Keychip: add A700X short data sheet

[XeR]

The full data sheet is under a NDA. I could not find it on the Internet.

There are more recent versions of this preliminary short data sheet, but the one linked here is the one with the most information. Version 3.1 (which appears to be the most recent) removed the chapter about pinning information.

If your end goal is to emulate a keychip, you will need the master RSA key that is (presumably) stored in every A700X. I assume the secure elements are vulnerable to this : https://ninjalab.io/a-side-journey-to-titan/

[r1cebank]

I've been able to extract the RSA key by sniffing the USB traffic, I wonder if the cloned keychip would only need the MCU and not the secure element. Thanks for your contribution, I haven't got much time lately to dig deep into the keychip now because of work but once I got my hands on a different one I will try to glitch it to dump the MCU firmware. (currently locked behind CRP-1)

[XeR]

I've been able to extract the RSA key by sniffing the USB traffic

I think we are not talking about the same key. The one I'm talking about should not be sent over the wire (but maybe I'm wrong)

As far as I know, there are 3 RSA keys :

• The "master key", shared with all keychips, used to encrypt one packet from the host to the keychip. If we make a clone, we need the private key to decrypt this packet. (RSA-2048)
• The "keychip key", found on the external flash. It can be replaced. (RSA-1024)
• The "ALL.Net key", in the X.509 certificate for online play

Keys 2 and 3 are mentioned in #5

currently locked behind CRP-1

That's interesting. UM10462.pdf says CRP1 lets you write to RAM above 0x1000'0300 but will not let you read memory. Is this how you figured out it was protected by CRP1 ?

once I got my hands on a different one I will try to glitch it to dump the MCU firmware

I assume you're talking about a power glitch attack. Maybe the MCU executes code in the upper area of the RAM ? I won't be able to help you on that. I do not own a Nu/Keychip. Godspeed.

[r1cebank]

Thanks for the reply, that's a log of good information around the keys on the keychip.

(I am pretty much a noob in RE so please forgive me on making some obvious mistakes)

For the CRP values I was able to reset the MCU in ISP mode and using USB device it enumerated indicates the device is in CRP-1.

For the glitching I am referencing power glitching the MCU to have it reset into NO_CSP mode so I could dump the firmware. Not sure if the external flash include executable code but I assumed most of the communication logic is in the embedded program flash on the MCU itself.