It looks like you're having connection troubles. Reconnect now.
01/11/2021 22:22:39
33c3-talk-8398 Latest text of pad 33c3-talk-8398 Saved Jan 11, 2021 |
Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!
Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!
====================================================================
So now we come to our next talk. It's about the Amazon dash button, who, if you knows what Amazon desperateness. OK, kind of everybody who has Amazon dash button. Who has used it to buy something like. So far, everybody who has never seen an Amazon dash button, you know, gets a chance, I brought one. It looks like this. It's a small, tiny thing. You can click on it, you can order stuff and you can order great stuff. Like. Things which make sense, like dog food, shampoo, stuff like that, but also fun things are things you need regularly, but also fun things like play doh. You know, is the stuff for kids. I have no idea who regularly needs to buy Plato, so I mean, where does it go? Is it like child eat it all up so you need a new one. So this is something we perhaps won't learn in this talk. So why we need this, but we will learn how you can hack it to use it for a different purpose. Some of you might say, OK, I have heard already about something like that. Yes, because the first version which was shipped out there, such an analysis was already done. But there's a new version. And like it's often with Internet, with the Internet of Things stuff, they try to make it more secure. I mean, that's what the S stands for. And I was. So what we'll hear about. It's about the hardware, the software, and also how is the communication with the server looks like? And once we give us a talk about this, he's somebody. Hacking hard work since quite a time. So. Let's give him a warm round of applause and let's learn. Thanks, nice to see you. Um, let's have a closer look at the Amazon dashboard now. The dash button is basically a Wi-Fi connected button. Yeah, it's been around in the United States since about 2000 and 14, I think. And in Germany, it's available since August. Of course, of this year, there are two hardware revisions. And in this talk, I'll only cover it from two, because that is the current revision. I don't think you can still get the older version. The older version is
also quite hacked already. Yeah, this button can be used to order or reorder certain consumables like pet food or. Yeah. Washing supplies and such stuff. It's only available for certain brands and products and you cannot configure it freely. It costs five euros and you get a refund on your first button triggered order. That's also a customizable version available at least in the United States for twenty dollars. And you can you still cannot load your own code on this button, but you can use the Amazon Web services to get the button presses. Yeah. So what's interesting about this thing, while it has Wi-Fi and it must be some sort of a computer, so it's sort of Internet of shit device, though it might be more useful than certain other products. One question, of course, is how does it work? Um, we just want to know then what about security? If we put this thing on our network, is this a security risk and can it be abused for cyber dust and so on? Um, another important aspect for the hardware hackers is whether we can program it for our customers. Internet of Things projects. It's more powerful than the common USP. Um, a 266 and the prices comparable. Um. The next point is, of course, if you cannot run cold on it, we don't really own it, so we want to run or comment on this. There are some prior research that has already been done for the old party. You can get those lights from the far plan. And I will refer to these two links later during the talk. Um, yeah. So this has been done already broken up. And the easy way of repurposing the dash button is to use the smartphone app and configure the dash just normally. But you close the app. Um, once you get to choosing a product, then this prevents the dash from ordering anything. Um, the product selection is stored server side while the Wi-Fi, um, configuration is stored in the button. So the buttons still contacts the server and says, I want to order something. Whatever there is configured. The server says, no, there's no
thing configured and the button blinks threat and that's it. So you don't get stuff. Um, and of course it does a lot of things to get online. Um, it connects to your Wi-Fi. It does then at the request of requests, DNS look up and so on so you can monitor all these things, um, to find out when the button is activated and um, monitoring the DHP lock file. Of course this is the most easy way I guess. Who's doing this already. OK, few but three people, yeah, we'll go a lot further than this in this talk. First, we'll have a look at the hardware. So what's in this dash button? The communication protocols and the crypto, the film. The revision of this revision was still the most recent on 25th. I checked it last and we will run some custom code on the button without disclosing anything. I didn't analyze the Amazon smartphone apps because this is way too high level for me. Um, yeah. Um, regarding the hardware and the housing, sealed, sealed plastic, so you cannot open the, um, a screw, you have to somehow break it open or cut it open. My first attempt was with a knife cutting along the seal, but that didn't work so well. I removed some assumed components in this process. And, um, when my latest attempt is was and this was successful, um, using a cutting wheel from the top because I already knew where what where the stuff is, where I want to get you can see the points here. So, um, and this was the microcontroller, so I simply cut it open. There's some space between the plastics package and the PCB. Um, the PCB has four layers and a lot of smiddy to zero one parts. You can see those here. So this is all very tiny. Um, and you can see that here. You can see the parts of the microcontroller here. You cannot because there's some black stuff poured over it. Um, I don't know why exactly they are doing this, but, um, you can remove it carefully and it can be softened a bit with acetone. That makes things easier. Um, yeah. The microcontroller is actually quite powerful. It's aquat
ics. And for, um, with a floating point on it and it runs at or it can be clocked at one hundred and twenty megahertz, which is half a megabyte of flash and uh, 160 kilobytes of RAM. Um, the downside is the package of this chip. So you cannot easily sell the additional stuff there and the black stuff. Yeah. Then there's the Wi-Fi. I see this is this um chip here and it's two point four gigahertz and that's up to, uh, seventy two megabit. That's a one two of course. And they are supporting IP stack. So it works a bit like you do like with sockets in Unix. Um this wi fi chip basically handles all the IP stuff and you simply open the socket from the controller and then you can communicate just in the socket. Um, it does have built in SSL and support and plenty of stuff. Yeah. Of course there needs to be a voltage regulator because um there's a single triple A battery with um one point five volts or less on this uh in the button. And um it needs to be boosted to three point three volts. So this is done with a voltage regulator. Um, this is actually a quite powerful regulator. Um, they could have used a cheaper one. Um, anyway, that's also Bluetooth, low energy. And you can see this here. This is the Bluetooth low energy. Um, I, I'm not sure if they are using this already. They might do with iOS app. Um, but I haven't analyzed this. Um, there's a four megabyte API flash. This is this here and uh, a microphone. This is here. You can see the package remove this happened accidentally. Um then there's an led um canopies in here, but it's um three LCD actually red, green and blue. And um the thing is clocked from thirty two kilohertz oscillator. This is this thing here and it generates a higher um, frequency internally using peatlands. So there are also some discrete semiconductors here. They use them for the powering uh stuff. Yeah. Um, if we put it all together it looks more or less like this. This is a bit more simpler than the reality. But yeah, we have the Bluetooth conn
ected to you at the, um, wi fi is connected to a spy boss and the spy flash is also connected to another spy. But, um, the interesting thing here is that there's an additional you what that's used for debugging. Yeah. Um, the voltage regulator gets started by the button press. And, um, one interesting thing is there is no other wake up source, no real time clock or something like that. Um, that means the pattern can never wake up on its own terms. You always have to press the button and once it goes back to sleep, it cannot wake up again without the button being pressed. Um, power and cable is held by an external latch, so the microcontroller simply closes latch and then it goes to shut down. Um, the microcontroller can also measure the battery by using the ADC and as an able signal to connect or disconnect the battery from the. This rally was also sent to the server, so NASA knows when your battery is getting empty regarding the power consumption, Petroff already did a lot of measurements regarding this. And you can see that Wi-Fi is throwing a lot of power for a hundred million bucks a pop. And without Wi-Fi, it's down to about 80 milliwatts. And there's some power saving. You should be able to go down to about 50 milliwatts. Yeah, but in battery, it's about. Half about an hour, and so that's about 75 minutes with wi fi enabled and about 10 hours with, um, some very good power saving. So basically you could make a back back with this and listen to the microphone for some time and then transmitted via Wi-Fi. But it's still limited, um, with battery power. So the debugging interface is also there. You already saw those test points earlier. The dash button had single wire debugging enabled and a serial console with debugging commands. You could simply dump memory using the serial console. The new button has test pads for Singhvi or debug and a serial console, um, via debugging is disabled and the serial console is stripped down to a few boring commands. Will come to
these later. Yeah. Here you can see the debugging interfaces from the bottom side to Kim Mounter Connector there, which connector you can find on the Petroff website, all of these eyeholes are three point three volts. The pin out is basically compatible to the old button. So here are some commands you can see. There are three different modes. There's a test mode manual. This has a lot of more commands and they probably use this in the factory to do some calibration and testing. This is the user mode menu you have. If you open the button and connect the Syria pot, there's just some firmer a revision. You can query and you can measure the battery voltage in model and model is immortal, prevents the automatic shutdown. It stays then on it, then they'll stay on until you issue one shutdown or you'll switch to model again. The developer mode menu has some more interesting commands there. Still no memory access, but yeah, you can enter certain modes, configure mode, access point mode can for Wi-Fi and so on. So let's have a look at the communication protocols and the crypto stuff. The communication works like this, you have to the cemetery, 55 is the microcontroller, then you have those the. Well, if I chip, this is this 80 wink and this chip handles all the stuff, so those two communicate in plain text using S.P.I and then the dash button seems to, uh, use those https when connecting to the Amazon server. Um, so you can see plaintext data here and, um, it's clocked at 40 megahertz. So, um, this is rather fast and um. Yeah. One of the first things I did was I wanted to analyze the communication that was there because I didn't actually know if they are using tearless inside the Wi-Fi nick or if they are doing the else in the microcontroller. They did it in the microcontroller in the last hardware revision. And so I put on FPGA between those two things and locked all the data that came by. I did cut the bar so I could do two men in the middle as well. And I did this before
I had the full dash from the knowledge and all this wouldn't really have been necessary. Um, it looked like this. So you can see I removed the microcontroller here and added plenty of layers. Um, this then go to, um, some sort of pasteboard where I can, um, plug in a breakout bot for the microcontroller. The microcontroller is actually here on this. There are some LSD for um. Yeah, they are to be a use here. I have a serial console here. I have a single wire debugging the reset button and here is the actual dash button. This here is three point three voyaged, uh, supply. And you can see a lot of Trampas here. These are all the connections to Bluetooth and Wi-Fi. So I can simply remove the chomper and two men in the middle there. This is the thing with the, uh, with the FPGA board plugged in. Um. Yeah, so that's how I analyze this communication that I'm now going to present the this the Wi-Fi based configuration is used by the Android Amazon app. I don't know if the app uses the same mode. To get into the configuration mode, you have to press the button for several seconds until the AGP fades blue. Um, then the button is in access point mode and you can connect to a network called Amerson Configure Me. There's also a DHT piece of for for IP assignment, and that's a simple HTP server running on this thing. Um, it actually runs on the CPU and not on the Wi-Fi controller. Um, and there's a webpage with basic info. It looks like this. You have the serial number and the firmware and the battery level is in percent. They always do the battery level in person. Yeah, not very interesting, um, the apple of the apple on the other side does more interesting things. It fetches the device info, um, from the root location elsewhere, but it sets the content type to application Chazen and it gets more information. It gets a list of all the Wi-Fi networks that are there. And yeah, then the app, um, generates an. Elliptic after her monkey and posts this Popke to this location and then
gets the same or the public key from the dashboard, from the same location, it posts the local config. We'll see what this is later. Um, the local config is quite it's not very interesting and therefore it's in plaintext. It posts an encrypted token, um, to as token and and posts the encrypted network config to the network location. Um, after this configuration is basically complete. Um, for the button, um, the button then connects to wi fi and registers with the Amazon server. And um now an interesting, uh, interesting step happens. It gets a customer secret. So this is a specific secret key that is stored in the flash and then used for the orderings. Um, there are a few secret keys involved. Um, the device secret is 20 Char's uppercase and Dittrich Mix, and it is written to the Flash during production. Um, this is fixed for the device. It cannot be changed. The custom a secret is obtained during the configuration or at the end of the uh configuration face from the Amazon server. And um, this is generated randomly by the server. I guess you'll get a new secret if you do a new registration. Both of these are stored in the internal flash of the microcontroller and they are used for h make on the requests. So, um, yeah, the elliptic after Fidelman during config uses a subprime two hundred and fifty six cuff and this is then used to generate a temporary uh symmetric key um for our counter mode with is and um. Yeah, they are using two hundred and fifty six, um, to generate this key, um, and the data for the ACLU account amount is uh trv encoded the you need three tax. Um. Tax hero is the ciphertext, then you need the initialization vector and attack, the length of this still uses 16 bit and um, then the plaintext data is Chazen encoded. That's a bit funny. And they seem to like Paz's because they're using Tealeaf or the encrypted data. And once you decrypt it, you get chasten data. Here's some example data. You can see public and local is actually just the country. Yea
h, the token is the server token. So this is something the app, the Amazon app gets from the Amazon server once you started and Stach the configuration of a new dish. But because this ties your dash button to your Amazon account, um, the token is thirty two bits. And yeah, the network is encoded this way. And the interesting thing is that the HTP server has another unused location. It lists the app doesn't use it. Um, it's called Flash and this seems to allow flash access. I have analysts in detail, but, um, there seems to be some authentication going on. So you can easily use this without understanding the crypto. The final registration at the Amazon search for the. This is the thing the button does once it has been configured by the app, it as opposed to this warrell on the Amazon sofa and it transmits the device serial number. You can see this here and there's a transaction counter. This is a 32 bit calendar. And also you can see the token from the app. The transaction counter is later used during the order requests as well. It prevents replays. Yeah. Um, then they do an H mech using the Dubai secret key because there's no customer security yet. And the response then includes the customer secret key. So this is then used to sign the orders. Um, there are also some timestamps. They are always using your next stage here. Um, now once you press the button, after all the configuration stuff and, um, to order something, it has to post requests to this gateway here from Amazon and it uses content type in a real um, the B request is the actual or the request and it has a second request with debugging info. So they are sending some metrics about how often the button has been pressed and how often it was paired with Bluetooth and such things. Um, I think I have an example in the appendix of the slides. It's not really that interesting, but an interesting thing is that the server can demand a the update of the button and then an additional post to the F, uh, location is tr
iggered in the film where it's downloaded the post to the um, to the order location is looks like this. So again, we have the device serial, no transaction counter and the Mac. And this is then generated with the customer secret. Yeah. Um, then you get the status code from the software obviously. And this is used to determine if the order was successful or not. So if the button blinks green, it must have been uh two hundred HTP status and 412 for example, is used to signify to signal that you didn't complete the product selection. Um, there's also a timestamp in the body and yes, the flag for firmware update request. Um, before I had all the secret keys, I use the FPGA to tackle this flag to get a firmware update. But the server said, no, no, you already have the latest from Brazil was a bit disappointed, but yeah. Um, now regarding the security conclusions, um, during the configuration phase with the access point mode, um, you can simulate a dash button because the dash button doesn't have to authenticate to the app. This allows for evil twin and men in the middle attacks. This means an attacker can obtain the Wi-Fi credentials and the dash token for the ordering, um, thing. So if you set up this stuff and, um, some day your neighbor, um, gets a dash button and configure it, you can grab his wi fi credentials. Um, well, but you have to have it running for quite some time, I think. Um, so the risk isn't that high because the time span of this configuration is actually pretty low or pretty short. Um, yeah. The configuration with the Saffar uses https and I think they check the I said at least that's what the Internet says, the client requests. So the client does not have a security search. The buttons do not have, uh, Saad's they only use this h make using the counter and the secret keys. Um, but this prevents replays and ordering without knowing the secret. Q So this is pretty solid, I think. Um, but the most interesting thing when it comes to security is that the b
utton is really only active after key press and connected to wi fi for a few seconds. So there's no self-induced wake up and the battery life limits the damage that can be done with this thing. And also there are no open parts. It doesn't use Kuprin P or something like that. So there's not really much you can do from the outside. So let's have a look at the analysis then. The old pattern had brought communist chipset and real time operating system from Express Logic with a networks IP stack. The new button has a custom OS. I think Amazon wrote it themselves. They also wrote the bootloader themselves. It seems you cannot find anything on the Internet about this. You can see this is the output of the serial port. I'm not sure. I don't think the way it does normally gives you all this info. I enable development and Smith enabled logging to get all these info's. I come to that later. How that worked. Yeah, they have multiple tasks. Main task transection task of Ocado Button Task Avocado's seems to be the project name for the dash button. There's an extra task for Chibi, a common Tendler and network manager task. You can see some of those tasks here. Yeah. Yeah, now when you want to dump the film, obviously will try singlemindedly Buckfast, but this cannot be used because they are using the security lock to prevent access using the single wire dybbuk and you cannot get until the Buttram either. And that's prevented as well. And the only way, according to the datasheet of the microcontroller, is to clear this lock that is with a few flash arrays and full flash arrays can be done by using the arrays pin, but that is wired hard to the ground. So you have to disable the complete microcontroller to get there. Um, and iterations of the flash content. So not that's not so good if you want to dump the film. And, um, well, I had a look at the external The Flash and sorted it out. You can see it here. Uh, it's to a tiny piece of PCB and, um, hooked it up to, um, Raspberry Pi and d
umped it. There's this tool called Flash from it's actually pretty good. And you can dump more or less any flash from there is out there and you can find the fembot in this flash, at least part of the film there. Now, the thing with this is that the microcontroller cannot execute the film directly from this spy, Flesche. It has to be copied into an internal memory either to ram or to flash. And, um, therefore, the film must also be present in the internal flash. So, um, you have a duplicate probably. And we can dump this and analyze it using Hex editor and just assembler, and that's what I did. So, um, if you analyze the S.P.I flesh, um, you can see that it contains the firmware and some, uh, dynamic storage that's used with Chunlin. The dynamic storage seems to start at this location and this includes debug locks. Um, so you can see in text output, um, what the button did and you can also find the transaction control there. Um, the start of the flash contains a list of static blocks. It looks like this. And you see the structure is pretty simple. Um, that's just the name of the block. And uh, at the end there's the version of the block and then there's the offset within the flash. And the length of this block can be figured out quite easy. And um. Yeah. So, um, I wrote the structure and parts of the list and um this is what we get. So the cemetery fifty five obviously has to be the frame for the microcontroller. Um it's four hundred and seventy seven um kilobytes. So that matches pretty good with uh half megabyte of flash. Um you can see there's an additional header for this firmware and um yeah the payload of this block includes the Sadr and the other probably for the Bluetooth and for the wi fi chip. So the Wi-Fi chip also has a built in microcontroller. But it's not, um, it's some other architecture and it also has plenty of less flash storage. You can see this here. It, um, the film is about four hundred kilobytes as well. But, uh, well, that's not a piece. Um,
okay. So I dumped the G fifty five block to an extra file and analyzed it. And um, if you want to analyze one piece of film that goes into an microcontroller in context and three or four M0 as well, um, you know that the static usually starts at this location and the internal flash is list that's here. So at the beginning of this flash or. Yeah, you usually have the nested vector interrupt controller table. This is the table with all the interrupt service routines. And, um, you also have the exception handlers there and the recent entry point. And um, so we would expect to find the vector table somewhere in the frame and this is what we look for. The stack pointer should point to REM. So somewhere here, uh, to the end of the room actually is somewhere around the end of the room and the handler should point until the flesh. Um, if you have a closer look at the firmware, this is the additional header we had before. So we can see that, uh, it doesn't really make sense, um, to use this as a vector table, because the first thing obviously is a flash. Address, and after that, it's an invalid address. Um, so that's how I figured it out, that this must be the length of the film and so on, then there are plenty of zeros. And at this location in Hex, we can find the stack pointer and after the stack point of the handler entries for the vector interrupt controller. So my initial assumption was that the first two hundred bytes had to be stripped and this thing put to this location. However, that didn't work out because if you get the offset wrong, you can see this in the disassembly that the references don't match up. So I gave it another try and put it up and didn't strip this header and then everything was fine. So I had the firmware and disassembly or at least part of the finger. And, um, yeah, the problem here was that it started at 4000 in the flesh. So there must be obviously some kind of bootloader code before that. And this code I didn't have also I later found out tha
t apart from the bootloader, that's the configuration storage, which includes the Mac address and serial number of the device and the security of the device and also configuration. And this is the part where the Wi-Fi contract is stored. So this is before the actual firmware, which I found in the external flash. So, um, I tried something and it would be great if we could execute the dumped firmware without this bootloader. And so I simply wrote this fembot to an empty microcontroller and so on, compatibly one and duplicated the actual table to the start of the flash. So all the pointers would match fine. And yes, is the cockpit to start from the flash and the firmware worked. So I did have debug output and yeah, everything was great and I had debugging using singleplayer debug so I could use LPM OCD and connect with a debugger to this thing. And I had suddenly I had a developer console on the serial UAT, so I had an analyze this a bit and I found out that the simply checked the security lock it and if the security lock isn't checked isn't such, it's obviously in the developer mode. So, um, however, um, there was a slight problem because obviously, um, I wasn't able to use this new button, um, because the credentials of the secret keys were missing. And um, so somehow I needed to dump the internal flash of the locked microcontroller and I wanted to dump off the bootloader anyway. So I went for code execution. Um. That meant exploiting the fembot somehow, if you have a disassembly of the finger and debugging access, it cannot get any more comfortable, comfortable, um, when when you try to exploit things because you can set breakpoints, it can do tracing. You can look at the registers and other things, and this makes things a lot easier. So the first attempt obviously was putting a really long line on the serial console. However, that didn't work and it really had length checking in place on the serial console. So it's limited. Two hundred and, uh, to two hundred and f
ifty six bytes. So that was surprising. And um, so I thought some other options and exploiting low level network protocols like the HTP, um, what hit the wi fi is. I see. And that wouldn't help me because I would because I actually want the arm microcontroller and on the um microcontroller there's the piece of running and um it has a trv and Chase and Imposer. So that might be an interesting thing. But there's also something um from earlier, the audio configuration, the audio configuration protocol. This was used by the old button. Um, if you use stand up, I'm not sure if it's still used with the new button or if it's been replaced by Bluetooth. And however, this code is still there and it still does support the audio configuration protocol. This protocol has been analyzed by Trey Greco. And, um, before digging into this, I contacted him and, um, because I didn't have sample data, so I asked him if he could send me an amplifier with a recording so I could have a valid credentials and analyze them. And, um, he did send me a sample and he also sent me an update on his block. And, um, it's not actually ASCII, but and with four KARIUS and it's, um, simply looked like a disc because of the Lopez filtering. So I knew it was SK and I had a valid sample data. And so I analyzed the sample data I had. And um, this was the payload of the audio protocol. That's a preamble. Um, the packet length is one byte and the complete package must be smaller than one hundred and twenty eight bytes. That's a CRC of this ID is the token from the server as ID password and the realm is the country code stuff again. Um. Now, if we have a closer look at the function, the processes, the payload, we can find that apart from from this one hundred and twenty eight length check, there's not a single length check in place. So, um, all those buffers like Realm, they are simply copied and copied to the stack and so they are trivial to exploit. Yeah, I use the realm because I think it was the last thing
on the stack. And yeah, now we can have a look at the um, the stack, we can see the realm above and there's some additional usable space where we can also put our payload. And um, there's also some additional space in the password and a side above us. But we have to make sure that we do not exceed the one hundred and twenty seven total payload length. So the problem is that after the additional space, there's some, um, values on the stack and if we overwrite them, it'll trigger the exception handler because there are some pointers and there are some values for copy, some length values. And if we simply write zeros there, the the mem copies won't do a thing and the exception handler won't get triggered. Um, so but there was another thing, um we needed, um I could disable we have this real operating system so there's plenty of cool stuff going on. And um, once we fuck up the stack things won't go very well. Um, if we do some task switching. Um yeah. Then Watchdog needs to be a service that's actually a watchdog in the um in the directive and it shuts the dash down after a while. This is the model and model thing. Young before the program. Count on the stack we have the register for and after what, uh some additional stack where we can put some payload. And so I built this payload, um, I put the this is the instruction to disable the interrupts and um. These two instructions I put directly after the program counter and afterwards I put some additional registers because normally on, um, you have to do a load, um, a relative to the program counter. Yeah. And this takes two plus four bytes for a load. And with this method, you can save some space to bytes, purchase the, um, immediate values are always needed. We need this for the watchdog and so on. And um yeah. Putting them on the stack and popping them saves a few bytes. So I did it this way and now we can dump the flesh. So I put the, uh, the source point of this is basically the start of the flash. Um, I put this poin
ter in to register one and register two. Is that you base then since I have analyzed the the symbol for Desh button, I have found the you outride function. It's basically uh something like um. Yeah right to you are right and bytes to where you are and um. Yeah, this function takes the the you are the base address of the you are the text, the source point and the number of bytes that should be written to the you. And then I needed to service the watchdog, otherwise it would reset after a while. So I used the destination for the watchdog register and where the watchdog where you in the register four and five. So the payload is actually pretty small. Um, I do some chunks, uh, do chunks of four kilobytes and afterwards after each chunk I poke the watchdog, um, some length checking in place after the um to find out if I have reached the end of the flash and once I reach the end of the flash. Um yeah. It's um here is an endless loop uh chump to done this instruction is missing on the slide. I can see. So I simply let the watchdog expire and the dashboard will shut down again to save the battery. I have a demo video of this. So here I have the dash button opened with the serial cable connected and one cannot really see this very good, but this is your plug off on your phone or from your headphones. And, um, here I made, uh, a tiny script, um, the script. I can give some assembly instructions and we generate some audio that includes this assembler instruction and the complete exploit. And, um, here in the background, you can see the serial output of the dash button. I put it through a filter to strip away my my private secret keys and so on. And, um, yeah. Then I simply enter configuration mode and, um, invoke my script, which generates the audio file and um plays it using the headphones. So let's try this. This is the normal output from the dash button here and now it's in configuration mode. Here starts my script and uh, it's dumping all the flash. So, um, this takes a bi
t because it's half a megabyte and. So, um, yeah, the, um, the audio was actually, um, quite short, it doesn't really have to you don't need it gets repeated several times. So one of those packets is correctly received. Um, the internal speakers broke as well. I even thought about building a YouTube video for this. Um, yeah, but well it works so far. And now the question is how to proceed. So eventually Amazon will probably fix this with no update. And, um, the thing is, they cannot update current patterns unless the server can reach them. So, um, if you want to exploit your button and, um. Yeah, you and you want to reprogram it some way, um, you should deregister it from the server, so if you press it, it cannot get the update accidentally. Now, the thing is, clearing the security bit without a doesn't work. So I cannot use this exploit to simply clear the security. But, um, it might be possible to trigger a full iRace using software. I haven't tried this yet. Um, and otherwise we would need some sort of multi-stage loader, um, to reboot. Right. The flesh with a custom firmware. Um, you can grab the stuff I did so far here from the, um, the sketch repository. That's also the, um, disassembly annotations, um, file in there. And um, yeah. It's also linked using uh there's also a link on the page and um well I'm, I'm not really sure if I will do some further work on this thing. Um, so if you want to carry on, contact me and I will happily help. Yeah. Um, can contact me using this um credentials and um. Yeah well that concludes my talk for now. Um, so. We'll get to the questions. So same procedure like everywhere, if you have questions, please come up to one of the microphones. We have it here. So the way should never be so far. Yes, we have our first question. Microphone number one, please. Oh, first off, good work. That's quite impressive. Just to get code execution on it. The only question I have is how did you manage to solder those tiny, tiny wires like the spygla
ss and everything else? Yeah, well, one by one it's. I usually put my finger above the ones I already have, and then I try to tip the next one just briefly without touching the other ones. And, um, yeah, and I keep the other ones pressed on with the finger. And that's basically the magic. Um, what diameter wired with deduce is that magnetic wire or zero point one millimeters. Thank you. So, OK, we have a question from the Internet. Yes. Thank you. First, thanks for the talk. Excellent. Good job. Um, what was the disassembly you used. I don't know. OK, yeah. Microphone number four could talk just a question, how long did it take to reverse engineer everything? And you get the results you presented days, weeks, months? Um, yeah, that's a good question. And, um, I don't really keep track of time when I do these things for my hobby, because with some guys buy a cinema ticket for about ten years and get 90 minutes of fun and the dash button four, five and have plenty of weekends, so. Actually, it wasn't really that hard because there were some assertions in the code and there are several assertions so you can get the function names quite easily and then put it all together somehow. OK, thanks. Up there, there's a question, yes, yes. Um, so in the beginning, there was a time stamp. Did I see that correctly? That was a four by time stamp that I know about two thousand thirty eight. Yeah, well, yeah, I have no idea what happens then. Maybe we will issue a firmware update or something like that. Um, also, um, the certificates are stored in the wi fi controller so they probably need to update the certificates from time to time and they would probably do this with no update as well. Um, I just thought that was terribly sloppy of them. Uh. And number four, yeah, great work, I tried to dump the firmware using a power line attack, but I had no luck. So I have a question. Do you have any idea what your connection to the Bluetooth module is used for? Um, well, I thought maybe they
are using it in the IOC app, um, but I do not have an iOS device, so I cannot confirm or, um, this um, they do talk to the Bluetooth chip a bit and they check if it's there. So, um, once I disconnected it the film but didn't come up, but I didn't have a closer look at, uh, what's going on there. OK, so the Android app doesn't make use of the Bluetooth low energy. OK, OK, we have another question from the Internet. Yes. Do you think it's possible to install an operating system like Linux on the button? No, um, that's the the difference between a microcontroller and the CPU is the, uh, memory management unit. And the microcontroller does not have, um, a, uh, memory management unit. Basically, one could try micro Linux. You see Linux. Um, but I don't think, um, one hundred and sixty kilobytes of RAM are sufficient for this either. So there are plenty of, um, tiny, um, realtime operating systems, open source, um, one could use, you know, but not Linux. OK, thank you very much. Please give him another round of applause.
