Degate: The stakes and challenges of silicon reverse engineering

Speaker(s): Dorian Bachelot
email: contact [at] dorianb.net
other information: https://dorianb.net

Downloads

Slides (Soon)

Abstract

In recent years, there has been a growing emphasis on security and trust in software and infrastructure, where security through obscurity is increasingly being countered by numerous auditing and reverse-engineering tools. In a context where many safety-critical components are implemented in hardware (TPM, cryptography, biometric authentication, crypto-asset securitization, RFID...), we cannot trust a system simply by checking and validating its software (firmware, driver...). While analyzing PCBs is accessible, going into the silicon to check implementations' security is a lot more complex and costly, but remain one of the only solution to fully trust a closed system (let aside reimplementation).

Degate^[1] is an open-source tool for reverse engineering silicon chips, aimed at providing a complete workflow (from chip images to VHDL/Verilog) for community-led analysis. It can be used to understand old and recent chips, to check algorithms' implementations or to search for vulnerabilities and backdoors.

This talk introduces Degate, presents the challenges of reverse engineering silicon chips and shows a real-world analysis that led to critical discoveries. We first present the importance of low-level hardware validation for security, and list the tools and products available for this task. We then outline the background and current status of Degate, and all the associated engineering and research challenges. Finally, we take the famous case of the MIFARE Classic RFID chip^[2] as an example and look at the future horizon of reverse engineering silicon chips.

Software

General information

Website: https://www.degate.org/
Repository: https://github.com/DegateCommunity/Degate
Main documentation website: https://degate.readthedocs.io/en/latest/

Roadmap

The Roadmap is accessible here: https://github.com/DegateCommunity/Degate/blob/develop/ROADMAP.md

References

↑ Schobert, M.: Interactive Functions of the Degate Software Package (2012)
↑ Nohl, Evans, Starbug, and Plötz. 2008. Reverse-engineering a cryptographic RFID tag.

[1] Schobert, M.: Interactive Functions of the Degate Software Package (2012)

[2] Nohl, Evans, Starbug, and Plötz. 2008. Reverse-engineering a cryptographic RFID tag.

[1]

[2]