back to article Attack of the clones: If you were relying on older Xilinx FPGAs to keep your product's hardware code encrypted and secret, here's some bad news

A newly disclosed vulnerability in older Xilinx FPGAs can be exploited to simplify the process of extracting and decrypting the encrypted bitstreams used to configure the chips. In other words, it's now easier to produce clones of products that use these vulnerable Xilinx components. It's not really a terrifying security flaw …

  1. Anonymous Coward
    Anonymous Coward

    Kudos to the author for his understanding of FPGA architecture and a highly readable description of what is going on.

    Since the flaw affects 7 series devices which are still mainstream for smaller applications, and embedded FPGA applications (e.g. network switches) can have a long production & service life, this is probably quite a big deal when it comes to the risk of knockoff kit being made. With the ability to clone the bitstream, it would be possible to make a fake switch that is operationally identical to the genuine item, perhaps also being able to accept the original vendor's firmware upgrades.

    1. A random security guy Bronze badge

      Agreed. Did a good job.

  2. A random security guy Bronze badge

    Most people don't realize how how vulnerable FOGAs are

    Talked to a famous device company here in the Bay Area. The engineers claimed that no one would be able to steal their IP because their bitstream was so complex.

    And no one could hack it and make their devices do dangerous things like killing people because (see above).

    Hence they didn’t need to encrypt their bitstream. Nor did they want to sign it.

    1. Mike007

      So complex...

      Their bitstream is probably really simple, in fact I would bet it was just a sequence of 1's and 0's arranged in a certain order.

      In practice most people only need to bother encrypting the documentation that explains the reason the bits are in that specific order.

      I extracted the unencrypted CPU instruction codes for Windows ME when they just left it sitting unencrypted on my hard drive! I didn't get very far with my attempt to clone it and sell it as BlockChainCloudAIOS, but someone more fluent in marketing speak might have had better luck with that part.

    2. Billluts

      Re: Most people don't realize how how vulnerable FOGAs are


      We work on FPGA security and it is indeed a complex matter.

      Can you provide here more details on "device company in the Bay Area"?

      We can reverse engineer netlists from Xilinx bitstreams and while such a netlist looks obfuscated in the first place, you can identify things like ring-oscillators, vectors (e.g., through following carry chains) or even constructs like AES s-boxes.

      We are working on an academic tool to insert hardware Trojans (and means to detect such Trojans), so any real-world test case would be interesting for us.

  3. Anonymous Coward
    Anonymous Coward

    Well played

    Not pointing the finger at anyone in particular when talking about knock-offs, aren't we? :-)

    1. Claptrap314 Silver badge

      Re: Well played


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021