/299$32c3-talk-7496

Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!

======================================================================

Many people see huge difference in hacking and using methods deployed or other automated exploitation tools. Still, these tools paved the way to quick and easy system analysis. Yesterday and today, we have heard talks concerning software and hardware vulnerabilities. Hots Floyd wants to make it easier to look and analyze those vulnerabilities with your devices. Sometimes it is just about having the right tool here now to present the right tool. Julian and Gwendolyn. Thank you very much. Good evening, everyone. You are a lot of an amazing surprise for us. Uh, so I'm a little stressed, of course. So let's get started, uh, with this presentation of our, uh, we intend to show you, uh, the gulf between the values, the project, the goal we want to reach and how we are going to reach it. Uh, we will end the presentation with, uh, a lifetime of the tool. Uh, we like to live dangerously. So before I started the quick introduction about this, so I'm going I'm a protester and a software developer among. And, uh, therefore, I'm in charge of the eye-level, a alien level, part of the development, like the graphical interface, and of course, I do love advertising and that's why I'm working on this project with Julia. I'm Jim Up and electronic engineer, and I'm Software Baptista and all the weapons, of course. And imagine why don't you just, uh, uh, guy, because it's not expensive and it works perfectly. And for Oxblood Project, um, I'm the, uh, low level, uh, developers and I was born and developed, also called for, uh, microcontroller and, uh, vidale for the FPGA, uh, module. You you understand what FPGA after. OK, so the project is based on a simple fact that is the following the gap between hardware and software security widened since the 2000s. Uh, I think we can't really argue with that because we read and hear a lot more about software stuff being broken and fixed every day rather than hardware itself. And we think that it's because mainly as a hardware is a way to get acces
s to the software. And. Sorry. So, uh, though, so it turns out there is not a way to get access to the software, and that's very important for what's going on right now. I'm sure you you've read a lot about the Internet of things until you get fed up with it. These things that we are talking about, our products and stuff going from the simple smart T-shirt to the smart, some of the stuff that is going to regulate the temperature of critical devices. Don't ask me why you have to add the word smart before everything related to a lot of things that I don't know. And so just to say that it's not only about computer anymore and the question we ask ourselves is the security speaking is up to where the new software we will have in our hands a lot of products, a lot of electronic products able to connect itself to a network and we need to assess their security. And to assess the security of the software that we have made a lot of progress, we have great projects, we have great services, great tools, and if you try to compare it to the hardware, but, uh, you can see that we have very few implemented solutions. And so we think that it stems from a lack of awareness from the designers, for the little example, uh, one of our client was wondering, uh, reading the audit report of his project, uh oh, do you guys manage to get my feet wet? And the answer was really simple, it's we use the same way you used to put your finger in. Yes, it's true that. So quick, quick and dirty procedure for working, let's imagine you have a sing in front of you, an object, an electronic product, and you want the potential sorry data that can be stored in it. So the first step, of course, is trying to open the product. Uh, so some designers try to protect this step by making the product really difficult to open. Uh, so, of course, it's not the best solution, because if someone really wants to open the product, you will be able to do it. You will not just be able to rebuild it and make it work again. U
h, step number to fingerprinting. Uh, so when you have your product open, you will find the PCB probably with a lot of components, electronic components, and you just have to read also references of these components. And to find, uh, the interesting one and the step is read, the fucking data should step up. And when you have detected the interesting components like memories, uh, microcontroller, uh, you are going to use them. So you have to wait to that. You can insert a component and try to plug it on another piece of it to work on it more easily. Or you can directly connect the tool you are using. You are used to as a component to perform and an. So busway. And then when you are connected to it, you try to perform, read and write operation to access the data and then, of course, you have the data, you are going to reverse engineering the process to try to find vulnerabilities and to exploit it. Of course. This is our purpose, absolute purpose. It's to work, it's to dump all the data we want to do that. Uh, so but beyond that, we want to make this, uh, step number four right here to be child's play, OK? And we want to dump all the data allowing someone that is just able to read a data sheet or to solve one of two ways to do that, to dump the data. The goal is to create a bridge between the hardware and software, most of the time software, and they still know how to access the software. But when you have all the way out is more complicated sometimes. So the goal today is just to present you a tool to create a bridge, to have a simple way to read the same data as software vendors to have. I told you before that my profile was not about software stuff, and a guy like me should be able and now I'm able to do it. Yeah. To to to interact with electronic components without having to struggle with a lot of documentation and things like that. And to know all or you need to know about electronics to do that. So, oh, wait. Why would you want to dump data, that's a bit of a si
lly question, but because of course, you can find a lot of interesting information inside memories inside microcontroller. Uh, you can find passwords in text sometimes. It's the equivalent of the sticky note, uh, on the screen of the computer and the hardware, uh, you can find, uh, filesystems and firmware. And maybe you're just a curious person and you just want to know of the electronic product, you just died. Well. It can be just that and you should be able to do that. And so how do you get access, how to interact with an electronic component you are going to use best. So here is a not exhaustive list of them. We can find a spy to see she died. So you may be familiar with this, these busses and so the busses are deployed Cannondale, and the more we will be able to interact with the electronic components and this is our goal. So you may wonder, OK, but I know some tools that exist and they do the same, the same as applied, and we some people ask this question a lot of time. So we just create a quick review of the existing tool. So like best pilot or regulator or good fed up with some tool, we are using them for about it. But because we use them, we we know what our limits and we took inspiration from them for aspect. So you can see that, for example, we are the managers of the parallel, but, uh, so the parallel memories and we focus mainly on modularity. All the tools are based on microcontroller and we use FPGA, uh, that can be called we serve HGL to be, uh, to improve modularity. If a new bus, uh, came, I would say, uh, you we can we can be uh um we can, we can it can work with absolute. OK. So here is a little, uh, communication side oh, uh oh, you interact with aspect of the user, too. Uh, we we start first with the eye level, uh, the grease or the graphical interface with, uh, that is developed with, uh, language. Uh, so the interface speak communicate with API. Uh, usability is connected to the computer with a USB 2.0, uh, communication. And then applied to
use his microcontroller as a bridge to communicate with the FPGA and the FPGA memory by using the Espers. And then the FPGA, that's the big part, uh, it's this component that is going to to manage, uh, also the best we can work with. And so the FPGA with a compatible base, will be able to interact with, uh, the eye of our deployed in order to work with to communicate with a target. So you can see a quick list of possible interaction, uh, like sniffin, reading, writing and executing custom commands. And what you want is you create a custom module in FPGA, uh, you can send another one and you can interact or create something, uh, like, uh, I don't know what you want. If you know about Virgile, you will be able to create, uh, your own after plate module to work with a specific base. Yeah. For custom protocol, for example, or something like that. OK, it's a prototype making. So we are a little company, so we use the low budget style solution, uh, we just paid for our first prototype. We just basically and, uh, here you can see, uh, yes. You're not dreaming. It's, uh, duct tape. And PCP's crept towards the building. It is the way we used to apply soldering passed on the PCB. So and for that, we we use a stencil, and when you you put sort of just, uh, Truls all the sort of past, uh, but on the top of the PCB, on the top of the board and after, you need just to put your microcontroller or FPGA or 64 LEDs manually, for example, and you can create your own blood like that. And this operation, uh, require a lot of accuracy, uh, because the FPGA, for example, like, uh, 64 pins and, uh, they are really close to each of the 144. OK, sorry. Sorry for that. And so step number two, uh, you've placed your component, uh, with your little hands on the board and past. You use this slightly modified event, uh, to to, uh, melt the following. But, uh, so it's, uh, classical then, of course, uh, slightly modified with, uh, an appliance that, uh, Jillian developed. Uh, it's not perfect. It
works. It works. You have to learn to step. You need to open the door to to the case. Told you the idea. Yes, I. Why don't we just. And so OK, so he flew in and this is the V0 that one Asplund prototype. OK, don't leave the room node. Just only a prototype. Uh, we called it the Green Goblin. So you baby as you can see, uh, so we have the, uh, 64 year old, uh, at the bottom, the FPGA, uh, in the center. And Christmas Day, OK, they passed and Juliann improved the process, and so we gain a budget and we budget, we were able to buy some more efficient tool. Uh, so the stenciling first photo to apply the law passed. So no more no more duct tape anymore. Uh, so the, uh, then you have to pick and place machine to, uh, just put your component on the ceiling. And trust me, when you have like 64 lead, uh, LEDs, sorry to place, uh, it can be very useful. And we have a brand new Pflugerville. Uh, I'm not sure you can design this one. Uh, neighbors didn't allow me to try. Yes, you can. But, uh, again, if you need to show what the police are saying, um, so far where it was pretty pretty much like an. It's the results, the final version of the ball, so small, of course, uh, we have, uh, 64, uh, like I said, with a slide for each of the, uh, of the P uh, you can connect a target, uh, working on the three points, three or five. Uh, so we use a cyclone to FPGA us b to communication, like I said, and, uh, and you have, um, projection, uh, uh, against, uh, ESD, uh, discharge. It's important when you plug in and plug, as you can see, uh, it's not the size of a USB key, but you can hold it in one one, OK? It's better. So it's pretty lightweight and fitting went on. OK, so how do we organize athletes, so we have to absolute your UK, you can plug in where you are, your target to exploit, you will be able to manage a list of components that you have created so you can subcomponent create them, shell them. Uh, you have the. Come on. Come on. But, uh, follow specific follow specific component
. You will have a command. And then the interact module where you can find the list of the busses we can interact with. For the graphical interface. Uh, I, I use the Kutty well, no, Liberi, uh, with, uh, be programing language, and I divided, uh, in a three part. So you as the chief management to manage your components of electrical components, then you have the way your helper to help you where your, uh, your target to exploit and then you have the common manager to create command, uh to which the. Classical and it looks like this. So this is, for example, on the middle, the first window that's open when you launch a tablet, uh, you can see that we have, uh, a table with several components. Uh, so the current chip we are using is, uh, 24, 64. Uh, when you work on a specific chip, it, uh, it will appear in the tree. You can see on the left. You have several options, uh, so where you're Ingleburn, you can edit your component, of course, use it as a template to create another similar component, uh, delete, uh, obviously, and and also manage, uh, option. You will have all the bases compatible with this component. So, uh, it's, uh, and, uh, a component user base to try to see best. And you can add, uh, specific settings, uh, that we ask for this, but you can use, uh, custom commands menu. You can import and export expertize like the dump of the content of the, uh, the component. And on the right, it's the form to create a component. So we ask for the reference of the component, we ask for the voltage, we ask for the manufacturer to type the package. Uh, all all the information, uh, required, uh, you can find them in the component data datasheet. So nothing difficult. And the last part is the last part is the subpoena subpoena table. So, uh, we have, uh, like a pin for this component and we only use the PIN number five and number six so we can see work on it to see. And we have the second signal associated to this uh, to this person, to this pin. OK, so the important par
t. Uh, it doesn't help if it's one of our favorite mujer it to connect your target to articulate and I'm colorblind, so I don't like to try to put the blue and the pink as I know we walk by using leather. So here's that data sheet presentation of the component. When you have created created in that place you can use the wiring and Palmarejo and it gave you, uh, give you as a representation of the component. And we can see that here we have a number as a PIN number, uh, five and six. And if you want to wear your S.J, for example, you just have to click on it. And when you click on the pin, uh, it will automatically, uh, turn on the LEDs specifically at underbody. And so, you know, we are to connect this pin to multiplied Susya, uh, for each pin driver led to to explain to to show where you need to to put the wire. I don't know if you use both Pyott or something like that. Uh, some time is very boring to find a good way. And some time you have a big drug if you want to. But, uh, file the sample SDK for it to see. You need to put your wire on Mozi and you don't know why. So. It's not easy sometimes we try to make this step really simple. OK, I'm going to be quick on that, because we are going to see that in the light of day and, uh, yes, what about the API? Uh, so you can use it freely, of course, uh, if you don't want to to use the graphical interface, of course, you are not obliged to. You can create your own if you want, uh, end users with your own program. So it's free, open. Uh, well documented. So do not hesitate. OK, so what's already available? We can work with parallel busses, we are helping wiring, you can work with eye to see, eye to see bus. Uh, spy. We are compatible with W.D., uh, pharmaceutical. And you can use, uh, 64, uh, uh, for your convenience, uh, to do some banking, for example. So that's what we have for the moment and what we want for the future is, for example, the component and common sharing platform for software, we can find a website with a
lot of exploit fight over and you can download them and use them in tools like you displayed. And I want the same for us that say you can download a component with his command and integrate it to your aspirates. Uh, you will have you have module is a communication, but we certainly Mimili A to sniffing space sniffing. Uh, we want to add wireless communication to a training platform. Uh, MLO integration, of course. Of course. Uh, so just launch the module and display it and you will be able to use our templates. So we are working on that, uh, Zedek final out. Find the one where you can use, et cetera. So this was on. And no, because a life demo is better than, uh, than the speech, we are going to show you a concrete case of, uh, using exploit. So let's imagine we have a doll, uh, that is good, that use an electrical system. So you have a good two and, uh, abcde for little, uh, if the combination is right and if communism is wrong, of course, the doors stay closed. So what can we do? We open it and we find that OK. So we can see there is evidence ABCDE. And then the finger pointing step so we can see that we have, uh, one S.P.I memory to try to see memories and one microcontroller. OK. Online, offline analysis. Are we going to insult a component or just to plug wealth directly on it? Your choice? And that's a scenario. We open up the plates, we create the component, we connect the component to exploit we until the component settings, of course, and then we dump the contents, the content of the memories, and we will see what we can do with that. OK, so first, we are going to help with a two seabass, yes. No, that's not at all. No. OK, so we launched have. So the first step is fingerprints, of course, and, uh, trust me, uh, on the board you have, um, a memory. Uh, we start with it, you see. And in fact, we find, uh, we we found two memories. So when, you know, uh, it was protocol, you you you need to know you have addresses, etc. So with it, you see just click on the m
emory and you can use, um. A function to scan the Zorba's and. After that, we have at least. With all available addresses, so it's very interesting because we just to click on something like that, you have information on how many memory are available. Of course, you can see it with your eyes on the board, but you need to go on the datasheet exercise to find a good address because Wedgeworth for it is old and you need to put some wire with pulldown or pull up for so that you know that. So it's easy to click. So for the demo, we said the sitting to a two and a three, because the sensitive data is in this memory. Trust me. And if you want to jump out of the cantante, you need to read that actually to know was the size of your memories. Uh, where I need to read tries, write a pointer is too complicated. That's the case anymore. Just double click on it, OK? And choose. Oh, yes, we can use the same. Replace it, OK? So this isn't just full foolish spot. OK, just finish, finish. So just click on the file. Of course I use Blessed on line. Maybe you use another tool is not a problem for that. And now you can read all the content for the demo if but if you if you know what that. Of course. Well yeah. Snepp. So it's true in the real life, when something happens, it can happen to you. You can find some sensitive data like that is true. So, yeah, of course, it just for sure for the demo. And, uh, you can use it to open the door where we can try now. And the goal after is, for example, to change it and try again if you can change your password. When we do that online, let's try to change the best one. So the first step is just to check if this password is a good password. So, uh, ac gibi. I said, yeah, OK. Uh, can we please have like the. Yeah, OK. I resolve to be sure it's a no, no, no. All right. So which started again. Oh no. Still not very usable. Yeah. It's not easy. So password HDB. I see. The beef. So, of course, we will allow. Of course, it's always easy, but now we change
. We change the password and try again. Uh, so don't forget, you can remove the password and, uh, do some sort of denial of services. For example, if I put a sharp difference or a Baekdu, it's not possible to to type this password, to open the door. You create those sort of details. It's not that goal today. So to change your password. You can dump all the content change with your preferred software and you can put all the data inside the memory after, but you need to rearrange the content, etc, etc. So maybe we can just create a custom command to read the memory, for example, in your outworking stuff. Or you can just change Fortia when you create a custom command. You can change the data. So of course we create a lot of the command for them or something like that. So today we can change your password with, I don't know, a BBC or maybe CBS. So just so you know, but yes, well, uh, so it's, uh, come on, it's just a name of a description and a list of names that you can see in this area. And all the commands of the components is in the dataset. So I won't be long on that. And we want to change that as well. So when the command is created, you just have to execute it. OK, we see that because we need to see you, you can receive a.. So it seems to be so OK, let's try to dump the content again. Yes, to be sure. To be sure. We change a password. We read again and check if the password changed. OK, replace. Food exports. OK. Yes, it's tough at the beginning, OK? OK, now we can see that the change we can show that the next step is to try if the password is right. So for that, we go again on the on the board and, uh, B, b, c, c, so be the. See, it's OK, you see. OK, OK. Of course. So the goal is just a few command are few clicks, you can create your own command when you do some other IKing, you need to create a custom command most of the time. And it's very boring to cooperate if you can create your own script. It's true. But here it's just Puplick. And I know all the people l
ike a command line, but sometimes just to click. It's cool. I think OK. I think it's OK for you to see memories so we can do a demo with spy protocol. When you do some working stuff, you need to know about it, you see. And you need to know about S.P.I, of course. Um, so the next step we, we close uh or to be sure. No problem. OK. Um. I replug and also I also I don't know if he works the first time, because, uh, just but. Uh, but I think it's OK, it's the first step is the same you check the wire wiring to be sure all is OK. Uh, no, no, no. I'm, uh, sorry. Yeah, it's the same. Of course, when you have to wire, it's easy to plug the wire. We have five wire is not complicated, not easy, but it's not complicated. So to be sure, we just, uh. Check if if all is done, if you put. I don't know, we shall see. We want to connect this spin to exploit, so we click on it and here you can see that we have to plug the spin on the first spin. But recently, right there, you just have to repeat this operation for the three other pins and it will be OK. It will be good. Just shake Amazo because it's OK. Uh, OK. Always seems to be OK. OK. So, no, let's continue with so espere we we have exactly the same comments, so let's try, uh, expert. OK. Uh, S.P.I replace. For the part. You can see that that plate is processing behind. OK, it tells you when it's over. Oh, I know the password. Yeah. And at the beginning of the finals this time, so we can try, if you want to be sure, but before we can change is the same, uh, the same thing, uh, show you that it works so you can show us just as a comment. I think it's interesting for S.P.I, just, uh, if you have a flash or something like that, you need to, uh, to to send a writing table. And, uh, for that just that that was just election year specification of the components you have to enable the writing before being able to write. Of course. So first we. OK, OK, is to come and it's battle now you can write on the memory of six is about to enable the
writing. Yes, you have this information on the datasheet and then we change the password. OK, we see that we send, uh, 66 it says a B letter, uh, the equivalent of the B letter. And to be sure, we read again and again the same things. OK, then, Paul. OK, so perfect eye to see is the. And, uh, yeah, it's the same thing here you can try to persuade, of course, is the same and, um, you can try your custom if you want to read, uh, I don't know, uh, six bite at ten at Dristan, etc., said you can get your own. Come on. It's very easy if you need to to use it. Um, a lot of time. So it's very good for that. Um, OK, the next tape, uh, we have a microcontroller so we may be able to dump the uh the film of the of the look at the electronic like. Our people know SWG protocol on it, it's OK for OK, it's like hash tag, uh, but for uh uh um uh Processo, OK. And with the custom, uh, protocol, uh, very well documented so far, um, uh, swg you don't need to create, uh, the components, uh, in that plate. You just have a simple menu right here and you have uh four options that is detect export import and erase. So first we want to detect if the wiring is OK and to do that we just can't detect. So behind the uploads is the SWG somewhere inside the FPGA. Then we execute the detector. Come on. And we can see that. Well, we have some information. Yes. For the moment, it's just the beginning of, uh, swg, uh, module, uh, for us. So for the moment, uh, you have all the information of the target and after that you come up very easy to jump all the content if you read the the letter sheet, uh, or you can read, uh, for this ship, you need just to use this address with this size. But size you can reach the size of the flash directly inside the microcontroller. Yes. So it's, uh, automatic, uh, tool because swg protocol, um uh uh good information to read all the content also flash. So it's perfect if you plug. Just to take to be sure all the wire is done and after not just in Baltimore, not like a
dump. Let's face it, them, for example. So same as well. You select a file. So, look, film, well, that's been. OK, so upload dispossessing. OK. And OK, here we have the electronic look, well, of course, without reloj protection for the expert. And if you read the content with or without protection, you or you read only you or FFE depend is dependent on the microcontroller. So most of the time you can read the female like that, but it is not easy to like open osity or something like that is a very good tool and we need to have a framework with all tool inside the same. And it's for that we could ask for it like that. We want to All-In-One one tool to click for SBI, to click for it, to see, to click for SWG. I'm experts on our liking and I need you to keep to not to lose my time just to create a bridge between hardware and software. So now with few minutes it's possible to read all the content. So now I can focus on reverse engineering. OK, it was actually we create we use this tool of the day. OK, so we have a string at the bottom, of course, for a communication or something like that, you can with all the content, you can inject back door or something like that if you want to report after we have some check, some control, some time. But it's not a security, so it's not a problem for that. So now we we erase all the contents of somewhere and we read the game and we just but again, the format to to demonstrate it's very easy to to dump and to write again on the site or the target with just a few click so we erase the content of our show. So let's do that, OK. It's there. So now if you try to enter the password, uh, of the of the electronic lock, of course it will not work. Yes. We we can. We have. Yeah. If you can switch just. Yeah. If I now if I put on some button. No airlines, no more lights of course I erased and now let's just import the female again. So change a change, maybe the will to keep. Mm hmm. Uh, change a name. Uh oh, yes. You can take you to. OK, so as
it is writing the female right now. OK, OK. OK, let's try to see if so OK. Now, when I press the button, we have alive again, so it's perfect. The right work with just one button, one file and two second. So, of course, you yeah, thank you. You can have a lot of fun. Uh, yeah, it is. Yeah, well, no. Well, no, but, uh, Linksys with that, uh, Linksys use, uh, for example, uh, so you fingerprint your pen, it's your fingerprint. We see that we have, uh, memory that is using the, um, the Balbus. And so it's always the same, uh, the same thing. You we installed it and we resell it on our own. Or you can use, um, custom, uh, custom and about uh yes. Because very fine speech and uh very close. And it is uh most of the time it's not easy to to just put a wire. And if you can't create your own PCB, you can use this kind of device. So I'm DIY artist and so I'm an electronic engineer. It's not complicated for me to create the Christian world, but sometimes for hobbyists or just to check or I don't know, you can just use a socket. Uh, without, uh. Yeah, without children. Yeah. And so. No, no, you understand why we have 64? Uh, because, of course, uh, Balbus, uh, need a lot of uh of uh. And if you want to put this wire, uh, you can use it for each, uh, wire. And it's very interesting when you need to put, uh, about 60 or 64, uh, bits. So we were able to dump the content. It's the same process, uh, that we we have seen before. Uh, so it's I think it was, uh, open WUFT. Well, yeah. And, uh, so we are not going to remake the process, but it's exactly the same with the square first, etc.. We today is not the reverse engineering tulk. So it was that we we don't explain. It's not directly where of course it's uh squasher first Read-Only. Uh, it's a five, six, seven, five systemin. So then you will have to remounted. Uh, but it's not the absolute task for that and it's open firmware. So it's not uh, very interesting to and it was mainly for, uh, for testing Zaban just for them. OK, I th
ink we are well and uh, of course, uh, if you want to learn more about, uh, our project and to follow w uh, you can go on the website and, uh, if you have questions in question. Yes. Yes, thank you again for that very interesting talk. The Democrats were with us lots of live demo time. So other questions in the audience. Yes, I see one over there. Please come to the microphone. Yeah, just a 64 bit of input. But can you also apply an external clock and a key have the input, for example, Petrobas the next election into the FPGA using this sectional clock so you can get the maximum clock rate for all you. We are an asynchronous mode, so it's not necessary to plug the clock. But if you want, you can just create custom firmware and you can use the clock of your system. But you need to to send the clock so you can generate the clock by FPGA for two to be more simple. It's just asynchronous and generate address and it's worked perfectly. But what's the maximum clock rate you can sample sorry, the maximum clock rate to sample it from the domain from the FPGA. You don't have a sample, but I can, uh, it's not a sample, it's just a latency. And we have about seven nanoseconds. OK, so please leave the room quietly if you really have to leave now. Otherwise think about staying for a few more minutes. I guess there are some more interesting questions I heard there is a question from the Internet. Yeah. Um, hi. I'm over here. Yes, thank you. Uh, can you say something about the difference between hard plight and maybe a common FPGA development kit, like a cyclone starter kit with an expansion board? You have the same FPGA. So, of course, if you put my firmware inside, it's worked with the same, uh, uh, baby, of course. But don't forget, you need to program your FPGA. So for that, you can use a blaster, for example, or external tool. So, uh, yeah, we use, uh, microcontroller to program excellent memory to programs of bitstream, etc.. So we we we are crape. A big bridge between FPGA
and graphical interfaces, so in fact, you have a graphical interfaces API in a ruby, uh, communication with a microcontroller and microcontroller communicates with custom and tunnel protocol with FPGA and inside the FPGA. Yes. You have, uh, to, uh, module we have as protocol and, uh, to create some communication with microcontroller set. And now we have a module. So if you need S.P.I, you just create S.P.I, uh, state machine and you you can feel a FIFO first in first out memory. And it's OK for you after that asteroid called to do the process and process that. And Olesen for you. So in fact you have an array data array on and you have FIFO on the Vijaya and you can do what you want. OK, so it's sure you can use, uh, the demo board, but you need to program, etc.. So you will not have the food processor, of course. Yeah. OK, then. Next question over to the side. Two questions. First, I looked at the site, but I didn't see any schematic source quotes, whatever. You will release them. So, um. Forssmann And um, we are talking about it. Yeah. Yes. We are not sure, uh, for the moment, but we are talking for the moment. Graphical interfaces is open. Uh, if you choose it is for you but you can use API. Of course API is open and now you can use very little uh line uh, ruby line to to interact with SBI, for example, just create a separate object. And just the next line is that, OK, so today you can use aspirates as like just chool line of Ruby code for the magic for the moment is not open hardware but uh maybe change uh change that. Yeah. Yeah. OK, second question. Um, such a project by community because you're not you probably cannot go and implement all kind of protocols and uh. Yes, yes. Of course the goal of our sprite is to create, uh, a database like, um, metabolite. And you see we have only a five. Um, it's not true. Um, we have, um, more than like it's just for the demo, but we have a problem because if you are an expert, it's not complicated for you to create, uh, a c
ommand and uh, um, and target and and also people can use it just like that, which you click of course. But in real life it just to click because you need to create and the next step is to create a community, to create, uh, command. But it's not enough. It's true. We need to create another module and it's for that we we try to um to to change, uh, geometric early sense. Exeter, Exeter to Eyob, uh, answer your question. Uh, for the community, we will rely on not, uh, a lot, uh, on the community to, um, to share the, uh, the components they have created or Zuckerman's, uh, so someone that doesn't know how to to interact with the specific component, you may be will you may find this a component online that we needed and added to is our split and we have nothing to do that. Just clicking OK at the beginning. Yeah, at the beginning aspect is for internal purposes. And yeah we now uh I think you are here. So it seems to be you are interesting by Aspro, so maybe we, we can change. Uh this is still in development of course. And we are thinking uh the way it a way to adapt and yes. Because we use our split already. So I think we we can increase the compatibility of split with you. OK, then, next question again, another question from the Internet. The Internet. Now, can you think of no limitations to hotplates or will there be any components or protocols that will never be supported or can never be supported? The limit is the same answer. It's a civil nanosecond latency. And after that, you can trade what you want. Not exactly, you have a problem with internal memory of Cyclone two, so it's complicated to answer your question because the goal of our spirit is to create a framework and versatility framework. And, of course, you know, the limit is only seven nanosecond latency because we we work 100 megahertz. And it is possible if we want to there, we are not limited by that. So just with this feature, this limitation, just seven. Yes. OK, thanks then. Next question from any y
ear. Yeah. I think the time consuming thing will be getting the data sheet and modeling the chip. And I think it's a great idea to have a sharing platform for this intermediate step. How far are you what is your internal database that you have right now that you when you when you get it right now to the market from the first step without having the sharing platform? OK, what we give in the database, uh, when, uh, someone gets a product, that's for sure. Yes. Oh, well, uh, we as a component, we well we we have what I think, uh, and the one you can, uh. We will we are going to give us a component for each birth so that anchorman's so that people can take example on component to adapt to their own components if they are not using the same. And don't forget, for example, the button Fooldom fool expert cetera. It's automatic and you need just to specify the size of your memory and all is automatic. So if you want to dump 64 Kyllo memories or 32 etc is the same judge change the size and the size is on the title of your datasheet. So for example, forfour spy or it is not a problem to a custom custom command because you don't need. OK, so maybe it would be a good idea to have an inherent command to take the chips you already have and just change them and have another one. Yes you can, you can use the existing component as a template to create another one. Yeah. OK, I think we have time for two more questions perhaps please. Will you be able to do detection of Geotagging Serial on if you don't know which points on the board? Um. Yes, it follows that, so for geotag or SWG, most of the time, you have on the top of the board SWG and TM's exercised. So it's true in this example, we know the car so easy. It's such a beginning of SWG. It's false that it's not very clear for everybody. But, um, in fact we are only chewier and you can see that as shit and you can find a clock of AWG and just use a multimeter to find the pin on the board and for our exploit we are the busses next wee
k to use with helping wearing it. The question was, how do you connect as the ability to assimilate onto the target? No, I was just wondering whether whether you have the same functionality as Jugulator has now, where will you connect it to lots of points and it will attempt to identify which points are. I'm not sure I understand so say you have a board with No Labels and you're trying to find where is the serial interface or where is that which are which are the Jacobins and Jugulator? Oh, yes, yes, yes. It's not a brute force issue. Yes, I understand. So for the moment, you need to put in the right way is a right. Why are you if not, this doesn't work, of course, but it's FPGA and you can create an algorithm to to brute force like shit, take your hat off if you go on and exploit. I'll, uh, for the next step is the first step. We are going to implement this functionality just so you won't be able to connect the way out and just launch the detection. So it's on its way and you can replace your turkey that always with this tool. But it's not the goal of exploit it just to have a framework because we we love this tool is the beginning of our working. But we want to to put all the good tool inside the same and community. You can can use it easy. Yeah. Thanks. Thank you. So thanks again for the questions. The speakers will perhaps be outside in a minute for further questions, but I think we can all give you a warm applause. Thank you for your call. Thank you for listening.