An introduction to Hardware Anti-Tampering and Data Protection used in the 1980s and 1990s by the Satellite, Casino and Financial industry. The presentation will begin with some examples of early hardware requiring data integrity an protection in an high risk environment. Featuring one of my first hardware reverse-engineering projects where I reversed the logic of PLDs and then designed a product that interacted with that hardware bypassing memory integrity. Show how I secured my design with a security processor widely used in banking machines at the time.

The main presentation will be a reverse-engineering project where a custom ASIC used in a printer cartridge was fully reverse-engineered. This takes you through the steps of discovering unused bonding pads that are likely test pads. Performing a communications capture / sniffing and reply type attacks on the ASIC in attempt to understand the encrypted protocol.
Imaging and de-layering multiple samples of the die to obtain a netlist. We overcame an issue where the DIE markings are the same and some of the metal layers are not, meaning we had to deal with different formatted layers during netlist generation. Turn netlist into simulation code to understand some code. Simulation needed some memory for function.

We needed to read out small flash memory to make simulation function. We were able to use Verilog simulation model to locate and disarm the active die protection allowing FIB editing and probing the data lines during power up. The test mode pin along with embedded device was used to stimulate and read out the NV memory containing the key material. We could then communicate with the completed simulation as if it were the ASIC.