414: Puff, the Magically Secure Dragon

Laura Abbott of Oxide Computer spoke with us about a silicon bug in the ROM of the NXP LPC55, affecting the TrustZone. 

More information about the two issues are in the Oxide blog:

More about LPC55S6x and their LPC55Sxx Secure Boot

Ghidra is a software reverse engineering framework… and it is one of the NSA’s github repositories.

Laura will also be speaking about this at Hardwear.io in early June 2022 in Santa Clara. 

Twitter handles: @hardwear_io, @oxidecomputer, @openlabbott,

The vulnerability was filed with NIST: NVD - CVE-2021-31532

Transcript

399: Hey, What's Going On?

Jen Costillo joined us to talk about voice acting, reverse engineering, podcasting, and dance.

Jen’s podcast is the Unnamed Reverse Engineering Podcast, found in all your usual podcast places. Jen and her co-host Alvaro were on an episode of Opposable Thumbs podcast.

Find Jen on Twitter at @RebelbotJen (also @unnamed_show and @catmachinesSF). Rebelbot.com has her blog and Cat Machines Dance is her site devoted to dance (including the mentioned video about dancers and the pandemic).

The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks by Jasper van Woudenberg and Colin O'Flynn 

Jen is studying voice-overs at VoicetraxSF 

Jen has been on the show many times in the past. Some of our favorites include

370: This Is the Whey

Alvaro Prieto (@alvaroprieto) spoke with us about cheese, making, work, the reverse engineering podcast, weather, and motivation.

Alvaro is a host of the Unnamed Reverse Engineering podcast. Some of his favorite episodes include #41 with Samy Kamkar, #14 with Joe Grand, and #23 with Major Malfunction. (Jen Costillo co-hosts the show and has been on Embedded several times.)

Alvaro works at Sofar Ocean, making oceanic sensing platforms. He has a personal website linking to his other exploits.

We talked about some Embedded episodes as well:

Also, we’ve all really enjoyed the Disney’s Mandolorian.

352: Baby's First Hydrofluoric Acid

John McMaster (@johndmcmaster) told us about the process of opening up chips to see how the processors are structured and what the firmware says. 

See John’s website for information on getting started (as well as digging much deeper).

John has given some interesting Hardwear.io talks including Capturing Mask ROMs and Taming Hydrofluoric Acid to Extract Firmware. His talks and many others are available on the Hardwear.io archive. Or sign up for the Hardwear.io Online Hardware Security Training, Berlin Jan 2021.

As mentioned in the show:


304: ADC Channel Six

What do you get when you connect the open-source reverse engineer of Valve’s Steam Controller and the main electrical engineer of said device?

Jeff Keyzer (@mightyohm) and Gregory Gluszek (@greggersaurus) join us to talk about building and taking apart devices.

Greg’s project is on github as the OpenSteamController. He used pinkySim, an ARM simulator.

Jeff has left Valve and is now a freelance engineer as well as selling kits on mightyohm.com. The incredibly useful comic on how to solder lives there: mightyohm.com/soldercomic

I-Opener was the computer discussed.