On 11/02/13 09:11, Adam Laurie wrote:
The Atmel AT91SAM7XC series of microprocessors contain a crypto co-processor which is DES and AES capable. They include a write-only memory for key storage and multiple physical security measures to prevent decapping etc. However, due to poor memory management, in certain circumstances it is possible to recover the crypto keys from a live system via the standard JTAG programming interface. These circumstances are made more likely to exist in the wild by the fact that the example software provided by Atmel is itself vulnerable.
It has been pointed out that in fact the example code is not vulnerable due to a subtlety in variable declaration. I have amended the post to take this into account, and apologise for the mis-information. However, the point about lack of clarity on this issue still stands, and, as we've seen, the potential for error still exists.
Full story here: http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processor-key.html
cheers, Adam -- Adam Laurie Tel: +44 (0) 20 7993 2690 Suite 117 Fax: +44 (0) 20 7691 7776 61 Victoria Road Surbiton Surrey mailto:adam@xxxxxxxxxxxxx KT6 4JX http://rfidiot.org