Introducing Die Datenkrake: Programmable Logic for Hardware Security Analysis Dmitry Nedospasov Thorsten Schroder¨ FG SecT, TU Berlin modzero AG [email protected] [email protected] Abstract Several open source projects are built around pro- grammable microcontrollers and serial interfaces. Such This work presents Die Datenkrake, an open source platforms commonly include a serial bootloader to facil- hardware USB peripheral for hardware analysis. Die itate firmware upgrades via the USB to serial interface Datenkrake is comprised of an ARM microcontroller and without the need for an external programmer. One of the a Field Programmable Logic Array. The design of Die most popular projects is the Arduino platform. The Ar- Datenkrake overcomes many limitations that are com- duino is especially popular because of the availability of mon to widely used embedded hardware analysis tools. expansion boards known as “shields” for the character- The programmable logic makes it possible to add addi- istic Arduino footprint. Shields are available that sup- tional functionality to the ARM MCU such as additional plement common interfaces and functionality, including I/O interfaces, support for proprietary protocols and real- radio interfaces, such as Bluetooth and WiFi. The pro- time signal processing in hardware. This work also grammable pins of the Arduino make it possible to im- presents several example applications that can greatly plement low-speed serial protocols via bit-banging. It is benefit from utilizing such a platform versus standard possible to perform common embedded hardware secu- tools. rity analysis tasks, such as interfacing to or eavesdrop- ping on embedded memories and interfaces. One of the 1 Introduction most notable examples of such an Arduino-based project is JTAGEnum [6], a powerful Arduino sketch for enu- In the world of software security, many tools for binary merating and detecting JTAG interfaces. analysis are readily available. Many popular binary anal- One of the simplest and most versatile tools for em- ysis tools, such as IDA Pro [4], provide extensible plug- bedded analysis is the Dangerous Prototypes Bus Pi- in architectures. Any functionality missing in the core rate [11]. Unlike the Arduino, the Bus Pirate is com- application itself can be implemented as a plug-in. The monly available with a simple set of test leads to con- extensibility of these tools has made them particularly nect to headers on embedded devices. The connector on popular. Moreover, entire ecosystems of plug-ins and the Bus Pirate itself is a standard shrouded 10-pin header extensions already exist. Plug-ins can make it possible that makes it trivial to make custom cables to interface to seamlessly export data or interface to other programs. to other devices. The code running on the Bus Pirate In embedded security the picture is very different. In- hardware provides support for various common embed- terfacing with the target device can be particularly tricky. ded buses and interfaces. Incoming data from external Embedded hardware analysis may require the simulta- interfaces is processed and decoded by the microcon- neous measurement of several signals. For simple ap- troller and the data is sent via the serial interface to the plications, standard measurement equipment may suf- PC. Such a configuration makes it possible to implement fice. In fact, modern measurement equipment such as a user-facing Command Line Interface (CLI) to switch digital storage oscilloscopes and logic analyzers provide between different modes of operation. protocol decoders for many standard embedded proto- However, both the Bus Pirate and Arduino lack the cols. Segmented memory ensures that only traces of rel- real-time performance necessary for interfacing to high- evant data are captured by the hardware. The problem speed memory interfaces. In his seminal work, “Hacking arises when analyzing proprietary protocols that are not the XBOX” [5], Andrew “Bunnie” Huang details the pro- included in the device’s set of standard protocols. cess of interfacing to the Hypertransport bus on the PCB. 1 To capture the high-speed signals on the device, a buffer- vent of programmable logic makes analysis significantly ing circuit was used to convert the differential signaling easier. The DDK utilizes an ARM Cortex-M3 microcon- to single ended I/O. Subsequently signals were sampled troller (MCU) and an FPGA to provide maximum flex- and buffered in a FIFO implemented on an Field Pro- ibility for embedded applications. The ARM MCU is grammable Gate Array (FPGA). The setup utilizes the connected to a PC via a USB-to-serial interface and is advanced I/O configurations that are available on modern also connected to the FPGA via a parallel bus and multi- FPGAs to demultiplex and capture dataflows that exceed ple serial interfaces. The FPGA provides programmable the speed of communication link to the PC. logic and an interface to eight channels of General Pur- Though low-cost FPGA and CPLD development pose I/O (GPIO). Each GPIO channel consists of six boards have become readily available in recent years, individually configurable bidirectional pins. Internally, they remain fairly unattractive for embedded analysis. the DDK uses a common open-source bus, making it Most development boards are not tailored for the imple- particularly easy to integrate existing logic implementa- mentation of custom interfaces for embedded analysis as tions. Additional I/O protocols can be implemented for development boards commonly supply only high-density the GPIO channels as well as additional logic for real- I/O expansion connectors. Procurement of such connec- time data analysis. The DDK is open-source hardware – tors can be very difficult and they require adapter PCBs the hardware design files, as well as the HDL and C code to access individual pins. Additionally, development are completely open-source and freely available on the boards generally provide only a single programmable de- project website [3]. vice. Using solely an FPGA for such applications makes it difficult to efficiently load and change parameters of Organization registers implemented on the FPGA. By instead integrat- ing a microcontroller alongside the FPGA, the microcon- The rest of this paper is structured as follows. Section 2 troller can be interfaced directly to the FPGA’s bus and illustrates several hardware security applications that can used for the configuration internal registers of the FPGA. strongly benefit from programmable logic. Section 3 High-end test and measurement equipment generally covers the design of Die Datenkrake and describes essen- runs full-blown operating systems and high-performance tial features missing in other platforms. Further refine- processors. Standardized interfaces, such as VISA [8], ments for future generations of the DDK are presented allow users to access capture data directly so that pro- in Section 4. Finally, we conclude with a summary of tocol analysis can ostensibly be performed on a PC af- what is necessary for embedded hardware analysis in ter capturing the data. However, very few manufactur- Section 5. ers of test and measurement equipment provide an ex- tensible interface to the actual measurement hardware. Without direct hardware access, real-time analysis be- 2 Example Applications comes particularly difficult to implement efficiently or at all. One interesting solution is the National Instru- Programmable logic offers many benefits over general ments FlexRIO [7]. The FlexRIO is an expansion board purpose programmable microcontrollers. By utilizing for the National Instruments PXI backplane system that these advantages, targets can be analyzed more effi- adds programmable logic for implementing custom I/O ciently. This section covers three embedded security ex- interfaces. The system implements the necessary inter- amples that highlight the advantages of programmable faces for communication with the PC. Hence, users must logic. Specifically, analysis of multiple target devices in only supply the programmable logic to implementation parallel, applications with advanced timing constraints for the custom I/O that interfaces. Characteristic to Na- and timing critical real-time signal processing scenarios tional Instruments the system requires the hardware to are presented. The DDK provides eight identical, but be programmed in National Instrument’s LabView pro- individually configurable channels each with six bidirec- gramming environment. This makes this solution partic- tional GPIO pins. For simplicity, only a single channel, ularly unattractive as it adds significant licensing costs chX, is illustrated in each of the following examples, see for users outside of universities. Figures 1, 2 and 5. In this work we introduce Die Datenkrake1 (DDK for short), a low-cost extensible hardware analysis platform. 2.1 Hardware Interfacing We highlight several example applications where the ad- One of the greatest challenges in embedded device anal- 1 Datenkrake - literally “Data Octopus”, is German slang for orga- ysis is interfacing to the devices themselves. Embed- nizations with questionable privacy practices that hoard and resell user data. The platform consists of eight user-configurable channels for in- ded devices generally provide only limited low-speed terfacing to external data sources, hence the name. serial communication interfaces. However the effective 2 supply voltage of the target device via a pass transistor. tx1 rx This implementation was completely realized in the pro- rx1 tx u1 grammable