Discussion
some interesting details, the #nsa #backdoored #phillips device runs a 8051 mcu. there's a print subroutine, that pops the return address from the stack, and prints the litteral chars from that address onwards until it finds a byte which has the top bit set. then it returns to the address after this last char. of course this is no calling-convention that any disassembler knows, so it throws them off.
2/n
some interesting details, the #nsa #backdoored #phillips device runs a 8051 mcu. there's a print subroutine, that pops the return address from the stack, and prints the litteral chars from that address onwards until it finds a byte which has the top bit set. then it returns to the address after this last char. of course this is no calling-convention that any disassembler knows, so it throws them off.
2/n
another interesting detail with this SBT #military #crypto #device #backdoored by the #nsa is that it contains a weird virtual machine, this handles templating of messages and fixed point math, and uses only 2 data "registers" and a pointer register.
check out the write-up at https://rad.ctrlc.hu:443/raw/rad:z46AkAERuXAzqZcDRKvE7byRbkga1/7a27b7a350ccadadc2d1bd776747a06393fb50ab/writeup.pdf
for more weird details of the #nsa #backdoored #SBT #military #crypto #device.
