[E-voting] Nedap voting machines successfully hacked

Justin Mason jm at jmason.org
Wed Oct 4 18:37:02 IST 2006


Colm MacCarthaigh writes:
> On Wed, Oct 04, 2006 at 06:12:05PM +0100, Justin Mason wrote:
> > I presume this is by adding new code to the *existing* NEDAP OS image, and
> > burning the new image to the EEPROM?
> 
> Nope, I think it was easier to write entirely new code. Though there are
> dissaembles of the original code too.

I'll bet there is.  Incredible -- that should be protected by so much
anti-reversing code and crypto...

> > Does this mean there isn't even any XBox-style BIOS-based cryptographic
> > verification of the EEPROM's contents?  That seems to be a major oversight
> > in tamperproofing.
> 
> I saw no warning!

there should be more than a warning -- it should fail to boot entirely!  

I can post snippets from Bunnie Huang's "Reverse Engineering the X-Box" if
required ;)

--j.



More information about the E-voting mailing list