Anelok: sealing against physical tampering

Ron K. Jeffries rjeffries at
Wed May 7 10:07:57 EDT 2014

These ideas color my perception of you. In a good way. LOL

On a semi-serious note, I'll assume the NSA will SOON assign a team to
watch you closely. Given your hours, it's more than a one person job. I'm
thinking a team of three people, actually four to allow four holidays and
sick time.

I hate to say it, but that's a significant investment, money that could be
spent elsewhere. It would be more cost effective to simply eliminate the
threat, if you understand what I'm saying. I think you are OK for another
few months. Ideas are a dime a dozen. But if you reduce this to practice...

My biggest concern is who will step up and maintain stats regarding IRC and
mail list monthly usage.

You will be missed my friend. Especially on the irc channel, where you are
a voice of reason, a paragon of open hardware/software DIY/Maker
engineering virtue

With a smile,

Ron K Jeffries (who's not smart enough to be a threat to anyone except

Ron K. Jeffries

On Wed, May 7, 2014 at 6:55 AM, Werner Almesberger
<werner at>wrote:

> I was thinking about possibilities of physical tampering with
> Anelok, and ways to prevent them.
> Possible attacks would include:
> - replacing the entire device,
> - replacing the PCB,
> - modifying the circuit.
> Modifying the circuit could for instance mean the addition of some
> sniffer chip (e.g., to record the unlock code or to capture any of
> the MCU's outputs), or to change some element of the circuit to
> make the device less safe (e.g., reroute the CC2543's reset signal
> to some other pin, so that the RF chip could better lie to the MCU.)
> Replacing device or PCB would allow the use of a compromised MCU.
> If Freescale's protection mechanisms work, then that wouldn't allow
> impersonating the original device but the device could still try to
> collect the unlock code and then fake some defect.
> These are complex attacks but still something a determined attacker
> could pull off with relatively few resources.
> One idea for making it possible to detect a replaced MCU would be to
> have the device answer challenges by using a unique secret internal
> key. That way, a user could prepare one or more challenges, have
> them answered by the device while still in a known to be good state,
> and write down the responses. If a suspicious condition occurs, the
> same challenges could be tried and compared with the results that
> are only known to the user.
> One idea for mitigating physical attacks would be to seal the
> circuit. The problem: how to prevent the attacker from just sealing
> the replaced or tampered-with device, too ?
> I just had an idea for this: how about mixing a transparent resin
> with some paint (or or multiple colors) that does not dissolve in
> the resin and that forms strings, and sealing the board with that
> resin ? It's likely that such a paint pattern would be unique and
> very difficult to reproduce. Furthermore, it should often be
> possible to remember characteristic patterns in one's own devices
> and this way recognize them by simply looking at the PCBs.
> This could also help with the "how to make sure only pristine
> devices reach customers" problem: when ordering, the customer could
> be sent images of the device's sealed PCB, and could therefore
> identify it after arrival.
> How does this sound ? Would anybody know a resin and paint
> combination with suitable properties ?
> - Werner
> _______________________________________________
> Qi Hardware Discussion List
> Mail to list (members only): discussion at
> Subscribe or Unsubscribe:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the discussion mailing list