Kudzoreredza uye kubhejera ekunze-yekuvharisa madhiraivha ndiyo yangu yekare yandaifarira. Kare, ndaiva nemukana wekudzidzira nemhando dzakadai seZalman VE-400, Zalman ZM-SHE500, Zalman ZM-VE500. Nguva pfupi yadarika, mumwe wandaishanda naye akandiunzira chimwe chiratidziro: Patriot (Aigo) SK8671, iyo inovakwa zvinoenderana neyakajairwa dhizaini - chiratidzo cheLCD uye keyboard yekupinda PIN kodhi. Ndizvo zvakabuda...
1. Nhanganyaya
Housing
Packing
Kuwana iyo data yakachengetwa padhisiki, iyo inonzi yakavharidzirwa, inoitwa mushure mekupinda PIN kodhi. Zvinyorwa zvishoma zvesumo pachigadzirwa ichi:
- Kuti uchinje PIN kodhi, unofanirwa kudzvanya F1 usati wavhura;
- Iyo PIN kodhi inofanira kuva kubva pa6 kusvika pa9 manhamba;
- Mushure mekuedza 15 kusina kururama, disk inobviswa.
2. Hardware architecture
Kutanga, isu tinotsemura mudziyo kuita zvidimbu kuti tinzwisise kuti ine zvikamu zvipi. Basa rinonyanya kunetesa kuvhura kesi: yakawanda microscopic screws uye epurasitiki. Tavhura kesi, tinoona zvinotevera (teerera kune mashanu-pini yekubatanidza yandakatengesa):
2.1. Main board
Iyo main board iri nyore:
Zvikamu zvaro zvinonyanya kukosha (ona kubva kumusoro kusvika pasi):
- chinongedzo cheLCD chiratidzo (CN1);
- tweeter (SP1);
- PM25LD010 (SPI flash drive (U2);
- Jmicron JMS539 controller () ye USB-SATA (U1);
- USB 3 connector (J1).
Iyo SPI flash drive inochengeta iyo firmware yeJMS539 uye mamwe marongero.
2.2. LCD chiratidzo chebhodhi
Hapana chinoshamisa pane LCD board.
Chete:
- LCD chiratidzo cheasingazivikanwe mabviro (pamwe neChinese font set); ne sequential control;
- Ribhoni yekubatanidza yekhibhodi bhodhi.
2.3. Keyboard board
Paunenge uchiongorora bhodhi rebhodhi, zvinhu zvinotora mukana unonakidza.
Pano, kudivi rekuseri, tinoona ribhoni yekubatanidza, pamwe neCypress CY8C21434 microcontroller PSoC 1 (pano tichazoidaidza kuti PSoC)
CY8C21434 inoshandisa iyo M8C yekuraira seti (ona ) Pa [peji yechigadzirwa]( () inoratidzwa kuti inotsigira tekinoroji (mhinduro kubva kuCypress, ye capacitive keyboards). Pano iwe unogona kuona shanu-pini yekubatanidza yandakatengesa - iyi inzira yakajairwa yekubatanidza wekunze programmer kuburikidza neISSP interface.
2.4. Kutarisa waya
Ngatione kuti chii chakabatana pano. Kuti uite izvi, ingo edza waya ne multimeter:
Tsananguro dzemufananidzo uyu wakadhirowewa pamabvi:
- Iyo PSoC inotsanangurwa mune tekinoroji yakatarwa;
- iyo inotevera yekubatanidza, iyo kurudyi, ndiyo ISSP interface, iyo, nekuda kwekupedzisira, inoenderana nezvakanyorwa pamusoro payo paInternet;
- Iyo yekurudyi yekubatanidza ndiyo terminal yeribhoni yekubatanidza kune keyboard board;
- Rectangle nhema mufananidzo weCN1 yekubatanidza, yakagadzirirwa kubatanidza bhodhi guru kuLCD board. P11, P13 uye P4 zvakabatana nePSoC pini 11, 13 uye 4, paLCD board.
3. Kutevedzana kwematanho ekurwisa
Iye zvino zvatava kuziva kuti dhiraivha iyi ine zvikamu zvipi, tinoda: 1) kuve nechokwadi chekuti iyo yakakosha encryption inoshanda iripo; 2) tsvaga kuti encryption kiyi inogadzirwa / inochengetwa sei; 3) tsvaga painotariswa iyo PIN kodhi.
Kuti ndiite izvi ndakaita nhanho dzinotevera:
- yakatora data dump kubva kune SPI flash drive;
- akaedza kurasa data kubva kuPSoC flash drive;
- yakasimbiswa kuti kutaurirana pakati peCypress PSoC neJMS539 chaizvoizvo ine keystrokes;
- Ndakaita chokwadi chekuti pakuchinja password, hapana chinonyorwa muSPI flash drive;
- yaive nehusimbe hwekudzosera iyo 8051 firmware kubva kuJMS539.
3.1. Kutora dump yedata kubva kune SPI flash drive
Iyi nzira iri nyore kwazvo:
- batanidza probes kumakumbo e flash drive: CLK, MOSI, MISO uye (optional) EN;
- "kunhuwa" kutaurirana nemunhu anofembedza achishandisa logic analyzer (ndakashandisa );
- decode SPI protocol uye kutumira kunze kune CSV;
- tora zvakanaka kuongorora zvabuda uye kuwana kuraswa.
Ndokumbira utarise kuti nzira iyi inoshanda zvakanyanya mune yeJMS539 controller, sezvo mutongi uyu achitakura ese firmware kubva kuflash drive padanho rekutanga.
$ decode_spi.rb boot_spi1.csv dump
0.039776 : WRITE DISABLE
0.039777 : JEDEC READ ID
0.039784 : ID 0x7f 0x9d 0x21
---------------------
0.039788 : READ @ 0x0
0x12,0x42,0x00,0xd3,0x22,0x00,
[...]
$ ls --size --block-size=1 dump
49152 dump
$ sha1sum dump
3d9db0dde7b4aadd2b7705a46b5d04e1a1f3b125 dumpNdatora dump kubva kuSPI flash drive, ndakasvika kumhedziso yekuti basa rayo chete nderekuchengetedza iyo firmware yeJMicron control kifaa, iyo yakavakirwa mu8051 microcontroller. Nehurombo, kutora kuraswa kweSPI flash drive kwakave kusingabatsiri:
- kana iyo PIN kodhi yakashandurwa, iyo flash drive dump inoramba yakafanana;
- Mushure mekutanga nhanho, chishandiso hachiwane SPI flash drive.
3.2. Kufembedza kutaurirana
Iyi ndiyo imwe nzira yekutsvaga kuti ndeipi chip ine basa rekutarisa kutaurirana kwenguva / zvirimo zvekufarira. Sezvatinotoziva, iyo USB-SATA controller yakabatana neCypress PSoC LCD kuburikidza nekubatanidza CN1 uye maviri maribhoni. Naizvozvo, tinobatanidza probes kumakumbo matatu anoenderana:
- P4, general input/output;
- P11, I2C SCL;
- P13, I2C SDA.
Ipapo isu tinotangisa iyo Saleae logic analyzer uye pinda pane keyboard: "123456 ~". Nekuda kweizvozvo, tinoona dhayagiramu inotevera.
Pairi tinogona kuona nzira nhatu dzekuchinjana data:
- kune akati wandei mapfupi kuputika pachiteshi P4;
- paP11 uye P13 - inenge inoenderera mberi data exchange.
Tichikwevera mukati pane yekutanga spike pachiteshi P4 (rectangle yebhuruu mumufananidzo wapfuura), tinoona zvinotevera:
Pano iwe unogona kuona kuti paP4 pane inenge 70ms yechiratidzo chinotyisa, icho pakutanga chaiita sendiri kutamba basa rechiratidzo chewachi. Nekudaro, mushure mekupedza imwe nguva ndichitarisa fungidziro yangu, ndakaona kuti iyi haisi chiratidzo chewachi, asi rwizi rweodhiyo runobuditswa kune tweeter kana makiyi adzvanywa. Nokudaro, chikamu ichi chechiratidzo pachacho hachina ruzivo runobatsira kwatiri. Nekudaro, inogona kushandiswa sechiratidzo kuziva kana iyo PSoC inonyoresa kiyi yekutsikisa.
Nekudaro, ichangoburwa P4 odhiyo rukova rwakasiyana zvishoma: ndiyo odhiyo ye "isina PIN"!
Kudzokera kune keystroke girafu, kuswededza mukati mekupedzisira odhiyo rwizi girafu (ona yebhuruu rectangle zvakare), tinowana:
Pano tinoona monotonous masaini paP11. Saka zvinoita sekunge ichi ndicho chiratidzo chewachi. Uye P13 idata. Cherechedza kuti maitiro anochinja sei mushure mokunge beep yapera. Zvingave zvinonakidza kuona zvinoitika pano.
Maprotocol anoshanda newaya mbiri anowanzo SPI kana I2C, uye tekinoroji yeCypress inotaura kuti mapini aya anoenderana neI2C, yatinoona ichokwadi kwatiri.
Iyo USB-SATA chipset inogara ichivhota iyo PSoC kuti iverenge mamiriro ekiyi, iyo nekusarudzika ndeye "0". Zvino, paunodzvanya kiyi "1", inoshanduka kuita "1". Kutumira kwekupedzisira pakarepo mushure mekudzvanya "~" kwakasiyana kana PIN kodhi isiriyo yaiswa. Nekudaro, parizvino handisati ndatarisa kuti chii chiri kufambiswa ipapo. Asi ini ndinofungidzira kuti izvi hazvigone kuve kiyi yekuvharira. Zvakadaro, ona chikamu chinotevera kuti unzwisise kuti ndakabvisa sei iyo PSoC yemukati firmware.
Source: www.habr.com