defcon moscow #0x0a - dmitry nedospasov "wtfpga?!"
TRANSCRIPT
-
WTFPGA?!
DC7499
mailto:[email protected]
-
TU Berlin,
Olivier THOMAS Texplained SARL
IC RE 101 Keep it Synple Stupid
Hardware Security TU Berlin
Yubikey
Twitter: @nedosEmail: [email protected]
...
mailto:[email protected]
-
FPGA?
-
WTFPGA?! FPGA - .
.
. .
.
-
Simluation
Synthesis
Place and Route
RTLRTLHDL
RTLRTLRTL
Schematic
RTLRTLBitstream
-
Simluation
Synthesis
Place and Route
RTLRTLHDL
-
HDL
(HDL - Hardware Description Language).
HDL .
, HDL .
, Verilog VHDL.
-
Hardware Security Lab
S
8 9 10 11 12 13 14 15
S
Figure 11: UART Timing Diagram
UART START
UART DATA
UART STOP
Default assignmentsvalid
-
RTL
and4b3
rx_data[7]_GND_1_o_equal_2_o1
I0
I1
I2
I3
O
and4b4
rx_data[7]_GND_1_o_equal_2_o2
I0
I1
I2
I3
O
and2
rx_data[7]_GND_1_o_equal_2_o3
I0
I1
O
rx_data[7]_GND_1_o_equal_2_o_imp:1
rx_data[7]_GND_1_o_equal_2_o_imp
rx_data(0)
rx_data(1)
rx_data(2)
rx_data(3)
rx_data(4)
rx_data(5)
rx_data(6)
rx_data(7)
rx_data(7)_GND_1_o_equal_2_o
and2b2
_n00851
I0
I1
O
or2
I0
I1
O
and2b1
I0
I1
O
Madd_bit_cnt[2]_GND_2_o_add_13_OUT1
Madd_bit_cnt[2]_GND_2_o_add_13_OUT1
DataA(2:0)
DataB(2:0)
Result(2:0)
or2
_n00941
I0
I1
O
Mmux_etu_cnt[8]_GND_2_o_mux_6_OUT1
Mmux_etu_cnt[8]_GND_2_o_mux_6_OUT1
Data0(8:0)
Data1(8:0)
Sel(0)
Result(8:0)
inv
din_GND_2_o_equal_5_o1
I O
Mmux__n00821
Mmux__n00821
Data0(2:0)
Data1(2:0)
Sel(0)
Result(2:0)
inv
_n0094_inv1
I O
Mmux_GND_2_o_etu_cnt[8]_mux_10_OUT1
Mmux_GND_2_o_etu_cnt[8]_mux_10_OUT1
Data0(8:0)
Data1(8:0)
Sel(0)
Result(8:0)
Mmux_etu_cnt[8]_GND_2_o_mux_20_OUT1
Mmux_etu_cnt[8]_GND_2_o_mux_20_OUT1
Data0(8:0)
Data1(8:0)
Sel(0)
Result(8:0)
Madd_etu_cnt[8]_GND_2_o_add_3_OUT1
Madd_etu_cnt[8]_GND_2_o_add_3_OUT1
DataA(8:0)
DataB(8:0)
Result(8:0)
fde
C
CE
D Q
Mmux_state[1]_etu_cnt[8]_mux_28_OUT1
Mmux_state[1]_etu_cnt[8]_mux_28_OUT1
Data0(8:0)
Data1(8:0)
Data2(8:0)
Data3(8:0)
Sel(0:1)
Result(8:0)
and3
bit_cnt[2]_PWR_2_o_equal_15_o1
I0
I1
I2
O
etu_half_imp
etu_half_imp
etu_cnt(0)
etu_cnt(1)
etu_cnt(2)
etu_cnt(3)
etu_cnt(4)
etu_cnt(5)
etu_cnt(6)
etu_cnt(7)
etu_cnt(8)
etu_half
fd
C
D Q
state1
state1
bit_cnt(2)_PWR_2_o_equal_15_o
Clk_FSM
din
etu_full
etu_half
state(0)
state(1)
etu_full_imp
etu_full_imp
etu_cnt(0)
etu_cnt(1)
etu_cnt(2)
etu_cnt(3)
etu_cnt(4)
etu_cnt(5)
etu_cnt(6)
etu_cnt(7)
etu_cnt(8)
etu_full
gnd
XST_GND
G
and2b1
I0
I1
O
Mmux_GND_2_o_din_MUX_23_o1
Mmux_GND_2_o_din_MUX_23_o1
Sel(0)
Data0
Data1
Result
inv
_n0076_inv1
I O
fde
C
CE
D Q
Mmux__n00951
Mmux__n00951
Data0(7:0)
Data1(7:0)
Sel(0)
Result(7:0)
fdr
valid
C
D
R
Q
uart_rx:1
rx_usb
clk
din
rst
data_out(7:0)
valid
and2
rx_valid_rx_data[7]_AND_1_o1
I0
I1
O
inv
rx_valid_INV_5_o1
I O
fd
target_rstn
C
D Q
top_sergio:1
top_sergio
clk
rx
target_rx target_rstn
target_tx
tx
Simluation
Synthesis
Place and Route
RTLRTLRTL
Schematic
-
Simluation
Synthesis
Place and Route RTLRTLBitstream
-
Papilio Pro
Header
FPGA
FTDI
-
ARM Cortex M3
UART
JTAG
LPC1343
-
CommsFTDI
TtyUSB0 TtyUSB1
FPGA
JTAG UART
UART
ARM Cortex M3UART
reset
-
Password