๐Ÿ‘ฝCatSalad๐Ÿˆ๐Ÿฅ—ใ€ฐ๏ธ๐“‰๐™™๐Šฅ๐‘€—๐‘€ฉ๊žคJan 24
Rairii   

oh this is interesting

a while ago ransomhouse leaked data from some chinese microcontroller company, and it seems nobody really noticed

this company also makes TPMs

a lot of the data looks crypted, but thereโ€™s some plaintext in there

including listing files (which for C code seems to be preprocessor debug-output, with single character prefix denoting what the preprocessor did, comments and preprocessor directives and preprocessor output are ALL included) for the firmware of a production TPM implementation

the anti-glitch stuff in particular seems like the usual fare for such, but if you havenโ€™t seen such before then it looks kind of weird:

enum { Cpy_OK = 0x55a55aa5, SetData_OK = 0x7CCF62F2, XOR_OK = 0x6A17D34A, RandomSort_OK = 0x51261DC5, CheckOrder_OK = 0x54830C23, Reverse_OK = 0x43C94C71, IsZero_YES = 0x7a7a7a7a, IsZero_NOT = 0x07070707, IsOne_YES = 0x6a6a6a6a, IsOne_NOT = 0x06060606, Cmp_EQUAL = 0x4a4a4a4a, Cmp_LESS = (int32_t)0x95959595, Cmp_GREATER = 0x6c6c6c6c, Cmp_ERROR = 0x00044400, SetData_ERROR = 0x00055500, CheckOrder_ERROR = 0x00066600, IsZero_ERROR = 0x00077700, Cpy_ERROR = 0x00088800, Reverse_ERROR = 0x00099900, XOR_ERROR = 0x000aaa00, RandomSort_ERROR = 0x000bbb00, }; โ€‹#define TPM_ATTACK() \ { \ tpm_set_shutdown_mode(); \ return TPM_RC_FAILURE; \ } โ€‹#define xor_sum3(a, b, c) ((UINT32)(a) ^ (UINT32)(b) ^ (UINT32)(c))

before preprocessor:

// Load the persistent data UINT32 infoAddr = 0; ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)NV_GO_START, sizeof(go) >> 2, xor_sum3(&go, NV_GO_START, sizeof(go) >> 2)); if (ret != Cpy_OK) { TPM_ATTACK(); }

after preprocessor:

// Load the persistent data UINT32 infoAddr = 0; ret = Cpy_U32_sum((UINT32*)&go, (UINT32*)((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200)), sizeof(go) >> 2, ((UINT32)(&go) ^ (UINT32)(((((0x6C800 + ((0x5) << 9)) + ((0x2) << 9)) + (0x00000200)) + (0x00000200))) ^ (UINT32)(sizeof(go) >> 2))); if (ret != Cpy_OK) { { tpm_set_shutdown_mode(); return (TPM_RC)((TPM_RC)(0x100)+0x001); }; }
Jan 24 at 7:13pmWeb
Show threadRairii   Jan 24
lol, another plaintext file is what looks like the src for the firmware signer for this TPM, with three ECC private keys hardcoded (two are commented out)

there's also the code for the firmware flasher on the device side, and binary for the util that talks to that code, with identical hardcoded key+iv for crypting the buffer transferred over uart (it's china, so as you'd expect the algorithm is SM4-CFB)
Show threadRairii   Jan 24
"Final source code to Thales"

lol
Show threadRairii   Jan 28
looking further in the files that have plaintext available, and metadata of crypted files, seems this is related to a security audit on this TPM, commissioned from Thales, at a cost of 375,000 EUR
Show threadamyJan 24
@[email protected] thales.. like the smart card at my work

yay!
Show threadEmil JJan 25
@amy @Rairii or the air defence system at my continent! um
Show threadpolprog68kJan 25
@Rairii lol indeed
Show threadOrca ๐ŸŒป | ๐ŸŽ€ | ๐Ÿช | ๐Ÿด๐Ÿณ๏ธโ€โšง๏ธJan 25
@[email protected]
I guess they also produce TPMs for government use.
Show threadPoroCYonJan 24
@Rairii which company? feitian?
Show threadRairii   Jan 24
@pcy nationz, which afterwards changed their name to nsing
Show threadWilliam D. JonesJan 24

@Rairii >with single character prefix denoting what the preprocessor did

Sorry if this is a dumb q, but did you strip these out of your code snippets? I'm curious about the preprocessor debug mode LOL

Show threadRairii   Jan 24
@cr1901 i did strip them out.
Show threadSamantaz FoxJan 25
@Rairii Is that data available publivly? if so, do you have a link or something? Thanks!