-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been given the (possibly hard) task of extracting the core program from a Dallas DS-2250 chip. The chip is part of a currency validation device and we are assessing its security. In the same family is a Dallas DS 5000, info on this chip would also do. As far as I know, the chip is not using any external RAM. The chip is battery backed. At the heart of this processor is a piece of software that defines what it is looking for in the currency. Basically, if I can get this piece of software from this "secure processor" I can show the system to be "not completely 100% secure". Apparently the chip has safeguards against extracting this, and it can wipe the data, in this case I class that as "failed". Please don't just point me to resources on the web and tell me that I can disassemble the chip layer-by-layer, as this is not an option, however resources on the web where protocol or encryption based attacks can be used would be great! The chip can be interrogated and the software can be uploaded and downloaded somehow, that is how I have to do it! I have access to some excellent electronics hardware and software techs and a full electronics workshop. If anyone has had any experience with this sort of thing, could you please respond. Basically though I get almost no chance for error, one slip and the chip wipes itself! I really prefer pen-tests on Windows NT :) - -- Benjamin Holmes Getronics, Brisbane. E&OE. All spelling and grammatical errors are for your enjoyment and entertainment only and are copyright Benjamin Holmes. This message is guaranteed free of exotic diseases. This e-mail message and any attachments are confidential and may be privileged. If you are not the intended recipient, please notify me immediately by replying to this message and please destroy all copies of this message and attachments. Please also try to forget everything you have read that was contained in this E-Mail message, except this part, and you may not copy it. Thank you. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> Comment: Pee Gee Peeeeee! iQA/AwUBPH82V3LvuelW5gClEQI4WQCgx0IASVqebKJSrfpcPeAqp7gp8dAAn3GH VPG9lS6UV+7Qz8/sJ5ha+iyk =AF+c -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 08:07:44 PST