100 Seconds of Solitude: Defeating Cisco Trust Anchor With FPGA Bitstream Shenanigans

Conference:  BlackHat USA 2019



The presentation discusses the manipulation of FPGA bitstreams and its security implications on various devices, including Cisco routers and switches, advanced driver assistant cars, and legacy weapon systems missiles. The main objective is to demonstrate the impact of using these techniques on devices beyond routers and switches.
  • FPGA bitstream manipulation can affect various devices beyond routers and switches
  • The presentation discusses the development of a highly intelligent automated testing framework called Brian
  • The vulnerability named Three Angry Cat is the result of the team's work and can be found on their website
  • The presentation explains the process of unpacking, analyzing, and modifying the bitstream
  • The team created a tool that can pinpoint any piece of the binary and show what it represents
  • The team also demonstrated how to disable the FPGA's reset pin to prevent the trust anchor from resetting the processor
  • Modification of the bitstream is easy and can be done by disabling the 22-bit CRC for single event upset
The team invested a ton of resources in creating the Brian testing framework, which is so complicated that some say it is borderline sentient. The vulnerability named Three Angry Cat is the first vulnerability named after three unpronounceable emojis. The team also created a visualization tool that shows the resource utilization of the bitstream and can pinpoint any piece of the binary and show what it represents.


First commercially introduced in 2013, Cisco Trust Anchor module(TAm) is a proprietary hardware security module that is used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the foundational root of trust that underpins all other Cisco security and trustworthy computing mechanisms in such devices. We disclose two 0-day vulnerabilities and show a remotely exploitable attack chain that reliably bypasses Cisco Trust Anchor.We present an in-depth analysis of the TAm, from both theoretical and applied perspectives. We then present a series of architectural and practical flaws of TAm and describe theoretical methods of attack against such flaws. Next, we enumerate limitations in current state-of-the-art offensive capabilities that made the design of TAm appear secure.Using Cisco 1001-X series of Trust Anchor enabled routers as a demonstrative platform, we delve into a detailed analysis of a current implementation of TAm, including results obtained through hardware reverse engineering, Trust Anchor FPGA bitstream analysis, and the reverse engineering of numerous Cisco trustworthy computing mechanisms that depend on TAm. Finally, we present two 0-day vulnerabilities within Cisco IOS and TAm and demonstrate a remotely exploitable attack chain that results in persistent compromise of an up-to-date Cisco router. We will discuss the implementation of our TAm bypass, which involves novel methods of reliably manipulating FPGA functionality through bitstream analysis and modification while circumventing the need to perform RTL reconstruction. The use of our methods of manipulation creates numerous possibilities in the exploitation of embedded systems that use FPGAs. While this presentation focuses on the use of our FPGA manipulation techniques in the context of Cisco Trust Anchor, we briefly discuss other uses of our bitstream modification techniques.