titusece
Posts: 12
Joined: Sat Sep 10, 2016 3:24 pm

How to bypass the crypto chip in my raspberry pi camera (v2)

Tue Mar 21, 2017 5:31 am

Hello,
I want to bypass the crypto chip stuff in my raspberry pi camera (v2) as that crypto chip is burned.
I removed that chip from my board and now the camera board is stopped working.
It seems that crypto chip has camera information stored (brightness and gain etc.,), I want to bypass it, where/how can I do this ?
Any firmware or driver changes needed ?

Also is it possible if I buy new chip and mount it, will it work ?
How can I program that chip if I do this ?

Thanks for reading this post and much appreciate for your help.
I'm new to this camera stuff and crypto chip.

Regards,
Titus S.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera

Tue Mar 21, 2017 6:47 am

The chip is required to make the camera work so you are out of luck, you have to have the chip there.

How did you burn it or are you really just trying to get round the security? As far as I know breaking the chip is practically impossible.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

titusece
Posts: 12
Joined: Sat Sep 10, 2016 3:24 pm

Re: How to bypass the crypto chip in my raspberry pi camera

Fri Mar 24, 2017 12:55 pm

Not sure how its gone, continuously capturing and done some kind of torture testing with the camera for my project.
And it stopped working, checked with HW guy, he said that crypto chip is not functioning....
1) How can I unbrick the board ? :(
If anything change the code or firmware so that I can bypass the crypto functionality...

2) If I mount the new crypto chip, anything I need to do with SW like programming that chip etc.,

Any help to get out of this security crypto check ?

Thanks for the help.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera

Fri Mar 24, 2017 1:20 pm

You need to buy a new camera. If the cryto chip is dead (and I still cannot see how that can possibly happen) then the board is useless.

No amount of torture test is likely the break either the camera or the crypto chip.

Also asking how to bypass the crypto chip, on the official Raspberry Pi forums, isn't likely to get a lot of helpful responses.

However, since it is very unlikely to be the crypto chip, we are more than happy to try and diagnose the problem which is almost certainly elsewhere.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

RareHare
Posts: 87
Joined: Thu Jun 20, 2013 7:17 pm

Re: How to bypass the crypto chip in my raspberry pi camera

Sat Mar 25, 2017 1:22 am

titusece wrote:I removed that chip from my board and now the camera board is stopped working.
From what I have read in this forum, the purpose of the crypto chip is to prevent other vendors from making V2 cameras that will work with the RPi. If that is the purpose, then, naturally, if you remove it, you can expect that the camera will cease to work. :o Otherwise, it would not be a very effective block-out mechanism, as another vendor could simply copy the design, minus the crypto chip, and sell that. That said, one might infer that the mechanism that is being employed is one where the RPi, at time of camera usage, queries the crypto chip, first, to determine if the chip is one that is authorized by RPT (given that anyone can buy the chip on the open-market), before interacting with the IMX219. Given that chips, themselves, are commodities, and the crypto chip, in this case, is being sold by Atmel, one realizes that authorize implies that the chip was somehow touched at time of camera-module manufacture, and touched means written.

There are numerous cryptographic algorithms for determining authenticity of an integrated circuit, and this particular chip apparently uses SHA-256. This chip also has the ability to store sixteen 256-bit cryptographic keys. Knowing this, operation might be as follows:
  1. When camera module is manufactured, crypto chip is written with a master secret 256-bit key known only to RPT.
  2. By design, such keys are write-only, and cannot be read by by a chip-sniffer.
  3. User attempts to use camera module.
  4. RPi code computes a random string.
  5. RPi code knows of master secret key that it wrote to all manufactured camera modules' crypto chips.
  6. RPi code computes message digest of random string using the doled-out master secret key as SHA-256 key.
  7. RPi code challenges crypto chip, over its I2C interface, with random string.
  8. Crypto chip computes message digest of random string using its internalized secret key as SHA-256 key.
  9. Crypto chip reponds to RPi code with message digest.
  10. RPi code compares its own computed message digest with message digest received from crypto chip.
  11. If the two message digests match, proceed to interact with IMX219. If not, do nothing and error-out.
This algorithm would work because it would be exceptionally unlikely that non-RPT camera module is able to generate the correct message digest from the random string using a bogus SHA-256 master key. If you are wondering just how long it would take to circumvent this block-out mechanism, consider: If someone were to buy a dummy chip from Atmel, write it with different bogus master SHA-256 keys, over and over (if that is even possible), and have a script on the RPi try to use the camera, each time, hoping to get lucky on choice of master secret key, you're looking at several billion trillion quadrillion times the age of the Universe, at least.

But this explanation is probably wrong, so please do not conclude that this is what is happening!
Last edited by RareHare on Fri Dec 08, 2017 1:44 am, edited 3 times in total.

mjkirk12
Posts: 2
Joined: Tue Oct 31, 2017 1:50 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Tue Oct 31, 2017 1:59 pm

What Atmel chip is used for this encryption? AT88SCxxyy ?

Can any company apply to be a Pi foundation licensee, pay the Pi Foundation royalties and manufacture the Pi 2.1 camera with the IMX219 and Atmel encryption chip?

Or is this restricted to a limited set of manufacturers of the Pi v2.1 camera module?

mjkirk12
Posts: 2
Joined: Tue Oct 31, 2017 1:50 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Tue Oct 31, 2017 2:10 pm

To follow up, here are the Atmel crypto chip family part numbers:

AT88SC0104C
AT88SC0204C
AT88SC0404C
AT88SC0808C
AT88SC1616C
AT88SC3216C
AT88SC6416C
AT88SC12816C
AT88SC25616C

So the question is which one is used on the Pi v2.1 camera ?

hippy
Posts: 2344
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Tue Oct 31, 2017 3:42 pm

mjkirk12 wrote:
Tue Oct 31, 2017 1:59 pm
What Atmel chip is used for this encryption?
ATSHA204A is reported by a number of sources though I have no idea of the veracity of such claims.

I would suggest anyone thinking of attempting to bypass the encryption of the camera or helping anyone in such a venture makes themselves fully aware of the potential consequences of doing that.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Tue Oct 31, 2017 4:45 pm

mjkirk12 wrote:
Tue Oct 31, 2017 1:59 pm
What Atmel chip is used for this encryption? AT88SCxxyy ?

Can any company apply to be a Pi foundation licensee, pay the Pi Foundation royalties and manufacture the Pi 2.1 camera with the IMX219 and Atmel encryption chip?

Or is this restricted to a limited set of manufacturers of the Pi v2.1 camera module?
We are not intending to increase the number of manufacturers of the camera board, so no, you cannot apply to be a licencee.

Although you could buy the Atmel crypto chip, pre-programmed (because these chips are preprogrammed with the keys specifically for each customer), and build it in to your own 219 based modules. However, that would not be cost effective - i.e. the result would cost more than buying the camera board, so you are unlikely to sell any.

The crypto chip is on there to preserve the Foundations income. We designed it, we built it, we did all the tuning, and we need to make money from our products.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

cpunk
Posts: 76
Joined: Thu Jun 29, 2017 12:39 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Thu Nov 02, 2017 11:12 pm

Thanks for the explanations. :)

I was not intending to ask, but it was enlightening anyway. And sure enough, I understand that having one's camera design copied and then distributed at a significantly undercut price (because there were no design expenses) wouldn't be fair.

I personally like designs that are fully open, and would otherwise complain... but there is the V1 camera which offers a backup option, for those who absolutely need a second source of hardware and are willing to settle with a bit less quality.

bduke
Posts: 6
Joined: Wed Nov 22, 2017 7:21 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Wed Nov 22, 2017 8:00 pm

jamesh wrote:
Tue Oct 31, 2017 4:45 pm
Although you could buy the Atmel crypto chip, pre-programmed (because these chips are preprogrammed with the keys specifically for each customer), and build it in to your own 219 based modules. However, that would not be cost effective - i.e. the result would cost more than buying the camera board, so you are unlikely to sell any.

The crypto chip is on there to preserve the Foundations income. We designed it, we built it, we did all the tuning, and we need to make money from our products.
Hi jamesh,

Thank you for replying in this thread.

We prototyped a vision system using the Raspberry Pi 3 and the v2.1 camera board and the customer was happy with the output.

Because of this, we chose the Pi Compute Module for our custom design to help provide a smoother camera integration. For this design, however, the v2.1 camera PCB is too large for the handheld camera enclosure we need, so we added a direct connection to the IMX219 sensor directly on our custom baseboard (which is using the Compute Module).

This puts us in a bind, because, based on the discussion in this thread, it doesn't sound like this will work with the Compute Module without the crypto chip (and explains why we have not be able to get camera data from the sensor on our prototype baseboards).

Is there any assistance you can provide? Would it be possible to purchase the Atmel crypto chips to your specifications that we could place on our custom board to allow us to talk to the sensor using the current driver? If we purchased the crypto chips through you it would allow us to use our custom enclosure design, simplify our camera integration, and maintain the foundation's intention to preserve its income.

Thank you for your consideration.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Wed Nov 22, 2017 9:36 pm

Hi,

I'll need to talk to the bosses about this one, above my pay grade. I'll get back to you, either here or by PM.

James
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

bduke
Posts: 6
Joined: Wed Nov 22, 2017 7:21 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Wed Nov 22, 2017 10:00 pm

That's great jamesh, thank you! You can DM or email me directly if you have any questions. I'm happy to share more details privately.

Thank you for your time.

paulhothersall
Posts: 25
Joined: Wed Jul 31, 2013 5:55 am

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Thu Nov 23, 2017 2:56 am

I have a similar request, or perhaps something more like having a custom run of the v2.1 boards where the sensor module is properly flat mounted on the board. The current mount method is very variable, and leads to other lens not being able to be used easily.

Then there is the next item of a custom shader for a different lens.

Could I ask what RPT might think for a large lense camera module might cost? such as a M12 or ideally a CS mount with one or more whitelisted lenses

gsh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 1209
Joined: Sat Sep 10, 2011 11:43 am

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Thu Nov 23, 2017 6:39 am

The compute module 'should' not be a problem, we specifically have decided to not apply the licensing condition if you are running on a Compute Module, CM3 or CM3 lite.

Of course as to whether this has actually been tested is another thing, we may have to get someone to check that. If you've got a CM based solution with the 2.1 sensor wired directly and it doesn't work I'll get you in touch with someone who can help. Just PM me and I'll sort you out!

Thanks

Gordon
--
Gordon Hollingworth PhD
Raspberry Pi - Director of Software Engineering

6by9
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 4596
Joined: Wed Dec 04, 2013 11:27 am
Location: ZZ9 Plural Z Alpha, aka just outside Cambridge.

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Thu Nov 23, 2017 7:15 am

I know not requiring the crypto chip on the CM/CM3 was discussed, but I don't believe it is implemented when I last looked at the driver.
Software Engineer at Raspberry Pi Trading. Views expressed are still personal views.
Please don't send PMs asking for support - use the forum.
I'm not interested in doing contracts for bespoke functionality - please don't ask.

ARQuattr
Posts: 3
Joined: Wed Aug 27, 2014 4:09 am

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Wed Dec 06, 2017 9:59 pm

gsh, eby9,
Could you please confirm whether or not the CM3 will work with cameras without the crypto chip, and if so, when that driver is expected to be released? We are developing a product based on the CM3, and want to use a camera with the IMX219 sensor but with auto-focus, so the RPi v2.1 camera board will not work for us. We are not intending to manufacture and sell camera modules; our custom camera board would be integrated into a new product along with the CM3.

If the CM3 driver will also require the crypto chip, can you confirm that we can still purchase and use that chip in the system to satisfy the driver?

As a side question, will an auto-focus camera module work with the existing IMX219 driver? I.e. is the auto-focus feature self-contained within the module so it will work automatically, or does the driver and software need to control it?

Thanks

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Wed Dec 06, 2017 10:09 pm

The intention as I understand it is that the CM3 will not need the crypto chip. However, we have not yet implemented that. I'll try and get this scheduled tomorrow.

The ISP can do autofocus but its not turned on since we do not supply a camera with autofocus. I'l also check tomorrow to see if that can also be turned on programatically.

Have added both issues to our issue tracker so we don't misplace them.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 18192
Joined: Sat Jul 30, 2011 7:41 pm

Re: How to bypass the crypto chip in my raspberry pi camera (v2)

Thu Dec 07, 2017 3:42 pm

OK, created an Crypto/CM3 issue in our github on this, and in fact we are already working on it.

As for the focus thing, these all require very specific drivers that run on the GPU and are therefor not possible for third parties to implement. Not only that they require very specific tuning to the ISP. So basically, this is a no-go for the ISP to do the focusing, so you will need to write those algorithms yourself. i.e. grab images, perhaps bayer, process, adjust focus, try again. Cycle time will much higher that the ISP doing it, but its the only option.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

Return to “Camera board”

Who is online

Users browsing this forum: rkhuttun and 18 guests