Modifying a small PCB without a microscope? Improvise!

To continue the trend of hacking everything with a chip on it (IoT), we decided to tear apart a small device from a home security system.   We are on the hunt for root access, but that’s not what this post is about, it’s about a cool improvisation we pulled off to save time and well … because it was traffic hour and we didn’t feel like driving.

A little background first.  There are no references to the schematics for the PCB we are trying to modify, there is however an ARM processor which we were able to obtain a reference manual for and it clearly detailed JTAG pins for us.  The problem: size.  The chip has (as many hardware folks know) very little spacing between the pins that latch it onto the board.  We thought we were being clever when we used a glue gun, outlined the entire chip’s external perimeter with a big chunk of clear glue and stuck needles onto it to ‘make contact’.

Figure 1

We are still convinced it should have worked, but for some reason it didn’t!  So we removed the glue, and went to plan b.  We were to map the pins we needed to the back of the board, and solder raised pins on it to latch our gear …

Figure 2

The problem continued, we were only able to map ONE pin to the back of the board!  With camaraderie enabling us to continue this frustrating endeavor, we devised a third attack plan, the ARM chip had (what we thought) flat copper parallel contacts around the chip mapped to each pin so we should solder a tiny wire to it then happily latch our clips.

Figure 3

We managed to solder 49, 51, we were stoked it was cake!

Figure 4

Motivation highly increased, we were refreshed with confidence and ready to finish this task (2.5 – 3 hours in at this poitn).  Then pin pin 53 wasn’t mapped to the golden strips around the ARM chip!  We were convinced a supreme being hated us somewhere in the multi-verse!  Quit?  Plan D?  We swapped places from holding magnifying glasses, wires, flash light and solderer and again, we managed to keep going! Plan D it is: A hybrid approach.  This involved using some pins (directly on the chip) and some golden strips.

As if on purpose, the only mapped pin to the easy part of the board was the optional one -_- pin 50 (see Figure 2).  Pin 33 latched with a soldered needle, on to the the second on-chip pin (on the chip) BRIDGED!  Yes, after all this, we bridged 2 pins together with solder and spent the next 1 – 1.5 hours undoing this in an attempt at salvaging the board.

It was late, we were tired, frustrated, and our eyes were shot due to the size of the components on the board.  The magnifying glass we were using wasn’t enough, no microscope, so I ran to get my HDMI to microUSB (Phone to TV/Monitor) adapter.  I had an idea.  It was a long, long shot, but worth it if we could salvage the board.  Testing the bridge was the worse of it, because we had no visual way to predetermine if we had removed enough solder to test if the bridge was broken (annoying!!!).

 I got my old S6, plugged it onto the adapter, plugged it onto my top monitor, and turned the camera on the phone on.  The visual was useless, it was a bigger picture of the chip, but still not enough to help us.  As a last and desperate attempt for a little break, I zoomed in all the way via the touch screen zoom on the S6 and failed, it was too blurry! Then it hit us, we could focus it with the magnifying glass!

Figure 5

So to recap:

Phone to HDMI Adapter
Camera on Chip
Zoom in (and light up the board/chip with a good desk lamp)
Focus with the magnifying glass!

Here’s what it looked like!  The picture does little to merit to convey the success, but remember the 32″ monitor is a tad larger than the chip in real life.

Figure 6

Bridge was removed, we were ready to throw in the towel but we already had 2 of the 4 contacts on the ARM chip needed to obtain our JTAG connection!  We originally had three, two on the copper parallel strips, and one on pin 33 directly but while fixing the bridge we ripped one of the copper wires off.

One last breath, I hold two needles manually on two pins while Joseph plugged away at OpenOCD communicating with the ARM chip!  Success!

I hope our improvised electro-mobile-scope hack helps someone else!

Defense CyberSecurity Requirements – DFARS 252.204-7012 Need To Know

Under the interim rule issued late in 2015 (DFARS 252.204-7012), DoD contractors including small businesses. 

For immediate assistance or questions please contact us here

The requirements are fairly vague but reference documents that do dig into the technical components that are necessary to comply with their two main requirements:

  • Must provide “adequate” security to include protective measures for the loss, misuse, unauthorized access to, or modification of information on unclassified information systems.
  • Must rapidly report incidents and cooperate with DoD to respond to any security incidents.
Nomotion has produced and is in the process of vetting the process to ensure organizations needing to comply with these requirements do so, in an effective and efficient manner.
If you are interested in digging into the details of the cybersecurity standards referred to by the DFAR, they are described in further detail here DFAR 204.73, here NIST Special Publication 800-171 (fourteen areas to be secured minimally) and here NIST Special Publication 800-53.
Deadline to Get Compliant: December 31, 2017 
 
You still have time, but don’t let linger as organizations with remote branches, and contracts with multiple agencies must be approved by each agency.
Already suffered a breach?
 
No need to panic.  Just make some time soon (real soon) to deal with reporting the incident to the DIB, found at http://dibnet.dod.mil.
General questions to officials ready to help Small to Medium Businesses (SMB’s) here is a list of people ready to help!
U.S. Army – Pamela Monroe
U.S. Navy – Brad Taylor
U.S. Air Force – David Sikora
DCMA – Shelly Thomas
DHA – Dan Duckwitz
DIA – Maria Kersey
DLA – Trish Culbreth
MDA – Ruth Dailey
NGA – Diana Hughes
NSA – Jim Higgins

We don’t list their contact information to protect them from SPAM, however finding it on their agency directory is trivial.Don’t hesitate to drop us a note, let’s get you ahead of the curve in a timely manner!