stfFeb 23

The #NSA with the help of #philips #backdoored (again!) a european military messaging #device in the 80ies, a few years ago the fine people of the #cryptomuseum published everything they knew about it - including a #firmware dump:
https://www.cryptomuseum.com/crypto/philips/ua8295/

back then i #reverseEngineered this, and last week finally cleaned it up, and publish it today:

https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:z46AkAERuXAzqZcDRKvE7byRbkga1

also on the bad site: https://github.com/stef/UA-8295-NSA

update: it's a thread: 1/n

UA-8295

Show threadstf

some interesting details, the #nsa #backdoored #phillips device runs a 8051 mcu. there's a print subroutine, that pops the return address from the stack, and prints the litteral chars from that address onwards until it finds a byte which has the top bit set. then it returns to the address after this last char. of course this is no calling-convention that any disassembler knows, so it throws them off.

2/n

Feb 23 at 3:00pmWeb
Show threadstfFeb 23
another interesting detail with this SBT #military #crypto #device #backdoored by the #nsa is that it contains a weird virtual machine, this handles templating of messages and fixed point math, and uses only 2 data "registers" and a pointer register.
Show threadstfFeb 23

check out the write-up at https://rad.ctrlc.hu:443/raw/rad:z46AkAERuXAzqZcDRKvE7byRbkga1/7a27b7a350ccadadc2d1bd776747a06393fb50ab/writeup.pdf

for more weird details of the #nsa #backdoored #SBT #military #crypto #device.