@kloenk @janamarie yes! I needed a BLE sniffer with SMA

Fancy, board-house sent me x-rays of my PCBs!

@pedropablo_ Any RP2350 is fine!

We were able to find some minor correlations, but by far not enough to leak the key successfully.

If you think you found something - even if it's not a full attack - send an e-mail, it's about making the implementation more secure, not about building the best attack.🛡️

My first post on the RaspberryPi Blog 😍

We've extended the RP2350 side-channel hacking challenge to April 30 - and even better: To make attacks for the challenge easier, we decided to disable the random chaffing and some more mitigations!

https://www.raspberrypi.com/news/rp2350-hacking-challenge-2-less-randomisation-more-correlation/

@tavisco @draconigen There's nothing from the old iPod firmwares in there :) I think it's just a nice easter-egg

@macandi

Ein paar Korrekturen:

Ich habe gesagt dass der microcontroller wahrscheinlich geschützt ist gegen den original Angriff: https://infosec.exchange/@stacksmashing/115972602299558106

Und es wäre nett wenn ihr bei der fault-injection Attacke auf die Primärquelle ( https://www.youtube.com/watch?v=_E0PWQvW-14 ) verlinken könntet anstatt auf SySS die sich leider nichtmal die Mühe machen das korrekt zu attribuieren.

Vielen Dank!

hi @gsuberland did you know that a single MLCC cap was responsible for a space toilet failure in the ISS? I think no other cap in the world sustained that amount of failure analysis lmao

@tavisco This one I know from way back - the iPod firmware used to have that in it too!

@drwho Ah if you mean the thing underneath: That's a PCbite set

The PCB is suuuper sensitive. I ripped off three pads so far... To get to chip-select I had to solder onto the tiny tiny tiny via barrel😵‍💫

9d3e36fc632d77f24c810cb89892dd1959dfb05b output.bin

(Created from multiple dumps, something is messing with the signal)

@drwho hah just a random QFP chip carrier I happened to have on my desk

@dzwiedziu just a random QFP chip carrier I had laying on the table

lfg

Pokey dokey

For those playing along at home: Preliminary flash pin-out!

13 - SPI Flash CLK
16 - SPI Flash DI / MOSI
18 - SPI Flash DO / MISO
19 - SPI Flash VCC
20 - SPI Flash CS

Pulled off the flash and soldered on some magnet-wire on all of the pins to get a decent pin-out. This stuff is smol! 🤏

Numbered the test-pins on the back of the device - let's try to document the signals!

But there's at least something to dump - the SPI flash chip seems to be a Winbond W25Q64