‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, November 26, 2020 11:41 AM, Hernâni Marques <[email protected]> wrote:
> Dear Cypherpunks > > Adrienne Fichter, Journalist of Republik, is > searching for people who hep to analyze (backdoored) Omnisec devices, ... > German tweet, with her asking for action: > > https://twitter.com/adfichter/status/1331908267803553793 it's a fax encryption/decryption hardware. would be interesting to look for methods of master key extraction. the attack surface looks pretty rich: https://www.inmarsat.com/wp-content/uploads/2013/10/Inmarsat_Using_Omnisec_525_over_BGAN.pdf another model to consider is the Omnisec 222, often code (and bugs) re-used across model families :) look for debug pads and surprise functionality, https://github.com/grandideastudio/jtagulator , https://github.com/usb-tools/Facedancer . might need to read flash memory directly: https://libreboot.org/docs/install/rpi_setup.html attack retrieved images with Ghidra and friends. if target is hard, try glitch attacks. https://tches.iacr.org/index.php/TCHES/article/view/7390 . sounds like fun! best regards,
