted this, but apparently ordered clones with insufficient flash capacity... many do not advertise exactly how much flash is included, and I've heard of some people ordering from the same vendor getting a variable amount of flash with each device, even in a single order with multiple devices. So you might need to try a few orders... before you luck out. Some freinds were going to attempt to upgrade the flash on some of my devices by ordering a flash with sufficient capacity and desoldering the old one, but never got around to it. So, in short, good luck! :) live well, vagrant -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From mike at sowbug.com Fri Oct 23 05:55:44 2020 From: mike at sowbug.com (Mike Tsao) Date: Thu, 22 Oct 2020 20:55:44 -0700 Subject: Where can I buy a token that can run gnuk In-Reply-To: <87eelpahlj.fsf@ponder> References: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> <87eelpahlj.fsf@ponder> Message-ID: That's absolutely true. I've had better luck; I've never gotten a 64K chip (even though they all report 64K). There is a fork of the stlink tool that is modified to assume that the chip is 128K regardless of what it reports. If you use standard stlink or openocd, you might believe the error messages and conclude the chip is insufficient. It's also possible to be fooled that something's wrong if the readout protection is enabled, which it often is on stlink boards. My notes to myself about how to use the modified stlink tool are here . The C8T6HACK=1 part is the important part. On Thu, Oct 22, 2020 at 7:51 PM Vagrant Cascadian wrote: > On 2020-10-22, Louis-Philippe V?ronneau wrote: > > On 2020-10-22 20 h 17, Mike Tsao wrote: > >> or just buy a $2 ST-Link clone like this > >> and flash it to gnuk > >> like this . > > > > Thanks for the link, that's helpful! > > At one point I attempted this, but apparently ordered clones with > insufficient flash capacity... many do not advertise exactly how much > flash is included, and I've heard of some people ordering from the same > vendor getting a variable amount of flash with each device, even in a > single order with multiple devices. So you might need to try a few > orders... before you luck out. > > Some freinds were going to attempt to upgrade the flash on some of my > devices by ordering a flash with sufficient capacity and desoldering the > old one, but never got around to it. > > So, in short, good luck! :) > > > live well, > vagrant > _______________________________________________ > Gnuk-users mailing list > Gnuk-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnuk-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From szczepan at nitrokey.com Fri Oct 23 10:10:51 2020 From: szczepan at nitrokey.com (Szczepan Zalega | Nitrokey) Date: Fri, 23 Oct 2020 10:10:51 +0200 Subject: Where can I buy a token that can run gnuk In-Reply-To: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> References: <7d6dfdc7-47fe-5a69-a882-e2b0d277fd8f@debian.org> Message-ID: On 10/23/20 2:41 AM, Louis-Philippe V?ronneau wrote: > I was under the impression the nitrokey start didn't run upstream gnuk, > but a modified version. Am I wrong? Hi! That's right. Our modifications are here [1]. The most prominent one is probably the user data region extension, which triples the available key pairs storage. However you can build and flash upstream if you wish (the board configuration is already there). Best regards, Szczepan [1] https://github.com/Nitrokey/nitrokey-start-firmware -- Szczepan Zalega Senior Software Developer Nitrokey GmbH https://www.nitrokey.com Email: szczepan at nitrokey.com Nickname: szszszsz Rheinstr. 10 C, 14513 Teltow, Germany CEO / Gesch?ftsf?hrer: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / USt-IdNr.: DE300136599