0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/549 Thanks! 1 00:00:09,360 --> 00:00:11,489 Many people see huge difference 2 00:00:11,490 --> 00:00:13,679 in hacking and using methods deployed 3 00:00:13,680 --> 00:00:15,869 or other automated exploitation 4 00:00:15,870 --> 00:00:18,359 tools. Still, these tools 5 00:00:18,360 --> 00:00:20,429 paved the way to quick 6 00:00:20,430 --> 00:00:22,289 and easy system analysis. 7 00:00:22,290 --> 00:00:24,719 Yesterday and today, 8 00:00:24,720 --> 00:00:27,149 we have heard talks concerning software 9 00:00:27,150 --> 00:00:29,699 and hardware vulnerabilities. 10 00:00:29,700 --> 00:00:32,099 Hots Floyd wants to make it easier 11 00:00:32,100 --> 00:00:34,529 to look and analyze those 12 00:00:34,530 --> 00:00:37,919 vulnerabilities with your devices. 13 00:00:37,920 --> 00:00:39,989 Sometimes it is just about having 14 00:00:39,990 --> 00:00:42,239 the right tool here now to 15 00:00:42,240 --> 00:00:44,409 present the right tool. 16 00:00:44,410 --> 00:00:46,050 Julian and Gwendolyn. 17 00:00:53,520 --> 00:00:54,520 Thank you very much. 18 00:00:55,560 --> 00:00:56,729 Good evening, everyone. 19 00:00:56,730 --> 00:00:58,799 You are a lot of an 20 00:00:58,800 --> 00:01:00,729 amazing surprise for us. 21 00:01:00,730 --> 00:01:02,999 Uh, so I'm a little stressed, 22 00:01:03,000 --> 00:01:04,000 of course. 23 00:01:05,880 --> 00:01:08,909 So let's get started, 24 00:01:08,910 --> 00:01:11,039 uh, with this 25 00:01:11,040 --> 00:01:13,259 presentation of our, uh, 26 00:01:13,260 --> 00:01:15,959 we intend to show you, uh, 27 00:01:15,960 --> 00:01:18,309 the gulf between the values, 28 00:01:18,310 --> 00:01:20,609 the project, the goal we want to reach 29 00:01:20,610 --> 00:01:22,769 and how we are 30 00:01:22,770 --> 00:01:24,599 going to reach it. 31 00:01:24,600 --> 00:01:26,939 Uh, we will end the presentation 32 00:01:26,940 --> 00:01:29,189 with, uh, a lifetime of the tool. 33 00:01:29,190 --> 00:01:31,800 Uh, we like to live dangerously. 34 00:01:33,770 --> 00:01:36,139 So before I started the quick 35 00:01:36,140 --> 00:01:39,229 introduction about this, so I'm going 36 00:01:39,230 --> 00:01:41,479 I'm a protester and a software developer 37 00:01:41,480 --> 00:01:42,480 among. 38 00:01:43,210 --> 00:01:45,399 And, uh, therefore, I'm 39 00:01:45,400 --> 00:01:47,469 in charge of the eye-level, 40 00:01:47,470 --> 00:01:49,779 a alien level, part of the 41 00:01:49,780 --> 00:01:51,459 development, like the graphical 42 00:01:51,460 --> 00:01:53,679 interface, and of course, I 43 00:01:53,680 --> 00:01:55,839 do love advertising and 44 00:01:55,840 --> 00:01:57,429 that's why I'm working on this project 45 00:01:57,430 --> 00:01:58,430 with Julia. 46 00:02:00,250 --> 00:02:02,379 I'm Jim Up and electronic 47 00:02:02,380 --> 00:02:04,779 engineer, and I'm Software 48 00:02:04,780 --> 00:02:07,059 Baptista and all the weapons, of course. 49 00:02:08,139 --> 00:02:10,388 And imagine why don't you just, 50 00:02:10,389 --> 00:02:12,789 uh, uh, guy, 51 00:02:12,790 --> 00:02:14,979 because it's not expensive and it works 52 00:02:14,980 --> 00:02:16,299 perfectly. 53 00:02:16,300 --> 00:02:18,399 And for Oxblood Project, 54 00:02:18,400 --> 00:02:20,709 um, I'm the, uh, 55 00:02:20,710 --> 00:02:23,139 low level, uh, developers 56 00:02:23,140 --> 00:02:25,419 and I was born 57 00:02:25,420 --> 00:02:27,669 and developed, also called for, 58 00:02:27,670 --> 00:02:30,609 uh, microcontroller and, uh, vidale 59 00:02:30,610 --> 00:02:32,889 for the FPGA, uh, module. 60 00:02:32,890 --> 00:02:35,099 You you understand what FPGA 61 00:02:35,100 --> 00:02:36,100 after. 62 00:02:37,340 --> 00:02:39,529 OK, so the project 63 00:02:39,530 --> 00:02:41,599 is based on a simple fact that 64 00:02:41,600 --> 00:02:44,179 is the following the gap between 65 00:02:44,180 --> 00:02:46,379 hardware and software security widened 66 00:02:46,380 --> 00:02:48,259 since the 2000s. 67 00:02:48,260 --> 00:02:50,389 Uh, I think we can't really argue 68 00:02:50,390 --> 00:02:52,459 with that because we read and 69 00:02:52,460 --> 00:02:54,649 hear a lot more about software stuff 70 00:02:54,650 --> 00:02:56,929 being broken and fixed every day 71 00:02:56,930 --> 00:02:59,149 rather than hardware itself. 72 00:02:59,150 --> 00:03:01,609 And we think that it's because mainly 73 00:03:01,610 --> 00:03:04,009 as a hardware is a way to 74 00:03:04,010 --> 00:03:05,689 get access to the software. 75 00:03:07,320 --> 00:03:08,320 And. 76 00:03:11,320 --> 00:03:12,320 Sorry. 77 00:03:13,930 --> 00:03:14,930 So, 78 00:03:16,030 --> 00:03:18,339 uh, though, so it turns 79 00:03:18,340 --> 00:03:20,979 out there is not a way to get access 80 00:03:20,980 --> 00:03:22,869 to the software, and that's very 81 00:03:22,870 --> 00:03:25,159 important for what's going on right now. 82 00:03:25,160 --> 00:03:27,399 I'm sure you you've read a lot about the 83 00:03:27,400 --> 00:03:29,289 Internet of things until you get fed up 84 00:03:29,290 --> 00:03:30,290 with it. 85 00:03:31,540 --> 00:03:34,429 These things that we are talking about, 86 00:03:34,430 --> 00:03:36,549 our products and stuff going 87 00:03:36,550 --> 00:03:38,709 from the simple smart T-shirt 88 00:03:38,710 --> 00:03:40,899 to the smart, some of the stuff that 89 00:03:40,900 --> 00:03:43,029 is going to regulate the temperature 90 00:03:43,030 --> 00:03:44,979 of critical devices. 91 00:03:44,980 --> 00:03:46,999 Don't ask me why you have to add the word 92 00:03:47,000 --> 00:03:49,089 smart before everything related to a lot 93 00:03:49,090 --> 00:03:50,090 of things that I don't know. 94 00:03:51,430 --> 00:03:53,259 And so just to say that it's not only 95 00:03:53,260 --> 00:03:54,539 about computer anymore 96 00:03:57,340 --> 00:03:59,559 and the question we ask 97 00:03:59,560 --> 00:04:01,689 ourselves is the 98 00:04:01,690 --> 00:04:03,819 security speaking is up to where the new 99 00:04:03,820 --> 00:04:06,009 software we will 100 00:04:06,010 --> 00:04:08,199 have in our hands a lot of 101 00:04:08,200 --> 00:04:10,269 products, a lot of electronic products 102 00:04:10,270 --> 00:04:12,339 able to connect itself to a 103 00:04:12,340 --> 00:04:14,649 network and we need 104 00:04:14,650 --> 00:04:17,429 to assess their security. 105 00:04:17,430 --> 00:04:19,289 And to assess the security of the 106 00:04:19,290 --> 00:04:21,389 software that we have made 107 00:04:21,390 --> 00:04:23,519 a lot of progress, we have 108 00:04:23,520 --> 00:04:26,369 great projects, we have great services, 109 00:04:26,370 --> 00:04:28,499 great tools, and if you try 110 00:04:28,500 --> 00:04:30,749 to compare it to the hardware, 111 00:04:30,750 --> 00:04:32,969 but, uh, you can 112 00:04:32,970 --> 00:04:35,399 see that we have very few 113 00:04:35,400 --> 00:04:36,569 implemented solutions. 114 00:04:37,700 --> 00:04:40,189 And so we think that 115 00:04:40,190 --> 00:04:42,439 it stems from a lack of awareness 116 00:04:42,440 --> 00:04:44,509 from the designers, for the 117 00:04:44,510 --> 00:04:47,059 little example, uh, one of our client 118 00:04:47,060 --> 00:04:49,189 was wondering, uh, reading the 119 00:04:49,190 --> 00:04:51,559 audit report of his project, uh 120 00:04:51,560 --> 00:04:53,749 oh, do you guys manage to get my feet 121 00:04:53,750 --> 00:04:54,750 wet? 122 00:04:55,000 --> 00:04:57,219 And the answer was really simple, 123 00:04:57,220 --> 00:04:59,409 it's we use the same way you used 124 00:04:59,410 --> 00:05:00,579 to put your finger in. 125 00:05:02,420 --> 00:05:04,389 Yes, it's true that. 126 00:05:05,680 --> 00:05:07,839 So quick, quick 127 00:05:07,840 --> 00:05:10,209 and dirty procedure for working, 128 00:05:11,320 --> 00:05:13,629 let's imagine you have a sing 129 00:05:13,630 --> 00:05:15,999 in front of you, an object, 130 00:05:16,000 --> 00:05:18,189 an electronic product, and 131 00:05:18,190 --> 00:05:20,559 you want the potential sorry 132 00:05:20,560 --> 00:05:23,469 data that can be stored in it. 133 00:05:23,470 --> 00:05:25,629 So the first step, of course, is 134 00:05:25,630 --> 00:05:27,649 trying to open the product. 135 00:05:27,650 --> 00:05:29,769 Uh, so some designers 136 00:05:29,770 --> 00:05:31,989 try to protect this step by 137 00:05:31,990 --> 00:05:33,789 making the product really difficult to 138 00:05:33,790 --> 00:05:36,279 open. Uh, so, of course, it's 139 00:05:36,280 --> 00:05:38,379 not the best solution, because if someone 140 00:05:38,380 --> 00:05:40,209 really wants to open the product, you 141 00:05:40,210 --> 00:05:41,559 will be able to do it. 142 00:05:41,560 --> 00:05:43,809 You will not just be able to rebuild 143 00:05:43,810 --> 00:05:45,370 it and make it work again. 144 00:05:47,000 --> 00:05:50,079 Uh, step number to fingerprinting. 145 00:05:50,080 --> 00:05:52,989 Uh, so when you have your product open, 146 00:05:52,990 --> 00:05:55,209 you will find the PCB probably 147 00:05:55,210 --> 00:05:57,189 with a lot of components, electronic 148 00:05:57,190 --> 00:05:59,319 components, and you just have to 149 00:05:59,320 --> 00:06:01,449 read also references of 150 00:06:01,450 --> 00:06:02,559 these components. 151 00:06:02,560 --> 00:06:04,719 And to find, uh, the 152 00:06:04,720 --> 00:06:06,939 interesting one and the step is read, 153 00:06:06,940 --> 00:06:08,259 the fucking data should step 154 00:06:09,490 --> 00:06:10,539 up. 155 00:06:10,540 --> 00:06:12,789 And when you have detected 156 00:06:12,790 --> 00:06:14,929 the interesting components like memories, 157 00:06:14,930 --> 00:06:17,229 uh, microcontroller, uh, 158 00:06:17,230 --> 00:06:19,059 you are going to use them. 159 00:06:19,060 --> 00:06:21,279 So you have to wait to that. 160 00:06:21,280 --> 00:06:23,439 You can insert a component and 161 00:06:23,440 --> 00:06:25,539 try to plug it on another piece of it to 162 00:06:25,540 --> 00:06:27,129 work on it more easily. 163 00:06:27,130 --> 00:06:29,319 Or you can directly connect the 164 00:06:29,320 --> 00:06:30,369 tool you are using. 165 00:06:30,370 --> 00:06:32,889 You are used to as a component 166 00:06:32,890 --> 00:06:34,759 to perform and an. 167 00:06:34,760 --> 00:06:35,760 So busway. 168 00:06:36,840 --> 00:06:38,969 And then when you are 169 00:06:38,970 --> 00:06:41,139 connected to it, you try to perform, 170 00:06:41,140 --> 00:06:43,469 read and write operation to 171 00:06:43,470 --> 00:06:45,749 access the data and then, 172 00:06:45,750 --> 00:06:47,369 of course, you have the data, you are 173 00:06:47,370 --> 00:06:50,009 going to reverse engineering the process 174 00:06:50,010 --> 00:06:52,229 to try to find vulnerabilities and 175 00:06:52,230 --> 00:06:53,279 to exploit it. 176 00:06:53,280 --> 00:06:54,280 Of course. 177 00:06:58,830 --> 00:07:00,899 This is our purpose, 178 00:07:00,900 --> 00:07:01,829 absolute purpose. 179 00:07:01,830 --> 00:07:04,049 It's to work, it's to dump all 180 00:07:04,050 --> 00:07:05,909 the data we want to do that. 181 00:07:05,910 --> 00:07:08,369 Uh, so but beyond 182 00:07:08,370 --> 00:07:11,099 that, we want to make this, 183 00:07:11,100 --> 00:07:13,289 uh, step number four right here 184 00:07:13,290 --> 00:07:15,899 to be child's play, OK? 185 00:07:15,900 --> 00:07:18,359 And we want to dump all the data 186 00:07:18,360 --> 00:07:20,729 allowing someone that is just able 187 00:07:20,730 --> 00:07:23,349 to read a data sheet or to 188 00:07:23,350 --> 00:07:25,679 solve one of two ways 189 00:07:25,680 --> 00:07:28,559 to do that, to dump the data. 190 00:07:28,560 --> 00:07:31,289 The goal is to create a bridge between 191 00:07:31,290 --> 00:07:33,020 the hardware and software, 192 00:07:34,350 --> 00:07:36,429 most of the time software, and 193 00:07:36,430 --> 00:07:37,949 they still know how to access the 194 00:07:37,950 --> 00:07:40,409 software. But when you have 195 00:07:40,410 --> 00:07:42,239 all the way out is more complicated 196 00:07:42,240 --> 00:07:43,199 sometimes. 197 00:07:43,200 --> 00:07:45,299 So the goal today is 198 00:07:45,300 --> 00:07:47,399 just to present you a tool 199 00:07:47,400 --> 00:07:49,050 to create a bridge, to 200 00:07:50,380 --> 00:07:52,769 have a simple way to read 201 00:07:52,770 --> 00:07:55,079 the same data as 202 00:07:55,080 --> 00:07:56,670 software vendors to have. 203 00:07:57,920 --> 00:08:00,109 I told you before that my profile was not 204 00:08:00,110 --> 00:08:02,179 about software stuff, and 205 00:08:02,180 --> 00:08:04,429 a guy like me should be able and now 206 00:08:04,430 --> 00:08:05,379 I'm able to do it. 207 00:08:05,380 --> 00:08:06,380 Yeah. 208 00:08:06,950 --> 00:08:09,019 To to to interact 209 00:08:09,020 --> 00:08:11,059 with electronic components without having 210 00:08:11,060 --> 00:08:13,129 to struggle with a 211 00:08:13,130 --> 00:08:14,899 lot of documentation and things like 212 00:08:14,900 --> 00:08:16,969 that. And to know all 213 00:08:16,970 --> 00:08:19,069 or you need to know about electronics to 214 00:08:19,070 --> 00:08:20,070 do that. 215 00:08:22,440 --> 00:08:24,669 So, oh, wait. 216 00:08:24,670 --> 00:08:26,789 Why would you want to dump data, that's 217 00:08:26,790 --> 00:08:29,309 a bit of a silly question, but 218 00:08:29,310 --> 00:08:31,439 because of course, you can find a lot 219 00:08:31,440 --> 00:08:33,749 of interesting information inside 220 00:08:33,750 --> 00:08:35,908 memories inside microcontroller. 221 00:08:35,909 --> 00:08:38,099 Uh, you can find passwords 222 00:08:38,100 --> 00:08:39,219 in text sometimes. 223 00:08:39,220 --> 00:08:41,548 It's the equivalent of the sticky note, 224 00:08:41,549 --> 00:08:44,079 uh, on the screen of the computer and 225 00:08:44,080 --> 00:08:46,649 the hardware, uh, 226 00:08:46,650 --> 00:08:48,959 you can find, uh, filesystems and 227 00:08:48,960 --> 00:08:49,960 firmware. 228 00:08:53,600 --> 00:08:55,669 And maybe you're 229 00:08:55,670 --> 00:08:57,799 just a curious person and you just want 230 00:08:57,800 --> 00:09:00,079 to know of the electronic product, 231 00:09:00,080 --> 00:09:01,369 you just died. Well. 232 00:09:02,520 --> 00:09:04,799 It can be just that and 233 00:09:04,800 --> 00:09:06,809 you should be able to do that. 234 00:09:06,810 --> 00:09:09,179 And so how do you get access, 235 00:09:09,180 --> 00:09:11,009 how to interact with an electronic 236 00:09:11,010 --> 00:09:13,349 component you are going to use 237 00:09:13,350 --> 00:09:14,279 best. 238 00:09:14,280 --> 00:09:16,619 So here is a 239 00:09:16,620 --> 00:09:18,719 not exhaustive list of them. 240 00:09:18,720 --> 00:09:21,659 We can find a spy to see 241 00:09:21,660 --> 00:09:23,199 she died. 242 00:09:23,200 --> 00:09:25,269 So you may be familiar with this, these 243 00:09:25,270 --> 00:09:26,889 busses and 244 00:09:27,970 --> 00:09:30,099 so the busses are 245 00:09:30,100 --> 00:09:32,259 deployed Cannondale, and the more we will 246 00:09:32,260 --> 00:09:34,539 be able to interact with the electronic 247 00:09:34,540 --> 00:09:36,339 components and this is our goal. 248 00:09:40,900 --> 00:09:42,969 So you may wonder, OK, 249 00:09:42,970 --> 00:09:45,549 but I know some tools that exist 250 00:09:45,550 --> 00:09:48,269 and they do the same, 251 00:09:48,270 --> 00:09:50,649 the same as applied, and 252 00:09:50,650 --> 00:09:53,169 we some people ask this question 253 00:09:53,170 --> 00:09:54,129 a lot of time. 254 00:09:54,130 --> 00:09:56,349 So we just create a quick review of 255 00:09:56,350 --> 00:09:58,059 the existing tool. 256 00:09:58,060 --> 00:10:00,279 So like best pilot or regulator 257 00:10:00,280 --> 00:10:02,259 or good fed up with some tool, we are 258 00:10:02,260 --> 00:10:04,839 using them for about it. 259 00:10:04,840 --> 00:10:07,179 But because we use them, we 260 00:10:07,180 --> 00:10:09,969 we know what our limits 261 00:10:09,970 --> 00:10:12,459 and we took inspiration 262 00:10:12,460 --> 00:10:13,929 from them for aspect. 263 00:10:15,010 --> 00:10:17,739 So you can see that, for example, 264 00:10:17,740 --> 00:10:20,169 we are the managers 265 00:10:20,170 --> 00:10:22,469 of the parallel, but, uh, 266 00:10:22,470 --> 00:10:24,609 so the parallel memories and 267 00:10:24,610 --> 00:10:27,519 we focus mainly on modularity. 268 00:10:27,520 --> 00:10:29,169 All the tools are based on 269 00:10:29,170 --> 00:10:31,719 microcontroller and we use FPGA, 270 00:10:31,720 --> 00:10:33,999 uh, that can be called we serve 271 00:10:34,000 --> 00:10:36,159 HGL to be, uh, to 272 00:10:36,160 --> 00:10:37,599 improve modularity. 273 00:10:37,600 --> 00:10:39,729 If a new bus, uh, came, I 274 00:10:39,730 --> 00:10:41,949 would say, uh, you we can we 275 00:10:41,950 --> 00:10:44,199 can be uh um we 276 00:10:44,200 --> 00:10:46,450 can, we can it can work with absolute. 277 00:10:48,440 --> 00:10:49,440 OK. 278 00:10:51,090 --> 00:10:53,219 So here is 279 00:10:53,220 --> 00:10:55,499 a little, uh, communication side 280 00:10:55,500 --> 00:10:57,999 oh, uh oh, you interact 281 00:10:58,000 --> 00:11:00,479 with aspect of the user, too. 282 00:11:00,480 --> 00:11:02,549 Uh, we we start first 283 00:11:02,550 --> 00:11:05,049 with the eye level, uh, 284 00:11:05,050 --> 00:11:07,259 the grease or the graphical interface 285 00:11:07,260 --> 00:11:09,359 with, uh, that is developed 286 00:11:09,360 --> 00:11:11,609 with, uh, language. 287 00:11:11,610 --> 00:11:14,339 Uh, so the interface speak 288 00:11:14,340 --> 00:11:16,829 communicate with API. 289 00:11:16,830 --> 00:11:18,989 Uh, usability is connected 290 00:11:18,990 --> 00:11:21,869 to the computer with a USB 2.0, 291 00:11:21,870 --> 00:11:23,519 uh, communication. 292 00:11:25,570 --> 00:11:27,759 And then applied to use 293 00:11:27,760 --> 00:11:29,949 his microcontroller as a bridge to 294 00:11:29,950 --> 00:11:32,379 communicate with the FPGA and the FPGA 295 00:11:32,380 --> 00:11:34,509 memory by using the Espers. 296 00:11:35,980 --> 00:11:38,829 And then the FPGA, that's 297 00:11:38,830 --> 00:11:40,899 the big part, uh, 298 00:11:40,900 --> 00:11:43,809 it's this component that is going to 299 00:11:43,810 --> 00:11:46,059 to manage, uh, also the best 300 00:11:46,060 --> 00:11:47,060 we can work with. 301 00:11:48,100 --> 00:11:50,559 And so the FPGA with a compatible 302 00:11:50,560 --> 00:11:53,229 base, will be able to interact with, 303 00:11:53,230 --> 00:11:55,339 uh, the eye of 304 00:11:55,340 --> 00:11:57,879 our deployed in order to 305 00:11:57,880 --> 00:12:00,029 work with to communicate with a target. 306 00:12:01,300 --> 00:12:03,489 So you can see a quick list 307 00:12:03,490 --> 00:12:05,709 of possible interaction, uh, like 308 00:12:05,710 --> 00:12:08,619 sniffin, reading, writing and 309 00:12:08,620 --> 00:12:10,089 executing custom commands. 310 00:12:11,380 --> 00:12:13,479 And what you want is you create 311 00:12:13,480 --> 00:12:16,209 a custom module in FPGA, 312 00:12:16,210 --> 00:12:18,429 uh, you can send another 313 00:12:18,430 --> 00:12:20,589 one and you can interact 314 00:12:20,590 --> 00:12:23,289 or create something, uh, 315 00:12:23,290 --> 00:12:25,539 like, uh, I don't know what you want. 316 00:12:25,540 --> 00:12:27,729 If you know about Virgile, you will 317 00:12:27,730 --> 00:12:29,859 be able to create, uh, your 318 00:12:29,860 --> 00:12:32,049 own after plate module to work with 319 00:12:32,050 --> 00:12:33,039 a specific base. 320 00:12:33,040 --> 00:12:35,409 Yeah. For custom protocol, for example, 321 00:12:35,410 --> 00:12:36,600 or something like that. 322 00:12:39,280 --> 00:12:40,890 OK, it's a prototype making. 323 00:12:41,920 --> 00:12:44,079 So we are a little company, 324 00:12:44,080 --> 00:12:46,299 so we use the 325 00:12:46,300 --> 00:12:48,999 low budget style solution, uh, 326 00:12:49,000 --> 00:12:51,669 we just paid for our first prototype. 327 00:12:51,670 --> 00:12:53,919 We just basically and, 328 00:12:53,920 --> 00:12:55,899 uh, here you can see, uh, yes. 329 00:12:55,900 --> 00:12:57,729 You're not dreaming. It's, uh, duct tape. 330 00:12:57,730 --> 00:12:59,889 And PCP's crept towards the building. 331 00:12:59,890 --> 00:13:02,049 It is the way 332 00:13:02,050 --> 00:13:04,299 we used to apply soldering passed 333 00:13:04,300 --> 00:13:05,300 on the PCB. 334 00:13:07,260 --> 00:13:10,199 So and for that, we we use a stencil, 335 00:13:10,200 --> 00:13:12,509 and when you you put sort 336 00:13:12,510 --> 00:13:14,699 of just, uh, Truls 337 00:13:14,700 --> 00:13:17,189 all the sort of past, 338 00:13:17,190 --> 00:13:19,289 uh, but on the top of the 339 00:13:19,290 --> 00:13:21,689 PCB, on the top of the board 340 00:13:21,690 --> 00:13:24,029 and after, you need just to put 341 00:13:24,030 --> 00:13:26,249 your microcontroller or FPGA 342 00:13:26,250 --> 00:13:29,099 or 64 LEDs manually, 343 00:13:29,100 --> 00:13:31,319 for example, and you can 344 00:13:31,320 --> 00:13:33,629 create your own blood like that. 345 00:13:33,630 --> 00:13:36,089 And this operation, uh, require 346 00:13:36,090 --> 00:13:38,429 a lot of accuracy, uh, 347 00:13:38,430 --> 00:13:40,769 because the FPGA, for example, 348 00:13:40,770 --> 00:13:43,229 like, uh, 64 pins and, 349 00:13:43,230 --> 00:13:45,569 uh, they are really close to each of the 350 00:13:45,570 --> 00:13:46,729 144. 351 00:13:46,730 --> 00:13:47,879 OK, sorry. Sorry for that. 352 00:13:49,140 --> 00:13:51,569 And so step number two, 353 00:13:51,570 --> 00:13:53,789 uh, you've placed your component, uh, 354 00:13:53,790 --> 00:13:56,129 with your little hands on the board and 355 00:13:56,130 --> 00:13:57,089 past. 356 00:13:57,090 --> 00:13:59,429 You use this slightly 357 00:13:59,430 --> 00:14:02,189 modified event, uh, 358 00:14:02,190 --> 00:14:04,379 to to, uh, 359 00:14:04,380 --> 00:14:05,609 melt the following. 360 00:14:05,610 --> 00:14:07,969 But, uh, so it's, uh, classical 361 00:14:07,970 --> 00:14:09,479 then, of course, uh, slightly modified 362 00:14:09,480 --> 00:14:11,579 with, uh, an appliance 363 00:14:11,580 --> 00:14:13,099 that, uh, Jillian developed. 364 00:14:13,100 --> 00:14:15,239 Uh, it's not perfect. 365 00:14:15,240 --> 00:14:16,379 It works. It works. 366 00:14:16,380 --> 00:14:18,499 You have to learn to 367 00:14:18,500 --> 00:14:21,209 step. You need to open the door 368 00:14:21,210 --> 00:14:23,069 to to the case. 369 00:14:23,070 --> 00:14:24,389 Told you the idea. 370 00:14:24,390 --> 00:14:25,499 Yes, I. 371 00:14:25,500 --> 00:14:26,549 Why don't we just. 372 00:14:26,550 --> 00:14:27,550 And 373 00:14:28,710 --> 00:14:30,779 so OK, so he 374 00:14:30,780 --> 00:14:33,269 flew in and this is the 375 00:14:33,270 --> 00:14:35,609 V0 that one 376 00:14:35,610 --> 00:14:36,629 Asplund prototype. 377 00:14:36,630 --> 00:14:38,219 OK, don't leave the room node. 378 00:14:38,220 --> 00:14:39,989 Just only a prototype. 379 00:14:39,990 --> 00:14:42,569 Uh, we called it the Green Goblin. 380 00:14:42,570 --> 00:14:45,029 So you baby as you can see, uh, 381 00:14:45,030 --> 00:14:47,879 so we have the, uh, 64 382 00:14:47,880 --> 00:14:50,249 year old, uh, at the bottom, 383 00:14:50,250 --> 00:14:52,409 the FPGA, uh, in the 384 00:14:52,410 --> 00:14:53,410 center. 385 00:14:54,860 --> 00:14:57,129 And Christmas Day, 386 00:14:57,130 --> 00:14:59,869 OK, they passed and Juliann 387 00:14:59,870 --> 00:15:01,939 improved the process, and 388 00:15:01,940 --> 00:15:04,429 so we gain a budget 389 00:15:04,430 --> 00:15:06,799 and we budget, we were able 390 00:15:06,800 --> 00:15:08,929 to buy some more efficient 391 00:15:08,930 --> 00:15:11,899 tool. Uh, so the stenciling 392 00:15:11,900 --> 00:15:14,019 first photo to apply the law 393 00:15:14,020 --> 00:15:16,129 passed. So no more no more duct 394 00:15:16,130 --> 00:15:17,539 tape anymore. 395 00:15:17,540 --> 00:15:19,759 Uh, so the, uh, then 396 00:15:19,760 --> 00:15:22,159 you have to pick and place machine to, 397 00:15:22,160 --> 00:15:24,229 uh, just put your component on 398 00:15:24,230 --> 00:15:26,509 the ceiling. And trust me, when you have 399 00:15:26,510 --> 00:15:28,729 like 64 lead, uh, 400 00:15:28,730 --> 00:15:31,219 LEDs, sorry to place, uh, 401 00:15:31,220 --> 00:15:33,169 it can be very useful. 402 00:15:33,170 --> 00:15:35,239 And we have a brand new 403 00:15:35,240 --> 00:15:38,029 Pflugerville. Uh, I'm not sure you can 404 00:15:38,030 --> 00:15:40,459 design this one. Uh, neighbors 405 00:15:40,460 --> 00:15:41,779 didn't allow me to try. 406 00:15:41,780 --> 00:15:43,849 Yes, you can. But, uh, again, if you 407 00:15:43,850 --> 00:15:45,979 need to show what the police are 408 00:15:45,980 --> 00:15:46,980 saying, 409 00:15:48,140 --> 00:15:50,449 um, so far 410 00:15:50,450 --> 00:15:52,609 where it was pretty pretty much 411 00:15:52,610 --> 00:15:54,440 like an. 412 00:15:56,050 --> 00:15:58,599 It's the results, the final version 413 00:15:58,600 --> 00:16:00,939 of the ball, 414 00:16:00,940 --> 00:16:03,039 so small, 415 00:16:03,040 --> 00:16:05,439 of course, uh, we have, 416 00:16:05,440 --> 00:16:07,719 uh, 64, uh, 417 00:16:07,720 --> 00:16:09,789 like I said, with 418 00:16:09,790 --> 00:16:12,069 a slide for each of the, uh, 419 00:16:12,070 --> 00:16:14,169 of the P uh, you 420 00:16:14,170 --> 00:16:17,079 can connect a target, uh, 421 00:16:17,080 --> 00:16:19,129 working on the three points, three or 422 00:16:19,130 --> 00:16:20,130 five. 423 00:16:20,710 --> 00:16:22,969 Uh, so we use a cyclone to 424 00:16:22,970 --> 00:16:25,239 FPGA us b to 425 00:16:25,240 --> 00:16:27,369 communication, like I said, and, 426 00:16:27,370 --> 00:16:29,899 uh, and you have, um, projection, 427 00:16:29,900 --> 00:16:32,409 uh, uh, against, 428 00:16:32,410 --> 00:16:35,199 uh, ESD, uh, discharge. 429 00:16:35,200 --> 00:16:38,469 It's important when you plug in and plug, 430 00:16:38,470 --> 00:16:40,629 as you can see, uh, it's not 431 00:16:40,630 --> 00:16:42,909 the size of a USB key, but 432 00:16:42,910 --> 00:16:45,129 you can hold it in 433 00:16:45,130 --> 00:16:46,679 one one, OK? 434 00:16:46,680 --> 00:16:47,680 It's better. 435 00:16:50,360 --> 00:16:52,649 So it's pretty lightweight and 436 00:16:52,650 --> 00:16:53,650 fitting went on. 437 00:16:58,620 --> 00:17:00,779 OK, so how 438 00:17:00,780 --> 00:17:02,869 do we organize athletes, so we have to 439 00:17:02,870 --> 00:17:05,189 absolute your UK, you can 440 00:17:05,190 --> 00:17:07,348 plug in where you are, your target to 441 00:17:07,349 --> 00:17:09,868 exploit, you 442 00:17:09,869 --> 00:17:12,059 will be able to manage a list of 443 00:17:12,060 --> 00:17:13,769 components that you have created 444 00:17:15,780 --> 00:17:17,818 so you can subcomponent create them, 445 00:17:17,819 --> 00:17:19,239 shell them. 446 00:17:19,240 --> 00:17:20,519 Uh, you have the. 447 00:17:20,520 --> 00:17:21,419 Come on. 448 00:17:21,420 --> 00:17:24,209 Come on. But, uh, follow specific 449 00:17:24,210 --> 00:17:25,709 follow specific component. 450 00:17:25,710 --> 00:17:27,109 You will have a command. 451 00:17:28,240 --> 00:17:30,729 And then the interact 452 00:17:30,730 --> 00:17:33,489 module where you can find 453 00:17:33,490 --> 00:17:35,889 the list of the busses we can 454 00:17:35,890 --> 00:17:36,890 interact with. 455 00:17:39,120 --> 00:17:40,650 For the graphical interface. 456 00:17:41,840 --> 00:17:44,059 Uh, I, I 457 00:17:44,060 --> 00:17:46,759 use the Kutty well, no, Liberi, 458 00:17:46,760 --> 00:17:49,849 uh, with, uh, be programing language, 459 00:17:49,850 --> 00:17:52,129 and I divided, uh, in a 460 00:17:52,130 --> 00:17:53,659 three part. 461 00:17:53,660 --> 00:17:55,849 So you as the chief management to 462 00:17:55,850 --> 00:17:57,859 manage your components of electrical 463 00:17:57,860 --> 00:17:59,829 components, then you have the way your 464 00:17:59,830 --> 00:18:01,969 helper to help you where your, 465 00:18:01,970 --> 00:18:04,489 uh, your target to exploit 466 00:18:04,490 --> 00:18:06,679 and then you have the common 467 00:18:06,680 --> 00:18:09,079 manager to create command, 468 00:18:09,080 --> 00:18:10,229 uh to which the. 469 00:18:11,510 --> 00:18:13,759 Classical and it looks 470 00:18:13,760 --> 00:18:14,960 like this. 471 00:18:16,040 --> 00:18:18,289 So this is, for example, on the middle, 472 00:18:18,290 --> 00:18:20,569 the first window that's open 473 00:18:20,570 --> 00:18:22,759 when you launch a tablet, uh, 474 00:18:22,760 --> 00:18:24,829 you can see that we have, uh, a table 475 00:18:24,830 --> 00:18:26,119 with several components. 476 00:18:26,120 --> 00:18:28,309 Uh, so the current 477 00:18:28,310 --> 00:18:31,109 chip we are using is, uh, 24, 478 00:18:31,110 --> 00:18:32,110 64. 479 00:18:32,840 --> 00:18:34,999 Uh, when you work on a specific 480 00:18:35,000 --> 00:18:37,249 chip, it, uh, it will appear in 481 00:18:37,250 --> 00:18:39,650 the tree. You can see on the left. 482 00:18:41,120 --> 00:18:43,369 You have several options, uh, 483 00:18:43,370 --> 00:18:45,289 so where you're Ingleburn, you can edit 484 00:18:45,290 --> 00:18:47,239 your component, of course, use it as a 485 00:18:47,240 --> 00:18:49,429 template to create another 486 00:18:49,430 --> 00:18:51,769 similar component, uh, delete, 487 00:18:51,770 --> 00:18:53,899 uh, obviously, and 488 00:18:53,900 --> 00:18:55,819 and also manage, uh, option. 489 00:18:55,820 --> 00:18:57,799 You will have all the bases compatible 490 00:18:57,800 --> 00:18:59,239 with this component. 491 00:18:59,240 --> 00:19:01,879 So, uh, it's, uh, and, uh, 492 00:19:01,880 --> 00:19:04,009 a component user base to try to 493 00:19:04,010 --> 00:19:05,059 see best. 494 00:19:05,060 --> 00:19:07,459 And you can add, uh, specific 495 00:19:07,460 --> 00:19:10,069 settings, uh, that we ask for this, but 496 00:19:10,070 --> 00:19:12,599 you can use, uh, custom commands menu. 497 00:19:12,600 --> 00:19:15,059 You can import and export 498 00:19:15,060 --> 00:19:17,449 expertize like the dump of the content 499 00:19:17,450 --> 00:19:19,130 of the, uh, the component. 500 00:19:20,670 --> 00:19:23,039 And on the right, 501 00:19:23,040 --> 00:19:25,829 it's the form to create a component. 502 00:19:25,830 --> 00:19:28,139 So we ask for the reference 503 00:19:28,140 --> 00:19:30,329 of the component, we ask for 504 00:19:30,330 --> 00:19:32,579 the voltage, we ask for the 505 00:19:32,580 --> 00:19:34,959 manufacturer to type the package. 506 00:19:34,960 --> 00:19:37,049 Uh, all all the information, 507 00:19:37,050 --> 00:19:39,509 uh, required, uh, 508 00:19:39,510 --> 00:19:41,699 you can find them in the component 509 00:19:41,700 --> 00:19:42,899 data datasheet. 510 00:19:42,900 --> 00:19:44,189 So nothing difficult. 511 00:19:44,190 --> 00:19:47,179 And the last part is the last part is 512 00:19:47,180 --> 00:19:50,199 the subpoena subpoena table. 513 00:19:50,200 --> 00:19:52,259 So, uh, we have, uh, like a 514 00:19:52,260 --> 00:19:54,629 pin for this component and 515 00:19:54,630 --> 00:19:56,819 we only use the PIN number 516 00:19:56,820 --> 00:19:59,009 five and number six so 517 00:19:59,010 --> 00:20:01,379 we can see work on it to see. 518 00:20:01,380 --> 00:20:03,599 And we have the second signal 519 00:20:03,600 --> 00:20:05,759 associated to this uh, to this person, 520 00:20:05,760 --> 00:20:06,760 to this pin. 521 00:20:10,610 --> 00:20:13,649 OK, so the important part. 522 00:20:13,650 --> 00:20:16,259 Uh, it doesn't help if it's one 523 00:20:16,260 --> 00:20:18,689 of our favorite mujer it 524 00:20:18,690 --> 00:20:21,689 to connect your target to articulate 525 00:20:21,690 --> 00:20:24,209 and I'm colorblind, 526 00:20:24,210 --> 00:20:26,399 so I don't like to try 527 00:20:26,400 --> 00:20:28,589 to put the blue and the pink 528 00:20:28,590 --> 00:20:31,679 as I know we walk by using leather. 529 00:20:31,680 --> 00:20:33,839 So here's that data sheet presentation 530 00:20:33,840 --> 00:20:35,249 of the component. 531 00:20:35,250 --> 00:20:37,409 When you have created created in 532 00:20:37,410 --> 00:20:39,699 that place you can use the wiring 533 00:20:39,700 --> 00:20:42,059 and Palmarejo and it gave you, uh, 534 00:20:42,060 --> 00:20:44,399 give you as a representation 535 00:20:44,400 --> 00:20:45,479 of the component. 536 00:20:45,480 --> 00:20:47,579 And we can see that here we have a number 537 00:20:47,580 --> 00:20:50,129 as a PIN number, uh, five and six. 538 00:20:50,130 --> 00:20:52,349 And if you want to wear your S.J, 539 00:20:52,350 --> 00:20:54,449 for example, you just have to click 540 00:20:54,450 --> 00:20:55,589 on it. 541 00:20:55,590 --> 00:20:57,899 And when you click on the pin, 542 00:20:57,900 --> 00:21:00,359 uh, it will automatically, 543 00:21:00,360 --> 00:21:02,819 uh, turn on the 544 00:21:02,820 --> 00:21:04,769 LEDs specifically at underbody. 545 00:21:04,770 --> 00:21:06,509 And so, you know, we are to connect this 546 00:21:06,510 --> 00:21:07,710 pin to multiplied 547 00:21:08,850 --> 00:21:11,039 Susya, uh, 548 00:21:11,040 --> 00:21:13,529 for each pin driver led 549 00:21:13,530 --> 00:21:15,599 to to explain to to 550 00:21:15,600 --> 00:21:18,119 show where you need to to put 551 00:21:18,120 --> 00:21:19,229 the wire. 552 00:21:19,230 --> 00:21:21,149 I don't know if you use both Pyott or 553 00:21:21,150 --> 00:21:23,459 something like that. Uh, 554 00:21:23,460 --> 00:21:25,649 some time is very boring to find 555 00:21:25,650 --> 00:21:26,609 a good way. 556 00:21:26,610 --> 00:21:28,919 And some time you have a big drug 557 00:21:28,920 --> 00:21:29,819 if you want to. 558 00:21:29,820 --> 00:21:32,339 But, uh, file the sample SDK 559 00:21:32,340 --> 00:21:33,329 for it to see. 560 00:21:33,330 --> 00:21:35,429 You need to put your wire on Mozi 561 00:21:35,430 --> 00:21:37,169 and you don't know why. 562 00:21:37,170 --> 00:21:38,529 So. 563 00:21:38,530 --> 00:21:40,849 It's not easy sometimes we try 564 00:21:40,850 --> 00:21:42,690 to make this step really simple. 565 00:21:46,820 --> 00:21:48,289 OK, I'm going to be quick on that, 566 00:21:48,290 --> 00:21:49,849 because we are going to see that in the 567 00:21:49,850 --> 00:21:51,109 light of day and, 568 00:21:52,520 --> 00:21:55,249 uh, yes, what about the API? 569 00:21:55,250 --> 00:21:57,439 Uh, so you can use it freely, of 570 00:21:57,440 --> 00:22:00,039 course, uh, if you don't want to 571 00:22:00,040 --> 00:22:01,459 to use the graphical interface, of 572 00:22:01,460 --> 00:22:03,649 course, you are not obliged to. 573 00:22:03,650 --> 00:22:06,089 You can create your own if you want, 574 00:22:06,090 --> 00:22:08,239 uh, end users 575 00:22:08,240 --> 00:22:09,529 with your own program. 576 00:22:09,530 --> 00:22:11,059 So it's free, open. 577 00:22:11,060 --> 00:22:12,589 Uh, well documented. 578 00:22:12,590 --> 00:22:13,820 So do not hesitate. 579 00:22:16,160 --> 00:22:18,150 OK, so what's already available? 580 00:22:20,360 --> 00:22:22,579 We can work with parallel busses, 581 00:22:22,580 --> 00:22:24,859 we are helping wiring, you can work 582 00:22:24,860 --> 00:22:27,259 with eye to see, eye to see bus. 583 00:22:27,260 --> 00:22:29,239 Uh, spy. 584 00:22:29,240 --> 00:22:31,639 We are compatible with 585 00:22:31,640 --> 00:22:34,459 W.D., uh, pharmaceutical. 586 00:22:34,460 --> 00:22:36,889 And you can use, uh, 64, 587 00:22:36,890 --> 00:22:39,739 uh, uh, 588 00:22:39,740 --> 00:22:41,929 for your convenience, uh, to do some 589 00:22:41,930 --> 00:22:42,950 banking, for example. 590 00:22:44,100 --> 00:22:46,589 So that's what we have for the moment 591 00:22:46,590 --> 00:22:49,469 and what we want for the future 592 00:22:49,470 --> 00:22:51,779 is, for example, the component and 593 00:22:51,780 --> 00:22:52,859 common sharing platform 594 00:22:54,090 --> 00:22:56,159 for software, we can find a website 595 00:22:56,160 --> 00:22:58,439 with a lot of exploit fight over 596 00:22:58,440 --> 00:23:00,569 and you can download them and use 597 00:23:00,570 --> 00:23:02,939 them in tools like you displayed. 598 00:23:02,940 --> 00:23:05,159 And I want the same for us 599 00:23:05,160 --> 00:23:07,319 that say you can download 600 00:23:07,320 --> 00:23:09,689 a component with his command 601 00:23:09,690 --> 00:23:13,019 and integrate it to your aspirates. 602 00:23:13,020 --> 00:23:15,209 Uh, you will have 603 00:23:15,210 --> 00:23:17,639 you have module is a communication, 604 00:23:17,640 --> 00:23:19,969 but we certainly Mimili 605 00:23:19,970 --> 00:23:22,589 A to sniffing space sniffing. 606 00:23:22,590 --> 00:23:24,989 Uh, we want to add wireless 607 00:23:24,990 --> 00:23:27,869 communication to a training platform. 608 00:23:27,870 --> 00:23:30,059 Uh, MLO integration, 609 00:23:30,060 --> 00:23:31,109 of course. Of course. 610 00:23:31,110 --> 00:23:33,389 Uh, so just launch the 611 00:23:33,390 --> 00:23:35,519 module and display it and 612 00:23:35,520 --> 00:23:37,109 you will be able to use our templates. 613 00:23:37,110 --> 00:23:39,429 So we are working on that, uh, 614 00:23:39,430 --> 00:23:41,609 Zedek final out. 615 00:23:41,610 --> 00:23:43,889 Find the one where you can use, 616 00:23:43,890 --> 00:23:45,030 et cetera. So this was on. 617 00:23:46,610 --> 00:23:48,679 And no, because a life demo 618 00:23:48,680 --> 00:23:51,529 is better than, uh, than the speech, 619 00:23:51,530 --> 00:23:53,779 we are going to show you a concrete case 620 00:23:53,780 --> 00:23:56,409 of, uh, using exploit. 621 00:23:56,410 --> 00:23:58,489 So let's imagine we 622 00:23:58,490 --> 00:24:00,689 have a doll, uh, that is good, 623 00:24:00,690 --> 00:24:03,949 that use an electrical system. 624 00:24:03,950 --> 00:24:06,319 So you have a good two and, uh, 625 00:24:06,320 --> 00:24:08,419 abcde for little, 626 00:24:08,420 --> 00:24:10,519 uh, if the combination is right 627 00:24:11,710 --> 00:24:13,789 and if communism is 628 00:24:13,790 --> 00:24:15,849 wrong, of course, the doors stay closed. 629 00:24:17,470 --> 00:24:18,969 So what can we do? 630 00:24:18,970 --> 00:24:21,099 We open it and 631 00:24:21,100 --> 00:24:22,460 we find that OK. 632 00:24:23,870 --> 00:24:26,300 So we can see there is evidence ABCDE. 633 00:24:28,040 --> 00:24:30,769 And then the finger pointing step so 634 00:24:30,770 --> 00:24:33,049 we can see that we have, uh, one 635 00:24:33,050 --> 00:24:35,929 S.P.I memory to try to see memories 636 00:24:35,930 --> 00:24:37,879 and one microcontroller. 637 00:24:37,880 --> 00:24:38,880 OK. 638 00:24:41,060 --> 00:24:42,959 Online, offline analysis. 639 00:24:42,960 --> 00:24:45,109 Are we going to insult a component or 640 00:24:45,110 --> 00:24:47,269 just to plug wealth directly 641 00:24:47,270 --> 00:24:48,309 on it? 642 00:24:48,310 --> 00:24:49,310 Your choice? 643 00:24:51,810 --> 00:24:52,810 And that's a scenario. 644 00:24:54,930 --> 00:24:56,819 We open up the plates, we create the 645 00:24:56,820 --> 00:24:58,919 component, we connect 646 00:24:58,920 --> 00:25:01,109 the component to exploit we until 647 00:25:01,110 --> 00:25:03,419 the component settings, of course, and 648 00:25:03,420 --> 00:25:05,729 then we dump the contents, 649 00:25:05,730 --> 00:25:08,069 the content of the memories, 650 00:25:08,070 --> 00:25:11,069 and we will see what 651 00:25:11,070 --> 00:25:12,070 we can do with that. 652 00:25:14,660 --> 00:25:17,419 OK, so first, 653 00:25:17,420 --> 00:25:19,309 we are going to help with a two seabass, 654 00:25:19,310 --> 00:25:20,310 yes. 655 00:25:27,920 --> 00:25:29,300 No, that's not at all. 656 00:25:30,600 --> 00:25:31,600 No. 657 00:25:34,760 --> 00:25:36,869 OK, so we launched 658 00:25:36,870 --> 00:25:37,870 have. 659 00:25:38,160 --> 00:25:39,949 So the first step is fingerprints, of 660 00:25:39,950 --> 00:25:42,409 course, and, uh, trust me, 661 00:25:42,410 --> 00:25:44,749 uh, on the board you have, 662 00:25:44,750 --> 00:25:47,059 um, a memory. 663 00:25:47,060 --> 00:25:49,339 Uh, we start with it, you see. 664 00:25:49,340 --> 00:25:52,369 And in fact, we find, uh, we we found 665 00:25:52,370 --> 00:25:53,419 two memories. 666 00:25:53,420 --> 00:25:55,579 So when, you know, uh, 667 00:25:55,580 --> 00:25:57,979 it was protocol, you 668 00:25:57,980 --> 00:26:00,709 you you need to know you have addresses, 669 00:26:00,710 --> 00:26:01,729 etc. 670 00:26:01,730 --> 00:26:04,009 So with it, you see just 671 00:26:04,010 --> 00:26:06,139 click on the memory 672 00:26:06,140 --> 00:26:08,779 and you can use, um. 673 00:26:10,290 --> 00:26:13,049 A function to scan the Zorba's 674 00:26:13,050 --> 00:26:14,050 and. 675 00:26:15,850 --> 00:26:19,029 After that, we have at least. 676 00:26:19,030 --> 00:26:22,509 With all available addresses, 677 00:26:22,510 --> 00:26:25,029 so it's very interesting because 678 00:26:25,030 --> 00:26:27,179 we just to click 679 00:26:27,180 --> 00:26:28,869 on something like that, you have 680 00:26:28,870 --> 00:26:31,089 information on how many memory 681 00:26:31,090 --> 00:26:32,199 are available. 682 00:26:32,200 --> 00:26:34,389 Of course, you can see it with your eyes 683 00:26:34,390 --> 00:26:36,669 on the board, but 684 00:26:36,670 --> 00:26:38,949 you need to go on the datasheet exercise 685 00:26:38,950 --> 00:26:41,379 to find a good address because 686 00:26:41,380 --> 00:26:44,469 Wedgeworth for it is old 687 00:26:44,470 --> 00:26:46,929 and you need to put some wire 688 00:26:46,930 --> 00:26:49,209 with pulldown or pull up 689 00:26:49,210 --> 00:26:51,129 for so that you know that. 690 00:26:51,130 --> 00:26:53,019 So it's easy to click. 691 00:26:54,670 --> 00:26:56,979 So for the demo, we 692 00:26:56,980 --> 00:26:59,169 said the sitting to a two and 693 00:26:59,170 --> 00:27:00,250 a three, because 694 00:27:01,270 --> 00:27:04,509 the sensitive data is in this memory. 695 00:27:04,510 --> 00:27:05,510 Trust me. 696 00:27:07,870 --> 00:27:08,870 And 697 00:27:10,150 --> 00:27:12,219 if you want to jump out of the cantante, 698 00:27:12,220 --> 00:27:14,139 you need to read that actually to know 699 00:27:14,140 --> 00:27:16,019 was the size of your memories. 700 00:27:16,020 --> 00:27:18,579 Uh, where I need to read 701 00:27:18,580 --> 00:27:21,069 tries, write a pointer is 702 00:27:21,070 --> 00:27:22,299 too complicated. 703 00:27:22,300 --> 00:27:23,300 That's the case anymore. 704 00:27:24,670 --> 00:27:26,859 Just double click on it, 705 00:27:26,860 --> 00:27:28,599 OK? And choose. 706 00:27:30,980 --> 00:27:33,049 Oh, yes, we can use the same. 707 00:27:34,250 --> 00:27:36,469 Replace it, OK? 708 00:27:36,470 --> 00:27:38,879 So this isn't just 709 00:27:38,880 --> 00:27:41,239 full foolish spot. 710 00:27:41,240 --> 00:27:43,339 OK, just finish, finish. 711 00:27:43,340 --> 00:27:46,219 So just click on the file. 712 00:27:46,220 --> 00:27:48,619 Of course I use Blessed on line. 713 00:27:48,620 --> 00:27:50,479 Maybe you use another tool is not a 714 00:27:50,480 --> 00:27:51,559 problem for that. 715 00:27:51,560 --> 00:27:54,949 And now you can read all the content 716 00:27:54,950 --> 00:27:57,250 for the demo if 717 00:27:58,340 --> 00:28:00,639 but if you if you know what that. 718 00:28:01,880 --> 00:28:02,659 Of course. 719 00:28:02,660 --> 00:28:04,699 Well yeah. 720 00:28:04,700 --> 00:28:05,700 Snepp. 721 00:28:13,650 --> 00:28:15,779 So it's true in the real life, 722 00:28:15,780 --> 00:28:17,909 when something happens, 723 00:28:17,910 --> 00:28:19,729 it can happen to you. 724 00:28:19,730 --> 00:28:21,809 You can find some sensitive data like 725 00:28:21,810 --> 00:28:23,229 that is true. 726 00:28:23,230 --> 00:28:26,369 So, yeah, of course, it just 727 00:28:26,370 --> 00:28:28,619 for sure for the demo. 728 00:28:28,620 --> 00:28:30,719 And, uh, you can use 729 00:28:30,720 --> 00:28:33,479 it to open the door where we can try 730 00:28:33,480 --> 00:28:35,789 now. And the goal after is, for 731 00:28:35,790 --> 00:28:38,009 example, to change it and try 732 00:28:38,010 --> 00:28:39,809 again if you can change your password. 733 00:28:39,810 --> 00:28:41,939 When we do that online, let's try to 734 00:28:41,940 --> 00:28:43,139 change the best one. 735 00:28:43,140 --> 00:28:45,239 So the first step is just to check if 736 00:28:45,240 --> 00:28:47,639 this password is a good password. 737 00:28:47,640 --> 00:28:50,099 So, uh, ac 738 00:28:50,100 --> 00:28:51,019 gibi. 739 00:28:51,020 --> 00:28:53,229 I said, yeah, OK. 740 00:28:53,230 --> 00:28:55,559 Uh, can we please have like the. 741 00:28:55,560 --> 00:28:56,529 Yeah, OK. 742 00:28:56,530 --> 00:28:58,659 I resolve to be sure 743 00:28:58,660 --> 00:29:01,219 it's a no, no, 744 00:29:01,220 --> 00:29:02,929 no. All right. 745 00:29:05,850 --> 00:29:08,599 So which started again. 746 00:29:08,600 --> 00:29:09,779 Oh no. 747 00:29:09,780 --> 00:29:12,149 Still not very 748 00:29:12,150 --> 00:29:13,460 usable. Yeah. 749 00:29:15,240 --> 00:29:16,240 It's not easy. 750 00:29:20,810 --> 00:29:22,909 So password HDB. 751 00:29:24,410 --> 00:29:25,670 I see. 752 00:29:26,880 --> 00:29:28,109 The beef. 753 00:29:29,310 --> 00:29:32,280 So, of course, we will allow. 754 00:29:36,520 --> 00:29:39,159 Of course, it's always easy, but 755 00:29:39,160 --> 00:29:41,199 now we change. 756 00:29:41,200 --> 00:29:43,809 We change the password 757 00:29:43,810 --> 00:29:45,199 and try again. 758 00:29:45,200 --> 00:29:47,379 Uh, so don't forget, you 759 00:29:47,380 --> 00:29:49,599 can remove the password and, uh, 760 00:29:49,600 --> 00:29:51,909 do some sort of denial of services. 761 00:29:51,910 --> 00:29:54,549 For example, if I put 762 00:29:54,550 --> 00:29:57,519 a sharp difference or a Baekdu, 763 00:29:57,520 --> 00:29:59,799 it's not possible to to type 764 00:29:59,800 --> 00:30:01,299 this password, to open the door. 765 00:30:01,300 --> 00:30:03,039 You create those 766 00:30:04,090 --> 00:30:05,139 sort of details. 767 00:30:06,220 --> 00:30:07,779 It's not that goal today. 768 00:30:07,780 --> 00:30:10,210 So to change your password. 769 00:30:13,270 --> 00:30:15,549 You can dump all the content change 770 00:30:15,550 --> 00:30:17,919 with your preferred 771 00:30:17,920 --> 00:30:20,109 software and you can put 772 00:30:20,110 --> 00:30:22,179 all the data inside the memory 773 00:30:22,180 --> 00:30:23,619 after, but you need to rearrange the 774 00:30:23,620 --> 00:30:25,389 content, etc, etc. 775 00:30:25,390 --> 00:30:27,489 So maybe we can just create 776 00:30:27,490 --> 00:30:29,919 a custom command to read the 777 00:30:29,920 --> 00:30:32,469 memory, for example, in your outworking 778 00:30:32,470 --> 00:30:34,869 stuff. Or you can just change 779 00:30:34,870 --> 00:30:37,149 Fortia when you create 780 00:30:37,150 --> 00:30:38,409 a custom command. 781 00:30:38,410 --> 00:30:40,720 You can change the data. 782 00:30:41,740 --> 00:30:44,079 So of course we create a lot of the 783 00:30:44,080 --> 00:30:46,149 command for them or something 784 00:30:46,150 --> 00:30:48,279 like that. So today we 785 00:30:48,280 --> 00:30:50,559 can change your password with, 786 00:30:50,560 --> 00:30:52,959 I don't know, a BBC or maybe CBS. 787 00:30:54,270 --> 00:30:56,469 So just so you know, but 788 00:30:56,470 --> 00:30:58,649 yes, well, uh, so 789 00:30:58,650 --> 00:31:00,299 it's, uh, come on, it's just a name of a 790 00:31:00,300 --> 00:31:02,639 description and a list of names 791 00:31:02,640 --> 00:31:04,799 that you can see in this 792 00:31:04,800 --> 00:31:06,959 area. And all the 793 00:31:06,960 --> 00:31:08,939 commands of the components is in the 794 00:31:08,940 --> 00:31:11,039 dataset. So I won't be 795 00:31:11,040 --> 00:31:12,509 long on that. 796 00:31:12,510 --> 00:31:14,339 And we want to change that as well. 797 00:31:14,340 --> 00:31:16,889 So when the command is 798 00:31:16,890 --> 00:31:19,259 created, you just have to execute 799 00:31:19,260 --> 00:31:20,260 it. 800 00:31:21,200 --> 00:31:22,759 OK, we see that 801 00:31:24,200 --> 00:31:25,819 because we need to see you, you can 802 00:31:25,820 --> 00:31:28,399 receive a.. So it seems to be 803 00:31:28,400 --> 00:31:30,529 so OK, let's try to dump the 804 00:31:30,530 --> 00:31:32,569 content again. Yes, to be sure. 805 00:31:32,570 --> 00:31:34,159 To be sure. We change a password. 806 00:31:34,160 --> 00:31:36,289 We read again and check 807 00:31:36,290 --> 00:31:37,580 if the password changed. 808 00:31:40,530 --> 00:31:41,849 OK, replace. 809 00:31:43,620 --> 00:31:44,620 Food exports. 810 00:31:46,020 --> 00:31:47,020 OK. 811 00:32:01,420 --> 00:32:03,519 Yes, it's tough at the beginning, 812 00:32:03,520 --> 00:32:03,999 OK? 813 00:32:04,000 --> 00:32:05,619 OK, now we can see that 814 00:32:06,660 --> 00:32:08,889 the change we can show 815 00:32:08,890 --> 00:32:11,469 that the next step is to try 816 00:32:11,470 --> 00:32:13,269 if the password is right. 817 00:32:13,270 --> 00:32:15,429 So for that, we go again 818 00:32:15,430 --> 00:32:17,529 on the on the board 819 00:32:17,530 --> 00:32:19,659 and, uh, B, b, 820 00:32:19,660 --> 00:32:22,419 c, c, so be 821 00:32:22,420 --> 00:32:23,420 the. 822 00:32:24,010 --> 00:32:26,259 See, it's OK, you 823 00:32:26,260 --> 00:32:27,260 see. 824 00:32:28,050 --> 00:32:29,429 OK, OK. 825 00:32:29,430 --> 00:32:30,430 Of course. 826 00:32:35,110 --> 00:32:37,209 So the goal is 827 00:32:37,210 --> 00:32:39,279 just a few command are few 828 00:32:39,280 --> 00:32:41,829 clicks, you can create your own command 829 00:32:41,830 --> 00:32:43,839 when you do some other IKing, you need to 830 00:32:43,840 --> 00:32:46,149 create a custom command most of the time. 831 00:32:46,150 --> 00:32:48,339 And it's very boring to cooperate 832 00:32:48,340 --> 00:32:50,589 if you can create your 833 00:32:50,590 --> 00:32:51,649 own script. 834 00:32:51,650 --> 00:32:54,079 It's true. But here it's just 835 00:32:54,080 --> 00:32:55,029 Puplick. 836 00:32:55,030 --> 00:32:57,279 And I know all the people like a command 837 00:32:57,280 --> 00:32:59,439 line, but sometimes just to 838 00:32:59,440 --> 00:33:00,499 click. 839 00:33:00,500 --> 00:33:01,509 It's cool. 840 00:33:01,510 --> 00:33:02,510 I think 841 00:33:05,410 --> 00:33:06,410 OK. 842 00:33:07,150 --> 00:33:10,209 I think it's OK for you to see memories 843 00:33:10,210 --> 00:33:12,879 so we can do 844 00:33:12,880 --> 00:33:15,339 a demo with spy protocol. 845 00:33:15,340 --> 00:33:17,709 When you do some working 846 00:33:17,710 --> 00:33:19,779 stuff, you need to know about it, you 847 00:33:19,780 --> 00:33:21,939 see. And you need to know about S.P.I, 848 00:33:21,940 --> 00:33:22,939 of course. 849 00:33:22,940 --> 00:33:25,239 Um, so the next step 850 00:33:25,240 --> 00:33:27,429 we, we close uh or to 851 00:33:27,430 --> 00:33:28,449 be sure. No problem. 852 00:33:29,540 --> 00:33:30,540 OK. 853 00:33:35,710 --> 00:33:36,710 Um. 854 00:33:40,690 --> 00:33:42,879 I replug and also I also I don't know 855 00:33:42,880 --> 00:33:45,009 if he works the first time, because, 856 00:33:45,010 --> 00:33:47,079 uh, just but. 857 00:33:47,080 --> 00:33:49,899 Uh, but I think it's OK, 858 00:33:49,900 --> 00:33:52,329 it's the first step is the same 859 00:33:52,330 --> 00:33:54,759 you check the wire wiring 860 00:33:55,900 --> 00:33:58,269 to be sure all is OK. 861 00:33:58,270 --> 00:33:59,629 Uh, no, no, no. 862 00:33:59,630 --> 00:34:01,959 I'm, uh, 863 00:34:01,960 --> 00:34:03,309 sorry. 864 00:34:03,310 --> 00:34:05,589 Yeah, it's the same. 865 00:34:05,590 --> 00:34:08,109 Of course, when you have to wire, 866 00:34:08,110 --> 00:34:09,719 it's easy to plug the wire. 867 00:34:11,469 --> 00:34:13,809 We have five wire is 868 00:34:13,810 --> 00:34:15,939 not complicated, not easy, but 869 00:34:15,940 --> 00:34:16,940 it's not complicated. 870 00:34:17,889 --> 00:34:20,299 So to be sure, we just, 871 00:34:20,300 --> 00:34:21,300 uh. 872 00:34:22,030 --> 00:34:24,369 Check if if all is done, 873 00:34:24,370 --> 00:34:26,469 if you put. 874 00:34:30,260 --> 00:34:31,449 I don't know, we shall see. 875 00:34:32,570 --> 00:34:34,669 We want to connect this spin to 876 00:34:34,670 --> 00:34:37,099 exploit, so we click on it and 877 00:34:37,100 --> 00:34:39,198 here you can see that we have to plug the 878 00:34:39,199 --> 00:34:41,309 spin on the first 879 00:34:41,310 --> 00:34:42,310 spin. 880 00:34:42,860 --> 00:34:45,109 But recently, right there, you just 881 00:34:45,110 --> 00:34:47,178 have to repeat this operation for the 882 00:34:47,179 --> 00:34:49,519 three other pins and 883 00:34:49,520 --> 00:34:50,658 it will be OK. 884 00:34:50,659 --> 00:34:51,999 It will be good. 885 00:34:52,000 --> 00:34:54,169 Just shake Amazo because 886 00:34:56,000 --> 00:34:57,530 it's OK. 887 00:34:59,520 --> 00:35:01,059 Uh, OK. 888 00:35:01,060 --> 00:35:02,359 Always seems to be OK. 889 00:35:02,360 --> 00:35:03,360 OK. 890 00:35:04,050 --> 00:35:06,689 So, no, let's continue with so 891 00:35:06,690 --> 00:35:08,759 espere we we have exactly the same 892 00:35:08,760 --> 00:35:11,430 comments, so let's try, uh, expert. 893 00:35:13,780 --> 00:35:16,419 OK. Uh, S.P.I 894 00:35:16,420 --> 00:35:17,420 replace. 895 00:35:18,320 --> 00:35:19,320 For the part. 896 00:35:21,710 --> 00:35:23,509 You can see that that plate is processing 897 00:35:23,510 --> 00:35:24,510 behind. 898 00:35:25,140 --> 00:35:27,239 OK, it tells you when it's 899 00:35:27,240 --> 00:35:28,240 over. 900 00:35:31,010 --> 00:35:32,299 Oh, I know the password. 901 00:35:32,300 --> 00:35:33,300 Yeah. 902 00:35:34,410 --> 00:35:36,559 And at the 903 00:35:36,560 --> 00:35:38,269 beginning of the finals this time, so we 904 00:35:38,270 --> 00:35:40,369 can try, if you want 905 00:35:40,370 --> 00:35:42,529 to be sure, but before 906 00:35:42,530 --> 00:35:44,749 we can change is the same, 907 00:35:44,750 --> 00:35:47,479 uh, the same thing, uh, 908 00:35:47,480 --> 00:35:49,609 show you that it works so you 909 00:35:49,610 --> 00:35:51,919 can show us just 910 00:35:51,920 --> 00:35:54,049 as a comment. I think it's interesting 911 00:35:54,050 --> 00:35:56,759 for S.P.I, just, 912 00:35:56,760 --> 00:35:59,179 uh, if you have a flash or something 913 00:35:59,180 --> 00:36:01,819 like that, you need to, uh, 914 00:36:01,820 --> 00:36:04,909 to to send a writing table. 915 00:36:04,910 --> 00:36:07,070 And, uh, for that just 916 00:36:08,450 --> 00:36:10,639 that that was just election year 917 00:36:10,640 --> 00:36:12,449 specification of the components you have 918 00:36:12,450 --> 00:36:14,659 to enable the writing before being 919 00:36:14,660 --> 00:36:16,219 able to write. Of course. 920 00:36:16,220 --> 00:36:17,510 So first we. 921 00:36:19,450 --> 00:36:21,549 OK, OK, is to come and it's 922 00:36:21,550 --> 00:36:23,709 battle now you can write on the memory 923 00:36:23,710 --> 00:36:26,139 of six is about to enable 924 00:36:26,140 --> 00:36:26,529 the writing. 925 00:36:26,530 --> 00:36:28,179 Yes, you have this information on the 926 00:36:28,180 --> 00:36:30,369 datasheet and then we change 927 00:36:30,370 --> 00:36:31,370 the password. 928 00:36:33,410 --> 00:36:35,649 OK, we see that we send, 929 00:36:35,650 --> 00:36:37,729 uh, 930 00:36:37,730 --> 00:36:40,079 66 it says a B letter, 931 00:36:40,080 --> 00:36:42,699 uh, the equivalent 932 00:36:42,700 --> 00:36:43,700 of the B letter. 933 00:36:45,160 --> 00:36:47,399 And to be sure, we read again and 934 00:36:47,400 --> 00:36:49,300 again the same things. 935 00:36:55,990 --> 00:36:58,079 OK, then, Paul. 936 00:37:02,990 --> 00:37:05,089 OK, so 937 00:37:05,090 --> 00:37:07,010 perfect eye to see is the. 938 00:37:11,950 --> 00:37:13,780 And, uh, yeah, 939 00:37:14,830 --> 00:37:17,199 it's the same thing here you can try 940 00:37:17,200 --> 00:37:19,629 to persuade, of course, is the same 941 00:37:19,630 --> 00:37:22,119 and, um, 942 00:37:22,120 --> 00:37:24,249 you can try your custom if you want 943 00:37:24,250 --> 00:37:26,889 to read, uh, I don't know, uh, 944 00:37:26,890 --> 00:37:29,299 six bite at ten 945 00:37:29,300 --> 00:37:31,779 at Dristan, etc., said you can 946 00:37:31,780 --> 00:37:32,929 get your own. Come on. 947 00:37:32,930 --> 00:37:35,019 It's very easy if you need to to 948 00:37:35,020 --> 00:37:37,449 use it. Um, a lot of time. 949 00:37:37,450 --> 00:37:39,369 So it's very good for that. 950 00:37:39,370 --> 00:37:41,529 Um, OK, the next 951 00:37:41,530 --> 00:37:43,809 tape, uh, 952 00:37:43,810 --> 00:37:47,109 we have a microcontroller so 953 00:37:47,110 --> 00:37:49,299 we may be able to dump the uh 954 00:37:49,300 --> 00:37:51,189 the film of the of the look at the 955 00:37:51,190 --> 00:37:52,190 electronic like. 956 00:37:59,550 --> 00:38:02,129 Our people know SWG 957 00:38:02,130 --> 00:38:04,289 protocol on it, it's OK 958 00:38:04,290 --> 00:38:06,629 for OK, it's 959 00:38:06,630 --> 00:38:08,789 like hash tag, uh, but 960 00:38:08,790 --> 00:38:11,289 for uh uh um 961 00:38:11,290 --> 00:38:13,409 uh Processo, OK. 962 00:38:13,410 --> 00:38:16,139 And with the custom, uh, protocol, 963 00:38:16,140 --> 00:38:18,659 uh, very well documented 964 00:38:18,660 --> 00:38:21,569 so far, um, uh, 965 00:38:21,570 --> 00:38:23,639 swg you don't need to create, 966 00:38:23,640 --> 00:38:26,159 uh, the components, uh, in that plate. 967 00:38:26,160 --> 00:38:28,259 You just have a simple menu right 968 00:38:28,260 --> 00:38:30,659 here and you have uh four options 969 00:38:30,660 --> 00:38:32,789 that is detect export import 970 00:38:32,790 --> 00:38:33,989 and erase. 971 00:38:33,990 --> 00:38:36,389 So first we want to detect if the wiring 972 00:38:36,390 --> 00:38:38,699 is OK and to do that we just 973 00:38:38,700 --> 00:38:39,989 can't detect. 974 00:38:39,990 --> 00:38:42,599 So behind the uploads 975 00:38:42,600 --> 00:38:44,789 is the SWG somewhere inside 976 00:38:44,790 --> 00:38:46,059 the FPGA. 977 00:38:46,060 --> 00:38:47,429 Then we execute the detector. 978 00:38:47,430 --> 00:38:49,229 Come on. And we can see that. 979 00:38:49,230 --> 00:38:50,879 Well, we have some information. 980 00:38:50,880 --> 00:38:52,349 Yes. For the moment, it's just the 981 00:38:52,350 --> 00:38:55,109 beginning of, uh, swg, 982 00:38:55,110 --> 00:38:57,239 uh, module, uh, for 983 00:38:57,240 --> 00:38:59,909 us. So for the moment, 984 00:38:59,910 --> 00:39:02,429 uh, you have all the information 985 00:39:02,430 --> 00:39:04,649 of the target and after 986 00:39:04,650 --> 00:39:06,749 that you come up very 987 00:39:06,750 --> 00:39:08,969 easy to jump all the content 988 00:39:08,970 --> 00:39:11,249 if you read the the letter sheet, 989 00:39:11,250 --> 00:39:13,589 uh, or you can read, 990 00:39:13,590 --> 00:39:15,689 uh, for this ship, you 991 00:39:15,690 --> 00:39:17,619 need just to use this address with this 992 00:39:17,620 --> 00:39:18,749 size. 993 00:39:18,750 --> 00:39:20,759 But size you can reach the size of the 994 00:39:20,760 --> 00:39:22,379 flash directly inside the 995 00:39:22,380 --> 00:39:23,279 microcontroller. 996 00:39:23,280 --> 00:39:26,009 Yes. So it's, 997 00:39:26,010 --> 00:39:28,589 uh, automatic, uh, tool because 998 00:39:28,590 --> 00:39:31,809 swg protocol, um 999 00:39:31,810 --> 00:39:33,989 uh uh good information 1000 00:39:33,990 --> 00:39:36,179 to read all the content also flash. 1001 00:39:36,180 --> 00:39:39,019 So it's perfect if you plug. 1002 00:39:39,020 --> 00:39:41,299 Just to take to be sure all 1003 00:39:41,300 --> 00:39:43,549 the wire is done and 1004 00:39:43,550 --> 00:39:45,949 after not just in Baltimore, not like 1005 00:39:45,950 --> 00:39:46,950 a dump. 1006 00:39:48,110 --> 00:39:49,909 Let's face it, them, for example. 1007 00:39:49,910 --> 00:39:52,249 So same as well. 1008 00:39:52,250 --> 00:39:53,599 You select a file. 1009 00:39:58,750 --> 00:40:00,730 So, look, film, well, that's been. 1010 00:40:02,650 --> 00:40:04,779 OK, so upload 1011 00:40:04,780 --> 00:40:05,780 dispossessing. 1012 00:40:07,740 --> 00:40:08,740 OK. 1013 00:40:14,460 --> 00:40:16,749 And OK, here we have 1014 00:40:16,750 --> 00:40:19,019 the electronic look, well, 1015 00:40:19,020 --> 00:40:21,599 of course, without reloj protection 1016 00:40:21,600 --> 00:40:23,819 for the expert. 1017 00:40:23,820 --> 00:40:26,189 And if you read the content 1018 00:40:26,190 --> 00:40:27,959 with or without protection, you or you 1019 00:40:27,960 --> 00:40:30,089 read only you or FFE 1020 00:40:30,090 --> 00:40:32,489 depend is dependent 1021 00:40:32,490 --> 00:40:34,319 on the microcontroller. 1022 00:40:34,320 --> 00:40:37,109 So most of the time 1023 00:40:37,110 --> 00:40:39,479 you can read the female like that, 1024 00:40:39,480 --> 00:40:41,759 but it is not easy 1025 00:40:41,760 --> 00:40:43,829 to like open osity or something 1026 00:40:43,830 --> 00:40:46,290 like that is a very good tool and 1027 00:40:47,610 --> 00:40:50,399 we need to have a framework 1028 00:40:50,400 --> 00:40:52,739 with all tool inside the same. 1029 00:40:52,740 --> 00:40:54,989 And it's for that we could 1030 00:40:54,990 --> 00:40:56,249 ask for it like that. 1031 00:40:56,250 --> 00:40:58,709 We want to All-In-One one tool to click 1032 00:40:58,710 --> 00:41:00,689 for SBI, to click for it, to see, to 1033 00:41:00,690 --> 00:41:02,759 click for SWG. 1034 00:41:02,760 --> 00:41:05,129 I'm experts on our liking 1035 00:41:05,130 --> 00:41:07,259 and I need you 1036 00:41:07,260 --> 00:41:09,629 to keep to not 1037 00:41:09,630 --> 00:41:11,969 to lose my time just to create 1038 00:41:11,970 --> 00:41:14,579 a bridge between hardware and software. 1039 00:41:14,580 --> 00:41:17,129 So now with few minutes 1040 00:41:17,130 --> 00:41:19,439 it's possible to read all the content. 1041 00:41:19,440 --> 00:41:21,509 So now I can focus 1042 00:41:21,510 --> 00:41:23,489 on reverse engineering. 1043 00:41:23,490 --> 00:41:25,709 OK, it was actually we create 1044 00:41:25,710 --> 00:41:28,019 we use this tool 1045 00:41:28,020 --> 00:41:29,020 of the day. 1046 00:41:31,280 --> 00:41:33,919 OK, so we have a string 1047 00:41:33,920 --> 00:41:36,949 at the bottom, of course, for 1048 00:41:36,950 --> 00:41:39,139 a communication or something like that, 1049 00:41:39,140 --> 00:41:41,209 you can with all the content, you 1050 00:41:41,210 --> 00:41:43,459 can inject back door or something 1051 00:41:43,460 --> 00:41:45,739 like that if you want to report 1052 00:41:45,740 --> 00:41:48,019 after we 1053 00:41:48,020 --> 00:41:50,359 have some check, some control, some time. 1054 00:41:50,360 --> 00:41:52,459 But it's not a security, so 1055 00:41:52,460 --> 00:41:53,839 it's not a problem for that. 1056 00:41:53,840 --> 00:41:55,969 So now we we erase all the 1057 00:41:55,970 --> 00:41:58,129 contents of somewhere and we 1058 00:41:58,130 --> 00:42:00,539 read the game and we just but again, 1059 00:42:00,540 --> 00:42:02,929 the format to to demonstrate 1060 00:42:02,930 --> 00:42:05,209 it's very easy to to dump and to write 1061 00:42:05,210 --> 00:42:07,879 again on the site or the target 1062 00:42:07,880 --> 00:42:10,129 with just a few click so 1063 00:42:10,130 --> 00:42:12,659 we erase the content of 1064 00:42:12,660 --> 00:42:13,660 our show. 1065 00:42:14,340 --> 00:42:16,889 So let's do that, 1066 00:42:16,890 --> 00:42:17,869 OK. 1067 00:42:17,870 --> 00:42:18,859 It's there. 1068 00:42:18,860 --> 00:42:21,049 So now if you try to enter the password, 1069 00:42:21,050 --> 00:42:23,149 uh, of the of the 1070 00:42:23,150 --> 00:42:24,559 electronic lock, of course it will not 1071 00:42:24,560 --> 00:42:25,560 work. 1072 00:42:25,820 --> 00:42:27,499 Yes. We we can. 1073 00:42:27,500 --> 00:42:28,729 We have. Yeah. 1074 00:42:28,730 --> 00:42:30,140 If you can switch just. 1075 00:42:31,580 --> 00:42:33,949 Yeah. If I now if I put 1076 00:42:33,950 --> 00:42:36,109 on some button. 1077 00:42:36,110 --> 00:42:38,749 No airlines, no more lights 1078 00:42:38,750 --> 00:42:41,719 of course I erased 1079 00:42:41,720 --> 00:42:44,419 and now let's just 1080 00:42:44,420 --> 00:42:45,949 import the female again. 1081 00:42:47,830 --> 00:42:50,079 So change a change, 1082 00:42:50,080 --> 00:42:52,599 maybe the will to keep. 1083 00:42:52,600 --> 00:42:55,189 Mm hmm. Uh, change a name. 1084 00:42:55,190 --> 00:42:57,249 Uh oh, 1085 00:42:57,250 --> 00:42:58,450 yes. You can take you to. 1086 00:42:59,910 --> 00:43:02,159 OK, so as it is writing 1087 00:43:02,160 --> 00:43:03,160 the female right now. 1088 00:43:04,380 --> 00:43:05,380 OK, OK. 1089 00:43:07,370 --> 00:43:09,679 OK, let's try to see 1090 00:43:09,680 --> 00:43:11,409 if so OK. 1091 00:43:11,410 --> 00:43:14,039 Now, when I press the button, we have 1092 00:43:14,040 --> 00:43:16,159 alive again, so 1093 00:43:16,160 --> 00:43:18,589 it's perfect. The right work 1094 00:43:18,590 --> 00:43:20,899 with just one button, one 1095 00:43:20,900 --> 00:43:22,489 file and two second. 1096 00:43:32,960 --> 00:43:35,479 So, of course, you yeah, 1097 00:43:35,480 --> 00:43:36,469 thank you. 1098 00:43:36,470 --> 00:43:38,069 You can have a lot of fun. 1099 00:43:38,070 --> 00:43:40,189 Uh, yeah, it is. 1100 00:43:40,190 --> 00:43:41,239 Yeah, well, no. 1101 00:43:41,240 --> 00:43:43,699 Well, no, but, uh, Linksys with that, 1102 00:43:43,700 --> 00:43:45,889 uh, Linksys use, uh, 1103 00:43:45,890 --> 00:43:48,109 for example, uh, so you 1104 00:43:48,110 --> 00:43:49,369 fingerprint your pen, it's your 1105 00:43:49,370 --> 00:43:51,689 fingerprint. We see that we have, uh, 1106 00:43:51,690 --> 00:43:54,079 memory that is using the, um, 1107 00:43:54,080 --> 00:43:55,080 the Balbus. 1108 00:43:56,240 --> 00:43:58,519 And so it's always the same, 1109 00:43:58,520 --> 00:44:00,949 uh, the same thing. You we installed it 1110 00:44:00,950 --> 00:44:04,009 and we resell it on our own. 1111 00:44:04,010 --> 00:44:06,199 Or you can use, um, custom, 1112 00:44:06,200 --> 00:44:08,939 uh, custom and about 1113 00:44:08,940 --> 00:44:09,799 uh yes. 1114 00:44:09,800 --> 00:44:12,169 Because very fine 1115 00:44:12,170 --> 00:44:14,299 speech and uh very close. 1116 00:44:14,300 --> 00:44:16,489 And it is uh most of the time it's not 1117 00:44:16,490 --> 00:44:18,019 easy to to just put a wire. 1118 00:44:18,020 --> 00:44:19,789 And if you can't create your own PCB, you 1119 00:44:19,790 --> 00:44:21,259 can use this kind of device. 1120 00:44:21,260 --> 00:44:23,329 So I'm DIY artist and 1121 00:44:23,330 --> 00:44:24,899 so I'm an electronic engineer. 1122 00:44:24,900 --> 00:44:26,989 It's not complicated for me to create the 1123 00:44:26,990 --> 00:44:29,119 Christian world, but sometimes for 1124 00:44:29,120 --> 00:44:31,219 hobbyists or just to 1125 00:44:31,220 --> 00:44:33,289 check or I don't know, you can just 1126 00:44:33,290 --> 00:44:34,459 use a socket. 1127 00:44:34,460 --> 00:44:36,619 Uh, without, 1128 00:44:36,620 --> 00:44:37,620 uh. 1129 00:44:38,270 --> 00:44:39,619 Yeah, without children. 1130 00:44:39,620 --> 00:44:40,099 Yeah. 1131 00:44:40,100 --> 00:44:42,169 And so. No, no, you understand why 1132 00:44:42,170 --> 00:44:43,280 we have 64? 1133 00:44:44,440 --> 00:44:46,879 Uh, because, of course, uh, Balbus, 1134 00:44:46,880 --> 00:44:49,999 uh, need a lot of uh 1135 00:44:50,000 --> 00:44:51,379 of uh. 1136 00:44:51,380 --> 00:44:53,959 And if you want to put this wire, 1137 00:44:53,960 --> 00:44:56,209 uh, you can use it 1138 00:44:56,210 --> 00:44:58,909 for each, uh, wire. 1139 00:44:58,910 --> 00:45:01,129 And it's very interesting when 1140 00:45:01,130 --> 00:45:03,529 you need to put, uh, about 1141 00:45:03,530 --> 00:45:06,199 60 or 64, 1142 00:45:06,200 --> 00:45:08,629 uh, bits. 1143 00:45:08,630 --> 00:45:10,849 So we were able to dump the content. 1144 00:45:10,850 --> 00:45:12,949 It's the same process, uh, 1145 00:45:12,950 --> 00:45:14,819 that we we have seen before. 1146 00:45:14,820 --> 00:45:17,129 Uh, so it's I think it was, 1147 00:45:17,130 --> 00:45:18,819 uh, open WUFT. 1148 00:45:18,820 --> 00:45:21,169 Well, yeah. And, uh, 1149 00:45:21,170 --> 00:45:22,939 so we are not going to remake the 1150 00:45:22,940 --> 00:45:25,039 process, but it's exactly the same with 1151 00:45:25,040 --> 00:45:26,299 the square first, etc.. 1152 00:45:26,300 --> 00:45:28,429 We today is not the reverse engineering 1153 00:45:28,430 --> 00:45:30,859 tulk. So it was that we 1154 00:45:30,860 --> 00:45:33,149 we don't explain. It's not directly 1155 00:45:33,150 --> 00:45:35,719 where of course it's uh squasher first 1156 00:45:35,720 --> 00:45:37,609 Read-Only. Uh, it's a five, six, seven, 1157 00:45:37,610 --> 00:45:38,569 five systemin. 1158 00:45:38,570 --> 00:45:41,389 So then you will have to remounted. 1159 00:45:41,390 --> 00:45:43,519 Uh, but it's not the absolute task 1160 00:45:43,520 --> 00:45:45,959 for that and it's open firmware. 1161 00:45:45,960 --> 00:45:48,109 So it's not uh, 1162 00:45:48,110 --> 00:45:50,359 very interesting to and it 1163 00:45:50,360 --> 00:45:52,549 was mainly for, uh, for testing Zaban 1164 00:45:52,550 --> 00:45:53,550 just for them. 1165 00:45:54,500 --> 00:45:56,779 OK, I think we are well and 1166 00:45:56,780 --> 00:45:59,149 uh, of course, uh, if you want to 1167 00:45:59,150 --> 00:46:00,829 learn more about, uh, our project and to 1168 00:46:00,830 --> 00:46:03,739 follow w uh, you can go on the website 1169 00:46:03,740 --> 00:46:06,129 and, uh, if you have questions 1170 00:46:06,130 --> 00:46:07,429 in question. Yes. 1171 00:46:20,960 --> 00:46:23,269 Yes, thank you again for that very 1172 00:46:23,270 --> 00:46:24,289 interesting talk. 1173 00:46:24,290 --> 00:46:26,479 The Democrats were with us lots 1174 00:46:26,480 --> 00:46:28,429 of live demo time. 1175 00:46:28,430 --> 00:46:30,959 So other questions in the audience. 1176 00:46:32,670 --> 00:46:34,429 Yes, I see one over there. 1177 00:46:34,430 --> 00:46:37,079 Please come to the microphone. 1178 00:46:37,080 --> 00:46:39,289 Yeah, just a 64 bit 1179 00:46:39,290 --> 00:46:41,389 of input. But can you also apply an 1180 00:46:41,390 --> 00:46:44,149 external clock and a key have the input, 1181 00:46:44,150 --> 00:46:46,339 for example, Petrobas the next election 1182 00:46:46,340 --> 00:46:48,469 into the FPGA using this sectional clock 1183 00:46:48,470 --> 00:46:50,539 so you can get the maximum clock rate for 1184 00:46:50,540 --> 00:46:51,540 all you. 1185 00:46:52,760 --> 00:46:55,189 We are an asynchronous mode, 1186 00:46:55,190 --> 00:46:57,349 so it's not necessary to 1187 00:46:57,350 --> 00:46:58,999 plug the clock. 1188 00:46:59,000 --> 00:47:01,249 But if you want, 1189 00:47:01,250 --> 00:47:03,409 you can just create custom firmware 1190 00:47:03,410 --> 00:47:05,569 and you can use the 1191 00:47:05,570 --> 00:47:07,609 clock of your system. 1192 00:47:07,610 --> 00:47:09,889 But you need to to send the clock 1193 00:47:09,890 --> 00:47:12,559 so you can generate the clock by 1194 00:47:12,560 --> 00:47:15,289 FPGA for 1195 00:47:15,290 --> 00:47:16,729 two to be more simple. 1196 00:47:16,730 --> 00:47:19,249 It's just asynchronous and generate 1197 00:47:19,250 --> 00:47:21,790 address and it's worked perfectly. 1198 00:47:22,880 --> 00:47:25,159 But what's the maximum clock rate you can 1199 00:47:25,160 --> 00:47:26,160 sample 1200 00:47:27,530 --> 00:47:30,139 sorry, the maximum clock rate to sample 1201 00:47:30,140 --> 00:47:32,480 it from the domain from the FPGA. 1202 00:47:35,090 --> 00:47:37,279 You don't have a 1203 00:47:37,280 --> 00:47:39,919 sample, but I can, uh, 1204 00:47:39,920 --> 00:47:42,229 it's not a sample, it's just a latency. 1205 00:47:42,230 --> 00:47:44,809 And we have about seven 1206 00:47:44,810 --> 00:47:46,249 nanoseconds. 1207 00:47:46,250 --> 00:47:48,739 OK, so please 1208 00:47:48,740 --> 00:47:51,019 leave the room quietly if you really 1209 00:47:51,020 --> 00:47:52,099 have to leave now. 1210 00:47:52,100 --> 00:47:54,199 Otherwise think about staying for a 1211 00:47:54,200 --> 00:47:56,359 few more minutes. I guess there are 1212 00:47:56,360 --> 00:47:58,609 some more interesting questions I heard 1213 00:47:58,610 --> 00:48:00,709 there is a question from the Internet. 1214 00:48:00,710 --> 00:48:02,239 Yeah. Um, hi. 1215 00:48:02,240 --> 00:48:03,439 I'm over here. Yes, thank you. 1216 00:48:03,440 --> 00:48:05,059 Uh, can you say something about the 1217 00:48:05,060 --> 00:48:07,369 difference between hard plight and 1218 00:48:07,370 --> 00:48:09,919 maybe a common FPGA development 1219 00:48:09,920 --> 00:48:12,169 kit, like a cyclone starter kit 1220 00:48:12,170 --> 00:48:13,369 with an expansion board? 1221 00:48:15,020 --> 00:48:16,849 You have the same FPGA. 1222 00:48:16,850 --> 00:48:19,219 So, of course, if you put 1223 00:48:19,220 --> 00:48:22,039 my firmware inside, it's worked 1224 00:48:22,040 --> 00:48:24,439 with the same, uh, uh, 1225 00:48:24,440 --> 00:48:25,999 baby, of course. 1226 00:48:26,000 --> 00:48:28,399 But don't forget, you need to 1227 00:48:28,400 --> 00:48:30,409 program your FPGA. 1228 00:48:30,410 --> 00:48:32,959 So for that, you can use a blaster, 1229 00:48:32,960 --> 00:48:35,359 for example, or 1230 00:48:35,360 --> 00:48:37,039 external tool. 1231 00:48:37,040 --> 00:48:39,379 So, uh, yeah, we 1232 00:48:39,380 --> 00:48:41,449 use, uh, microcontroller to program 1233 00:48:41,450 --> 00:48:43,519 excellent memory to 1234 00:48:43,520 --> 00:48:45,379 programs of bitstream, etc.. 1235 00:48:45,380 --> 00:48:47,510 So we we we are crape. 1236 00:48:49,120 --> 00:48:51,579 A big bridge between 1237 00:48:51,580 --> 00:48:53,859 FPGA and graphical 1238 00:48:53,860 --> 00:48:56,289 interfaces, so in fact, 1239 00:48:56,290 --> 00:48:59,619 you have a graphical interfaces 1240 00:48:59,620 --> 00:49:02,589 API in a ruby, uh, 1241 00:49:02,590 --> 00:49:04,539 communication with a microcontroller and 1242 00:49:04,540 --> 00:49:06,609 microcontroller communicates with custom 1243 00:49:06,610 --> 00:49:08,949 and tunnel protocol with FPGA 1244 00:49:08,950 --> 00:49:10,999 and inside the FPGA. 1245 00:49:11,000 --> 00:49:13,209 Yes. You have, uh, 1246 00:49:13,210 --> 00:49:15,339 to, uh, module 1247 00:49:15,340 --> 00:49:18,459 we have as protocol and, 1248 00:49:18,460 --> 00:49:20,679 uh, to create some communication 1249 00:49:20,680 --> 00:49:22,449 with microcontroller set. 1250 00:49:22,450 --> 00:49:24,579 And now we have a 1251 00:49:24,580 --> 00:49:26,799 module. So if you need S.P.I, you 1252 00:49:26,800 --> 00:49:28,829 just create S.P.I, uh, 1253 00:49:30,220 --> 00:49:32,439 state machine and you you 1254 00:49:32,440 --> 00:49:34,779 can feel a FIFO first 1255 00:49:34,780 --> 00:49:36,489 in first out memory. 1256 00:49:36,490 --> 00:49:38,589 And it's OK for you 1257 00:49:38,590 --> 00:49:40,840 after that asteroid called to 1258 00:49:42,190 --> 00:49:44,319 do the process and 1259 00:49:44,320 --> 00:49:46,689 process that. And Olesen for you. 1260 00:49:46,690 --> 00:49:49,059 So in fact you have 1261 00:49:49,060 --> 00:49:50,800 an array data 1262 00:49:52,240 --> 00:49:54,879 array on and you have 1263 00:49:54,880 --> 00:49:57,519 FIFO on the Vijaya 1264 00:49:57,520 --> 00:50:00,189 and you can do what you want. 1265 00:50:00,190 --> 00:50:02,319 OK, so it's sure you 1266 00:50:02,320 --> 00:50:04,869 can use, uh, 1267 00:50:04,870 --> 00:50:07,029 the demo board, but you need to program, 1268 00:50:07,030 --> 00:50:09,129 etc.. So you will not have the 1269 00:50:09,130 --> 00:50:10,719 food processor, of course. 1270 00:50:10,720 --> 00:50:11,559 Yeah. 1271 00:50:11,560 --> 00:50:12,449 OK, then. 1272 00:50:12,450 --> 00:50:15,669 Next question over to the side. 1273 00:50:15,670 --> 00:50:17,769 Two questions. First, I 1274 00:50:17,770 --> 00:50:19,239 looked at the site, but I didn't see any 1275 00:50:19,240 --> 00:50:21,669 schematic source quotes, whatever. 1276 00:50:21,670 --> 00:50:23,199 You will release them. 1277 00:50:23,200 --> 00:50:24,979 So, um. 1278 00:50:24,980 --> 00:50:27,219 Forssmann And um, we 1279 00:50:27,220 --> 00:50:28,199 are talking about it. 1280 00:50:28,200 --> 00:50:30,759 Yeah. Yes. We are not sure, uh, 1281 00:50:30,760 --> 00:50:32,269 for the moment, but we are talking for 1282 00:50:32,270 --> 00:50:33,189 the moment. 1283 00:50:33,190 --> 00:50:35,289 Graphical interfaces is open. 1284 00:50:35,290 --> 00:50:37,569 Uh, if you choose 1285 00:50:37,570 --> 00:50:39,939 it is for you 1286 00:50:39,940 --> 00:50:41,859 but you can use API. 1287 00:50:41,860 --> 00:50:44,709 Of course API is open and 1288 00:50:44,710 --> 00:50:47,019 now you can use very little 1289 00:50:47,020 --> 00:50:49,089 uh line uh, ruby 1290 00:50:49,090 --> 00:50:51,309 line to to interact with 1291 00:50:51,310 --> 00:50:53,919 SBI, for example, just create 1292 00:50:53,920 --> 00:50:55,089 a separate object. 1293 00:50:55,090 --> 00:50:57,189 And just the next 1294 00:50:57,190 --> 00:50:59,259 line is that, OK, 1295 00:50:59,260 --> 00:51:01,809 so today you can use aspirates 1296 00:51:01,810 --> 00:51:04,269 as like just chool line 1297 00:51:04,270 --> 00:51:05,379 of Ruby code 1298 00:51:06,730 --> 00:51:09,779 for the magic 1299 00:51:09,780 --> 00:51:12,579 for the moment is not open hardware 1300 00:51:12,580 --> 00:51:15,159 but uh 1301 00:51:15,160 --> 00:51:17,289 maybe change uh 1302 00:51:17,290 --> 00:51:17,829 change that. 1303 00:51:17,830 --> 00:51:18,830 Yeah. Yeah. 1304 00:51:19,960 --> 00:51:21,409 OK, second question. 1305 00:51:21,410 --> 00:51:23,469 Um, such a project 1306 00:51:23,470 --> 00:51:25,929 by community because you're not 1307 00:51:25,930 --> 00:51:28,299 you probably cannot go and implement 1308 00:51:28,300 --> 00:51:30,429 all kind of protocols and uh. 1309 00:51:30,430 --> 00:51:31,659 Yes, yes. 1310 00:51:31,660 --> 00:51:33,769 Of course the goal of our 1311 00:51:33,770 --> 00:51:35,829 sprite is to create, uh, a database 1312 00:51:35,830 --> 00:51:38,199 like, um, metabolite. 1313 00:51:38,200 --> 00:51:40,299 And you see we have only 1314 00:51:40,300 --> 00:51:41,179 a five. 1315 00:51:41,180 --> 00:51:42,989 Um, it's not true. 1316 00:51:42,990 --> 00:51:45,219 Um, we have, um, more 1317 00:51:45,220 --> 00:51:47,739 than like it's just for the demo, 1318 00:51:47,740 --> 00:51:49,959 but we have a problem 1319 00:51:49,960 --> 00:51:52,059 because if you are an 1320 00:51:52,060 --> 00:51:54,219 expert, it's not complicated for you to 1321 00:51:54,220 --> 00:51:56,559 create, uh, 1322 00:51:56,560 --> 00:51:58,929 a command and uh, um, 1323 00:51:58,930 --> 00:52:01,329 and target and and also people 1324 00:52:01,330 --> 00:52:03,609 can use it just like that, 1325 00:52:03,610 --> 00:52:05,439 which you click of course. 1326 00:52:05,440 --> 00:52:07,539 But in real life it just to click because 1327 00:52:07,540 --> 00:52:09,639 you need to create and 1328 00:52:09,640 --> 00:52:11,769 the next step is to create a 1329 00:52:11,770 --> 00:52:14,439 community, to create, uh, 1330 00:52:14,440 --> 00:52:15,579 command. 1331 00:52:15,580 --> 00:52:16,959 But it's not enough. 1332 00:52:16,960 --> 00:52:19,539 It's true. We need to create another 1333 00:52:19,540 --> 00:52:22,359 module and it's for that we 1334 00:52:22,360 --> 00:52:24,999 we try to um to 1335 00:52:25,000 --> 00:52:27,069 to change, uh, geometric 1336 00:52:27,070 --> 00:52:30,219 early sense. Exeter, Exeter to 1337 00:52:30,220 --> 00:52:32,499 Eyob, uh, answer 1338 00:52:32,500 --> 00:52:33,599 your question. 1339 00:52:33,600 --> 00:52:35,829 Uh, for the community, we 1340 00:52:35,830 --> 00:52:38,199 will rely on not, uh, a lot, uh, 1341 00:52:38,200 --> 00:52:40,509 on the community to, um, 1342 00:52:40,510 --> 00:52:42,609 to share the, uh, the 1343 00:52:42,610 --> 00:52:44,379 components they have created or 1344 00:52:44,380 --> 00:52:46,869 Zuckerman's, uh, so someone 1345 00:52:46,870 --> 00:52:49,179 that doesn't know how to 1346 00:52:49,180 --> 00:52:51,399 to interact with the specific component, 1347 00:52:51,400 --> 00:52:53,539 you may be will you may find 1348 00:52:53,540 --> 00:52:55,479 this a component online that we needed 1349 00:52:55,480 --> 00:52:58,209 and added to is our split and 1350 00:52:58,210 --> 00:52:59,499 we have nothing to do that. 1351 00:52:59,500 --> 00:53:01,869 Just clicking OK 1352 00:53:01,870 --> 00:53:02,919 at the beginning. 1353 00:53:02,920 --> 00:53:04,719 Yeah, at the beginning aspect is for 1354 00:53:04,720 --> 00:53:05,769 internal purposes. 1355 00:53:05,770 --> 00:53:08,049 And yeah we now uh 1356 00:53:08,050 --> 00:53:10,209 I think you 1357 00:53:10,210 --> 00:53:11,919 are here. So it seems to be you are 1358 00:53:11,920 --> 00:53:14,019 interesting by Aspro, 1359 00:53:14,020 --> 00:53:15,789 so maybe we, we can change. 1360 00:53:15,790 --> 00:53:18,189 Uh this is still in development 1361 00:53:18,190 --> 00:53:20,339 of course. And we are thinking uh the way 1362 00:53:20,340 --> 00:53:22,449 it a way to adapt and yes. 1363 00:53:22,450 --> 00:53:24,819 Because we use our split already. 1364 00:53:24,820 --> 00:53:26,949 So I think we we 1365 00:53:26,950 --> 00:53:29,199 can increase the compatibility of 1366 00:53:29,200 --> 00:53:30,200 split with you. 1367 00:53:31,470 --> 00:53:33,539 OK, then, next question 1368 00:53:33,540 --> 00:53:34,859 again, another question from the 1369 00:53:34,860 --> 00:53:35,860 Internet. 1370 00:53:39,060 --> 00:53:40,529 The Internet. 1371 00:53:40,530 --> 00:53:42,749 Now, can you think of 1372 00:53:42,750 --> 00:53:44,849 no limitations to hotplates 1373 00:53:44,850 --> 00:53:46,679 or will there be any components or 1374 00:53:46,680 --> 00:53:49,469 protocols that will never be supported 1375 00:53:49,470 --> 00:53:51,479 or can never be supported? 1376 00:53:53,290 --> 00:53:55,499 The limit is the same answer. 1377 00:53:55,500 --> 00:53:58,469 It's a civil nanosecond latency. 1378 00:53:58,470 --> 00:54:00,749 And after that, you can trade 1379 00:54:00,750 --> 00:54:01,750 what you want. 1380 00:54:03,420 --> 00:54:05,579 Not exactly, you have a 1381 00:54:05,580 --> 00:54:08,009 problem with internal 1382 00:54:08,010 --> 00:54:10,769 memory of Cyclone 1383 00:54:10,770 --> 00:54:12,210 two, so 1384 00:54:13,410 --> 00:54:15,479 it's complicated to answer your question 1385 00:54:15,480 --> 00:54:17,339 because the goal of our spirit is to 1386 00:54:17,340 --> 00:54:20,369 create a framework and 1387 00:54:20,370 --> 00:54:21,599 versatility framework. 1388 00:54:21,600 --> 00:54:23,669 And, of course, you know, the 1389 00:54:23,670 --> 00:54:26,429 limit is only seven nanosecond latency 1390 00:54:26,430 --> 00:54:29,469 because we we work 100 1391 00:54:29,470 --> 00:54:30,470 megahertz. 1392 00:54:30,960 --> 00:54:32,159 And it is 1393 00:54:33,210 --> 00:54:35,039 possible if we want to there, we are not 1394 00:54:35,040 --> 00:54:37,109 limited by that. 1395 00:54:37,110 --> 00:54:39,809 So just with this feature, 1396 00:54:39,810 --> 00:54:42,719 this limitation, just seven. 1397 00:54:42,720 --> 00:54:43,739 Yes. 1398 00:54:43,740 --> 00:54:44,909 OK, thanks then. 1399 00:54:44,910 --> 00:54:46,479 Next question from any year. 1400 00:54:47,530 --> 00:54:49,769 Yeah. I think the time consuming 1401 00:54:49,770 --> 00:54:51,869 thing will be getting the data sheet 1402 00:54:51,870 --> 00:54:53,369 and modeling the chip. 1403 00:54:53,370 --> 00:54:55,649 And I think it's a great idea to have 1404 00:54:55,650 --> 00:54:57,869 a sharing platform for this 1405 00:54:57,870 --> 00:54:59,129 intermediate step. 1406 00:54:59,130 --> 00:55:01,619 How far are you what is your internal 1407 00:55:01,620 --> 00:55:04,319 database that you have right now 1408 00:55:04,320 --> 00:55:06,389 that you when you when you get it right 1409 00:55:06,390 --> 00:55:08,159 now to the market from the first step 1410 00:55:08,160 --> 00:55:09,859 without having the sharing platform? 1411 00:55:09,860 --> 00:55:12,089 OK, what we give in the 1412 00:55:12,090 --> 00:55:14,279 database, uh, when, uh, someone gets 1413 00:55:14,280 --> 00:55:15,839 a product, that's for sure. 1414 00:55:15,840 --> 00:55:18,449 Yes. Oh, well, uh, we 1415 00:55:18,450 --> 00:55:20,879 as a component, we well we we have what 1416 00:55:20,880 --> 00:55:23,399 I think, uh, and 1417 00:55:23,400 --> 00:55:25,020 the one you can, uh. 1418 00:55:27,160 --> 00:55:29,160 We will we are going to give us 1419 00:55:30,280 --> 00:55:32,619 a component for each birth 1420 00:55:32,620 --> 00:55:35,199 so that anchorman's so that people 1421 00:55:35,200 --> 00:55:37,269 can take example on 1422 00:55:37,270 --> 00:55:39,489 component to adapt to their 1423 00:55:39,490 --> 00:55:41,349 own components if they are not using the 1424 00:55:41,350 --> 00:55:41,949 same. 1425 00:55:41,950 --> 00:55:44,199 And don't forget, for example, 1426 00:55:44,200 --> 00:55:46,479 the button Fooldom fool expert 1427 00:55:46,480 --> 00:55:47,859 cetera. 1428 00:55:47,860 --> 00:55:49,929 It's automatic and 1429 00:55:49,930 --> 00:55:51,999 you need just to specify 1430 00:55:52,000 --> 00:55:54,129 the size of your memory and all 1431 00:55:54,130 --> 00:55:55,749 is automatic. 1432 00:55:55,750 --> 00:55:58,089 So if you want to dump 64 1433 00:55:58,090 --> 00:56:00,339 Kyllo memories or 1434 00:56:00,340 --> 00:56:02,439 32 etc is the same 1435 00:56:02,440 --> 00:56:05,049 judge change the size and the size 1436 00:56:05,050 --> 00:56:07,689 is on the title of your datasheet. 1437 00:56:07,690 --> 00:56:09,879 So for example, forfour spy or 1438 00:56:09,880 --> 00:56:12,789 it is not a problem to a custom 1439 00:56:12,790 --> 00:56:14,739 custom command because you don't need. 1440 00:56:15,850 --> 00:56:17,919 OK, so maybe it would be a good idea 1441 00:56:17,920 --> 00:56:20,589 to have an inherent command 1442 00:56:20,590 --> 00:56:22,899 to take the chips 1443 00:56:22,900 --> 00:56:25,419 you already have and just change them and 1444 00:56:25,420 --> 00:56:26,349 have another one. 1445 00:56:26,350 --> 00:56:29,139 Yes you can, you can use the 1446 00:56:29,140 --> 00:56:31,149 existing component as a template to 1447 00:56:31,150 --> 00:56:32,409 create another one. 1448 00:56:32,410 --> 00:56:33,249 Yeah. 1449 00:56:33,250 --> 00:56:35,319 OK, I think we have time for two 1450 00:56:35,320 --> 00:56:37,690 more questions perhaps please. 1451 00:56:38,880 --> 00:56:40,949 Will you be able to do detection of 1452 00:56:40,950 --> 00:56:43,469 Geotagging Serial on 1453 00:56:43,470 --> 00:56:44,699 if you don't know which points on the 1454 00:56:44,700 --> 00:56:45,379 board? 1455 00:56:45,380 --> 00:56:46,639 Um. 1456 00:56:46,640 --> 00:56:48,859 Yes, it follows that, 1457 00:56:48,860 --> 00:56:50,929 so for geotag or 1458 00:56:50,930 --> 00:56:52,999 SWG, most of the time, 1459 00:56:53,000 --> 00:56:55,699 you have on the top of the board 1460 00:56:55,700 --> 00:56:58,039 SWG and TM's 1461 00:56:58,040 --> 00:56:59,479 exercised. 1462 00:56:59,480 --> 00:57:02,719 So it's true in this example, 1463 00:57:02,720 --> 00:57:05,299 we know the car so easy. 1464 00:57:05,300 --> 00:57:07,309 It's such a beginning of SWG. 1465 00:57:07,310 --> 00:57:09,849 It's false that it's not very clear for 1466 00:57:09,850 --> 00:57:11,119 everybody. 1467 00:57:11,120 --> 00:57:13,519 But, um, 1468 00:57:13,520 --> 00:57:15,619 in fact we are only chewier 1469 00:57:15,620 --> 00:57:17,330 and you can 1470 00:57:18,530 --> 00:57:20,809 see that as shit and you can find 1471 00:57:20,810 --> 00:57:23,029 a clock of AWG and 1472 00:57:23,030 --> 00:57:25,339 just use a multimeter to find the pin 1473 00:57:25,340 --> 00:57:27,529 on the board and for our exploit 1474 00:57:27,530 --> 00:57:29,899 we are the busses next 1475 00:57:29,900 --> 00:57:32,539 week to use with 1476 00:57:32,540 --> 00:57:33,739 helping wearing it. 1477 00:57:33,740 --> 00:57:36,109 The question was, how do you connect 1478 00:57:36,110 --> 00:57:37,789 as the ability to assimilate onto the 1479 00:57:37,790 --> 00:57:39,289 target? No, I was just wondering whether 1480 00:57:39,290 --> 00:57:40,729 whether you have the same functionality 1481 00:57:40,730 --> 00:57:43,249 as Jugulator has now, where will 1482 00:57:43,250 --> 00:57:44,869 you connect it to lots of points and it 1483 00:57:44,870 --> 00:57:46,419 will attempt to identify which points 1484 00:57:46,420 --> 00:57:47,420 are. 1485 00:57:51,050 --> 00:57:53,259 I'm not sure I understand so 1486 00:57:53,260 --> 00:57:55,039 say you have a board with No Labels and 1487 00:57:55,040 --> 00:57:56,809 you're trying to find where is the serial 1488 00:57:56,810 --> 00:57:58,549 interface or where is that which are 1489 00:57:58,550 --> 00:58:01,489 which are the Jacobins and Jugulator? 1490 00:58:01,490 --> 00:58:03,169 Oh, yes, yes, yes. 1491 00:58:03,170 --> 00:58:05,069 It's not a brute force issue. 1492 00:58:05,070 --> 00:58:06,109 Yes, I understand. 1493 00:58:06,110 --> 00:58:08,269 So for the moment, 1494 00:58:08,270 --> 00:58:10,519 you need to put in the right way 1495 00:58:10,520 --> 00:58:11,520 is a right. 1496 00:58:12,350 --> 00:58:14,569 Why are you if not, this doesn't work, 1497 00:58:14,570 --> 00:58:16,909 of course, but it's FPGA 1498 00:58:16,910 --> 00:58:19,009 and you can create an 1499 00:58:19,010 --> 00:58:21,499 algorithm to to brute force like 1500 00:58:21,500 --> 00:58:23,479 shit, take your hat off if you go on and 1501 00:58:23,480 --> 00:58:24,499 exploit. 1502 00:58:24,500 --> 00:58:26,749 I'll, uh, for the next step 1503 00:58:26,750 --> 00:58:28,489 is the first step. 1504 00:58:28,490 --> 00:58:29,869 We are going to implement this 1505 00:58:29,870 --> 00:58:31,759 functionality just so you won't be able 1506 00:58:31,760 --> 00:58:33,779 to connect the way out and just launch 1507 00:58:33,780 --> 00:58:35,149 the detection. 1508 00:58:35,150 --> 00:58:37,129 So it's on its way and you can replace 1509 00:58:37,130 --> 00:58:39,019 your turkey that always with this tool. 1510 00:58:39,020 --> 00:58:40,969 But it's not the goal of exploit it just 1511 00:58:40,970 --> 00:58:43,159 to have a framework because 1512 00:58:43,160 --> 00:58:45,289 we we love this tool is the beginning 1513 00:58:45,290 --> 00:58:46,369 of our working. 1514 00:58:46,370 --> 00:58:48,709 But we want to to put 1515 00:58:48,710 --> 00:58:50,899 all the good tool inside the same 1516 00:58:50,900 --> 00:58:52,289 and community. 1517 00:58:52,290 --> 00:58:54,479 You can can use it easy. 1518 00:58:54,480 --> 00:58:55,489 Yeah. Thanks. 1519 00:58:55,490 --> 00:58:56,659 Thank you. 1520 00:58:56,660 --> 00:58:59,219 So thanks again for the questions. 1521 00:58:59,220 --> 00:59:01,429 The speakers will perhaps be outside 1522 00:59:01,430 --> 00:59:03,769 in a minute for further questions, 1523 00:59:03,770 --> 00:59:05,839 but I think we can all 1524 00:59:05,840 --> 00:59:07,729 give you a warm applause. 1525 00:59:07,730 --> 00:59:08,929 Thank you for your call. 1526 00:59:08,930 --> 00:59:09,930 Thank you for listening.