[E-voting] Nedap voting machines successfully hacked
Justin Mason
jm at jmason.org
Wed Oct 4 18:37:02 IST 2006
Colm MacCarthaigh writes:
> On Wed, Oct 04, 2006 at 06:12:05PM +0100, Justin Mason wrote:
> > I presume this is by adding new code to the *existing* NEDAP OS image, and
> > burning the new image to the EEPROM?
>
> Nope, I think it was easier to write entirely new code. Though there are
> dissaembles of the original code too.
I'll bet there is. Incredible -- that should be protected by so much
anti-reversing code and crypto...
> > Does this mean there isn't even any XBox-style BIOS-based cryptographic
> > verification of the EEPROM's contents? That seems to be a major oversight
> > in tamperproofing.
>
> I saw no warning!
there should be more than a warning -- it should fail to boot entirely!
I can post snippets from Bunnie Huang's "Reverse Engineering the X-Box" if
required ;)
--j.
More information about the E-voting
mailing list