Topic: Laser Fault Injection on a Coldcard Mk2 (Read 115 times)

Bump

The Kingpin video was better and included many more details. I wish Ledger had done better and showed more in their video. But they are obviously not interested in making everything public for everyone's safety.

I wish we could have seen more of what happens when the laser beam hits the correct spot on the chip and finds a vulnerable transistor. How does that lead to them extracting the seed from it? They completely skipped that part and only showed the result, which was the discovery of the seed.   

It really is interesting watching things like this. I saw the mention of the attack and as Pmalek noted, made a brief comment about it. But due to the expense and the fact that a fraction of a mm screw up while taking the chip apart will destroy it, it's not something I worry about.

BUT.... And I put all hardware wallet developers in the same pile here. THEY REALLY SHOULD HAVE HAD AN VERY DISCOUNTED UPGRADE OPTION FOR PEOPLE.

I already had a Mk3 and had given my Mk2 to someone to play with. But still, a 'we messed up, and although this will probably never happen, here is a coupon for $xxx off a new one" would have been nice.

-Dave

• This particular attack was carried out by Ledger’s Donjon team in 2020.
• For some reason, Ledger released a video with information about the attack only on 31 January 2021.
• This type of attack can’t be performed on a Coldcard Mk3 because it’s equipped with a better secure element. Mk2 uses ATECC508A, while Mk3 is fitted with an ATECC608A.
• The attack requires physical access to the device and an expensive laser-fault injector machine that costs $200.000, according to Coinkite.
• The vulnerability was reported to Coldcard and fixed.

DaveF mentioned this vulnerability briefly here. I enjoyed watching the Kingpin video that dkbit98 posted where a Trezor One with outdated firmware was hacked. Having seen the fault injection attack by Ledger, I wanted to create something similar.

The Donjon team performed a laser fault attack on the chip of the Mk2 with the aim of recovering the seed that the wallet is supposed to protect. By throwing a laser beam on the transistors, it’s possible to change their behavior. Transistors are susceptible to light. The exploit is supposed to trick the circuit into giving the attackers access to sensitive data.

The Coldcard needs to be dismantled for the circuit to be extracted to perform the attack. The target is the secure element that, once recovered, will be stripped of its plastic case. Once the plastic is gone, the attackers can gain access to the transistors. The chip's silicon also needs to be ground down before the secure element is welded to a new circuit board (daughterboard).

The first attempt to access the seed was unsuccessful because the correct PIN code was not provided. However, the hardware component should be tricked into revealing the data by applying laser beams. The circuit board is then connected to an oscilloscope to measure the unit’s electrical activity. That helped the Donjon team to find when exactly to apply the laser beams.

They then used a microscope to determine where on the chip the attack needed to be performed. A vulnerable transistor can be found by looking through the microscope and using the laser. Before that happens, laser beams are injected into random parts of the chip. The computer program shows red dots for transistors that aren’t vulnerable to laser attacks. The goal is to keep going until a green dot appears.

Once it did, they gained access to the seed that isn’t shown in the standard human-readable form.



Sources:
https://www.youtube.com/watch?v=s3f1zNpzINY
https://blog.coinkite.com/laser-fault-injection/