Wanted: Help to analyze (backdoored) Omnisec devices
coderman
coderman at protonmail.com
Fri Nov 27 08:30:28 PST 2020
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, November 26, 2020 11:41 AM, Hernâni Marques <hernani at vecirex.net> wrote:
> Dear Cypherpunks
>
> Adrienne Fichter, Journalist of Republik, is
> searching for people who hep to analyze (backdoored) Omnisec devices, ...
> German tweet, with her asking for action:
>
> https://twitter.com/adfichter/status/1331908267803553793
it's a fax encryption/decryption hardware. would be interesting to look for methods of master key extraction. the attack surface looks pretty rich: https://www.inmarsat.com/wp-content/uploads/2013/10/Inmarsat_Using_Omnisec_525_over_BGAN.pdf
another model to consider is the Omnisec 222, often code (and bugs) re-used across model families :)
look for debug pads and surprise functionality, https://github.com/grandideastudio/jtagulator , https://github.com/usb-tools/Facedancer . might need to read flash memory directly: https://libreboot.org/docs/install/rpi_setup.html
attack retrieved images with Ghidra and friends.
if target is hard, try glitch attacks. https://tches.iacr.org/index.php/TCHES/article/view/7390 .
sounds like fun!
best regards,
More information about the cypherpunks
mailing list