A look at how sometimes it can be easy to descramble an encrypted ROM after optical extraction of bits from microscope photos.
Data in ROM can be extracted from chips using microscopes to visually identify individual bits on the silicon die. As a protection against readout of ROM contents, some manufacturers have offered chips that store ROM data in an encrypted format. This presentation will look at how some ROM encryption systems are easily defeated because of their simple design, and also how information from already hacked devices - even if they are used by a different customer for an entirely different market - can be used to break the security of other systems.
I will show images of bits in ROM and describe how visual patterns can provide clues useful for decrypting the ROM data. Software tools I've developed and used for analyzing and processing extracted ROM bits will be demonstrated and made available. This talk focuses on a specific (unnamed) family of smartcard chips, but the principles and techniques presented have been employed successfully to decrypt ROM contents from other chips as well.