Wanted: Help to analyze (backdoored) Omnisec devices

coderman coderman at protonmail.com
Fri Nov 27 08:30:28 PST 2020

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, November 26, 2020 11:41 AM, Hernâni Marques <hernani at vecirex.net> wrote:

> Dear Cypherpunks
> Adrienne Fichter, Journalist of Republik, is
> searching for people who hep to analyze (backdoored) Omnisec devices, ...
> German tweet, with her asking for action:
> https://twitter.com/adfichter/status/1331908267803553793

it's a fax encryption/decryption hardware. would be interesting to look for methods of master key extraction. the attack surface looks pretty rich: https://www.inmarsat.com/wp-content/uploads/2013/10/Inmarsat_Using_Omnisec_525_over_BGAN.pdf

another model to consider is the Omnisec 222, often code (and bugs) re-used across model families :)

look for debug pads and surprise functionality, https://github.com/grandideastudio/jtagulator , https://github.com/usb-tools/Facedancer . might need to read flash memory directly: https://libreboot.org/docs/install/rpi_setup.html

attack retrieved images with Ghidra and friends.

if target is hard, try glitch attacks. https://tches.iacr.org/index.php/TCHES/article/view/7390 .

sounds like fun!

best regards,

More information about the cypherpunks mailing list