 Heute geht es um Hardware Trojaner in Security Chips. Das Gespräch ist um Hardware Trojaner in Security Chips, also nicht die Software-Kind Trojaner, die die Polizei benutzt. Die Leute neben mir, Peter und Markus, haben seit mehreren Jahren been researching for years on smart cards and both work for Infineon, but they're here on the private notice. Okay, welcome, though. Ja, vielen Dank und herzlichen Glückwunsch. And welcome to our talk on Hardware Trojaner in Security Chips. As promised, we immediately go to the dark side. We first want to introduce ourselves. Thank you for the introduction. We have been active in this area since 1989. We've been working on chip cards. We started in Brunsputl, a small city pretty close to here, on the German telephone card. It was pretty new and we always wanted to know what happens with all the gold wires in the card. Hardware, the credits stored on the card. Around 1991, so two years later, we have held our first talk on the CCC. This was a lot smaller than here, but it was already a lot of fun. In our studies in university, he was in Hamburg, I was in Kiel. We continued working on this topic and we found one or two leaks and we've been researching on that topic ever since. As already announced, we are still working in that area professionally. Among others at a semiconductor manufacturer called Infingen, but we still do private research. At the moment, we're interested in the surplus market for equipment, which we do research and also try to manufacture strong tools. And now we start with the next subject, the hardware trojans. Hardware trojans are well known. Everybody knows about them, so we want to talk more about the hardware trojans. They are usually overlooked, especially in the literature and also in the public. Hardware trojans also have two aims. The first is to exfiltrate data and also to infiltrate things. Exfiltrate is something everybody thinks about. So if you have a software trojan and he wants to have credit card numbers, so he wants to get them out of the system or also the bundes trojan who export private data into the systems of the police. There are also other things that might be exfiltrated. For example, cryptographical keys, when you have encrypted data news on the system and you poach them, you may want to look at the key on the chip to decrypt the data afterwards. Or even worse, the seeds for random number generators. Nowadays random numbers are not really random. They are not really purely random, but they are used with seed numbers and huge run pseudo random number generators with that. If you know the pseudo random number generator and the seed value, you will know which is the next random number. And that can be used to harm encryption. And otherwise it can also be software if you want to exfiltrate code and run code down on them. So, something that is not looked at more often is infiltration. So a trojan infiltrates a system that is reasonably well known in software, so to introduce malware is something a trojan may be used for. But also other data or parameters can be infiltrated. Wrong parameters for industrial computers are well known bad security values. If a system uses an encryption method that is known for the attacker, that's also interesting. And furthermore, there are also ethical problems about that. The compromise, the date, the evidence against a company or a person might be also put onto the systems. And people who use the system or maybe cross a border with it might get real big problems about that. Also in exfiltrate trojans there are also the words backdoor and backdoor. So sometimes they are mixed ups, so here we want to talk about those words, what they are about. You can always think about them as on the historical background of the trojan horse. So it's a vehicle with a payload. So the door opens, the soldiers go in and the users get the door into their system like, hey cool, it's a free app, it's a free horse in this case. And once it's inside the city or the system, the payload turns off the security features or the guards and then opens the door for the rest of the army. And that's the backdoor. The trojan horse moves and controls the backdoor. So that was the real use of it. But nowadays it's often misused, so we won't be that strong about it. Another word is the backdoor, coming from bug and door. It's just bad programming. For example, backdoors in a software that have been used by a developer to do changes, but they have never been removed. There are many of those. There is another question. Where can those trojas or backdoors be found? Where are they from? The most important thing about them is that trojas always work in the system. The system is where the trojas do their work, no matter where they are from. Sometimes they even switch their places. The system always or the systems we talk about is always made up by software and hardware. The programming of a TRI is quite simple. Everybody who knows something about programming is able to write a TRI. It's not that hard to implement it. However, there is also a disadvantage. They are usually easy to find. Everybody who can disassemble the software and try to understand the software, he will notice that something is wrong there. And once he finds that, he can really, relatively simple, prove what the TRI is actually doing. So, there are works and papers about how to find out what trojas do and how they work. Other hardware trojas are different. Not only the hardware is changed, but also the software is changed, but also the hardware itself. For example, the chip is changed. The functionality of a chip is different and to implement it. It's really hard. It's quite expensive. And it's not that easy to hide compared to others in the development of those devices. But on the other hand, the attacker has advantages. For example, the identification is really quite hard. If you have a hardware trojan and really want to identify it, you have to usually reverse engineer a chip and look at the chip really carefully. And even if you do that, sometimes the question is a certain hardware function. What does it really do? Is it responsive? Or is it maybe just a sleeping functionality that has never been used and will never be used? And therefore the proof is quite complicated. So, when we want to look at how hard it is to create a hardware trojan, we have to first of all look at how these chips are created. Once you know how these chips are created, you can look at where you can put in a trojan. So, hier basically how the chip is created. And the left one begins with the hardware description language, in this case VHDL. VHDL is a programming language, like for software, however you write directly hardware, like a program. And it has the function, what the hardware should do, maybe a CPU. If you've used an FPGA, you know that quite well. Once the VHDL, when the code is ready, you put it like software code into a compiler, and the compiler creates a layout. All the functionalities are connected with each other, like a normal layout for a PCB. Oh, that's the second step, sorry. It's first compiled and then turned into a layout. And the layout shows how it's all connected. And that's what's similar to a printed circuit board. The different colors are metal lines of different layers. Once you're there and you really want to create a chip, you have to create it into an optical system. You see some masks here. Masks are quartz glass slides, and on these quartz glass slides, Chrome is put on, and there are small structures inside of it. And that's an optical mask to create the single layers of a chip in a raw solaceum crystal. You need a dozen of cell masks. And when you've used them one after the other, you create the wafer, and on the wafer there are all the chips, and you only have to solve that apart or use lasers to take it apart to get these simple single chips. It's of course the question, where's the Trojan hidden? That means we see here that there are way more steps to create the software, the hardware instead of the software. So, there are way more possibilities to implement the Trojan. So, and it's really the possibility that you can implement a Trojan in every step of the process. You can implement in VHDL, in Layout, or in the Mask. So, what can you do in the Layout? In VHDL, there's the function written out. So, I can just add a couple of lines of code to add the Trojan functionality. That means that Trojan can be directly implemented in VHDL. It can be directly implemented and then be moved into the Layout in the Mask and then in the hardware part. You see the implementation is pretty easy in that step, but also, it's pretty easy to find if you review the code, if you look at the functions and what the code is actually doing. So, pretty much everybody will find it. And on top of that, the VHDL code is being processed and reviewed by a bunch of people and so the chance increases that it's going to be found. So, if you now write a VHDL code without a Trojan, then you can add in the step of the Layout the Trojan. You see in the sample the electrical wire-up in the different colors and with a special layout program, we can move the electrical connections and add new elements to it and change the alignment the wire-up so a Trojan is implemented. By looking at this, you see it's a lot harder to implement a Trojan on this step because you have to change a lot of parts and it's nothing, you do something like on the side and we just add a couple lines of code. It's a really hard work and you have to work a lot. The advantage of that is that you have a really small chance that somebody will discover it because who looks at the layout. So, when you form from the layout to the mask, you can also add in the mask a Trojan. So, when you add structures on the mask, which are going to build the product, you can add a couple of things that implement a Trojan. You can use ... This, of course, is a bit of a problem. But you can't just scratch the code into the mask. What you have to do is you basically have to create them from scratch and seeing that, it's obviously a lot harder than it was in the step before and you cannot just change the code. You also need the tools to actually create this. So, still the detection of the Trojan is actually a lot harder. It's pretty hard to actually check the mask itself. You have to verify by comparing it with the layout and what would be generated from that and hope that it hasn't changed in the meantime. So, yeah, the detection is actually pretty hard. So, this concludes the methods of how to implement the Trojan in hardware. But you can also see the detection is only normally or in the usual case, easy, middle or hard. Because there are certain situations that we call the Snake Oil cases where introducing a Trojan is harder or easier or rather easy to introduce and hard to detect. Snake Oil is something that is praised as having good characteristics that could have a dangerous side effect that you can't really see through and you put this in good-wittingly, hoping that it has some good-natured effect, but you cannot oversee the side effects. Maybe these features also have very small side effects in the process of production. So, let's have a look at what happens if you add it at the very beginning of the process. Let's say that this VHDL code is not short but rather pretty complex and where you add a piece that you cannot really see through. So, obviously, you can just read. Of course, it's a lot easier here to just add new functionality that you wouldn't expect. So, obviously, the detection, given the complexity of the code, is also a lot harder. Is this only theory? Well, from software world, we know the white box topography. This already uses the most complex software code you can have in order to hide cryptocurrency keys in a piece of software. And you try to hide them in the best way possible using white box topography. The codes in there are so complex that you can't really understand them anymore. So, if we transfer this to the hardware, this might also be possible. What if the VHDL code is a lot more complex than we basically show it? Looking through these complex functions is, of course, harder. And therefore, it's easier to introduce Trojans that are harder to detect. Even if it's not at the very beginning of the processing chain, but rather later, they can still make it easier to introduce it. So, that you can make changes later. Maybe they just helped with the introduction. Let's say we have a snake oil feature being put into the VHDL code that is supposed to make the chip safer. But maybe it actually, in reality, helps with adding a new mask set to compromise the chip in a way that you can control them easily. What could this look like? Well, a practical example would be the physically-unclonable functions. They have a high risk of being manipulated with the physically-unclonable functions with the SRAM physically-unclonable functions that uses internal memory. It could, when turning on, make some of the cells tend to flip their content to zero or to one. So, it would do the same thing on every booting of the system. And you have a reproducible pattern. And you can try to deduce cryptocraftical keys from this behavior. This is easily manipulatable if you add a mask in the manufacturing process. You can change the SRAM bytes with their special math. So, they manipulate the probability that they flip to zero or one. And the change is that I know what is more likely, and somebody that looks at the chip and doesn't know that I manipulated doesn't know about it. And that shows how complicated it is to find such Trojans. A similar method is called camouflage chip designs. It's not a normal cell. It's a logical element in the layout. It's built into the layout and can be defined later on in the process. The same is with the programming. If the programming just happens in the last step with the mask, you can later on add another mask and change the usability of how the chip works so that your Trojan is inside of there. So, next to the normal ways you can implement a Trojan into a chip. Many more exist, like the snake-all-features break the introduction significantly easier and sometimes they're really hard to detect. Sometimes you think, hey, the hardware Trojan sometimes has to communicate with the outside world. Well, we see there are many, many actors that can be used to communicate. For example, in protocols or in side-channels that might usually extend to side-channel attacks purposefully exports information. Otherwise, it might be chip modifications so physically change the chip or fault introductions. These many ways the back doors can be used or started as quite interesting as we'll talk about a few of them. So, here we have we chose some examples that are publicated because we don't want to hint the security services on these new information, but we want to show you how these protocols can be misused to exfiltrate data. The best known you also know by software Trojans is to undocumented Orders are accepted or a general key is integrated. By that the data of the code cannot be isn't that secure. Another method well known from the software way is bad cryptographic algorithm so they know which back doors are chosen and how to choose that cryptography how to attack them so he knows how to extract the secret keys and knows how to read the internal data. Another scenario which has not been communicated that well is watermarking. Watermarking everybody knows for example from videos or images or audio files when they are transmitted it says where the file is from but what happens if the chip exfiltrates a large amount of data and watermarking adds additional information in the output if anybody who does not know how to get this data out of it will never find out whether the normal data or maybe there are a few chips changed bits changed inside of it of which information is exfiltrated from the chip and especially this knowledge is what's changed by side channel attacks for example if I look at the power profile or the electromagnetic emissions I can simply see yes that chip looks pretty random oh that looks like maybe that's due to the functionality however somebody who has implemented this bake door specifically knows that at certain times the power usage of the electromagnetic field has to be locked at and figures out how the informations can be seen for example the amplitude how much power was used or how much electromagnetic fields was emitted so it's quite hard to see to notice that there is additional information even more complicated is with light emissions you might know that if a transistor chain switched 10 to 1000 times also a photon is created an infrared photon and you can measure it or recorded with special cameras so where is activity in a chip where are there a lot of transistors that switch however if you have a special bake door you could manipulate an element that it sends photons more often or more interesting exactly at which point where is the transistor that I have to look at and more information like with a torch the data outside genauso messen kann man the same way you can measure the signal level on different lines maybe you have listened at our two hour chip 25 years chip art attacks with an electronic raster microscope you can read the signals on different lines so if you look at the complete chip there are a lot of signals on different lines but someone who may use this line specifically may have put a line in an upper layer and he knows all the significant data runs through this one line and he can read all the data on this line and with an electron beam and he can that by exotrate all the data is that even the temperature can be used here there is also new sources that at a multi core system at one chip, at one processor there is a lot of work and the work on the other core is changed or influenced there is even a publication where two PCs run next to one another at one PC there is a lot of calculation and at the other internal temperature sensor is monitored and you can see without having contact to the other moved data of course that's really really slow because the temperature changes really slow you may get a couple of bits per second however even so some such channels like that can be used even more interesting are manipulating backdoors who doesn't know that in a chip if you look at it maybe they are not just the connected pins but even additional contacts in the data sheet it just says NC or non connected for future use and nobody knows what's behind them if they are really not connected or maybe a future functionality maybe a debug method or other functionalities you can communicate with a chip over and those contacts and not only those contacts can be used but also in the implementation you might create a special line on the chip and with a laser beam that can also be bought on a used hardware market quite cheaply you can enable the additional functionality and suddenly only after the manipulation after the physical manipulation the chip can be communicated with and even memory cells like the RAM we just talked about the physical and controllable functions can be used by ion implementation or changed ion implementation or changed the functionality of the chip and the last case error induction can also be used to communicate with the drawing through the backdoor and give him information so all you could turn on shine a laser on different functions or in different elements and in the end it's just a solar cell so the laser creates a small amount of power in the chip and switch something on or off you just cannot connect to this functionality from the outside without knowing the laser to what is known widely is that memory is added with safety features when you download something on a microcontroller a safety bit is set and so it is meant that you can't get the information out of the memory chip now if you're the designer you may be now where you can shine the ultraviolet light to deactivate the safety bit and then access the backdoor it's possible that this is actually a backdoor so just bad design or just a mishap but it could also be on purpose as a backdoor so the designer knows exactly in this particular piece of data I have to delete this particular cell and memory with UV light in order to get the data out very interesting but also pretty complicated issue is the random number generation they are used for securing cryptographic functions and it needs randomness it needs to randomize the behavior of the algorithm but of course this can't work if from the outside you can influence the way this random number generator works or if you can actually set particular values it's possible for example that if you put on an electromagnetic field or radio frequency there's the internal random number generation that you can have particular values as output or just have at least predictable numbers there's if someone knows exactly how this backdoor works then you can just use it to defeat the randomness and therefore have predictable random numbers we know that often they introduce sensors they're meant to help against certain things like detecting light radiation or similar things and they just cover the whole spectrum and the whole space around the object and not just part of it where it's so that you have a blind spot where you cannot detect what is going on this could be used in order to have implantation of errors and particular values you can already see around the topic of backdoors there's a lot of different methods that you can use to implement them in hardware a lot more than you can have in the software there's different ways of communicating different ways of getting data out implementing them especially grave problem is the interfaces for analysis or debugging they're actually meant to do some analysis on the hardware for example here there's a backdoor or an interface for detecting how the hard drive is broken or if it's broken anyway maybe you can fix it by flashing a new firmware but obviously you can misuse it in order to get data directly out or adding firmware adding Trojans into the firmware even bigger is the area of the JTAG ports that you have on a lot of devices in that are usually not secured in any way for example here you have a wireless LAN router where you can just flash a new firmware with a Trojan onto the board by using the JTAG if you think a little further what happens if you have a security chip like a TPM module or something and you have a JTAG interface of course if the chip actually fails then you can try to repair it or at least get back the data that I put in but obviously that's exactly what you wouldn't want a security chip should please keep the data safe and not just accessible again on the port so especially on security chips analysis interfaces especially JTAG ports are a really bad idea so we now show you how you can actually have this implemented on an easy to understand example this is a small kind of telescopic a device in a door you can have a look through it and see who is on the outside before you open the door you look through it and you see do you know the person or not so obviously this is a good thing to have but you can also be abused for example in the fourth picture if you put on a special kind of optic device you see a very small point but rather because of this optics you use you can actually spy into the whole room behind it who is in the flat who is there is there someone what does it look like this is a good example or at least we make so how a pretty well meant feature could actually be used as a backdoor in the 90s end of the 90s it was pretty clear that some time after the software trojans the hardware trojans would come and during that time we already made a or collected some ideas of what you could do in order to minimize the risk and prevent them from happening we tried to prove the hardware to make it safe in order to get closer to the actual issues we tried to think about what are the reasons that you would want to put this in for and is it on purpose or not and we have four categories the first one is malicious intent you see on the first picture when you have malicious intent you first think about sabotage blackmail political motives for example system is already in the field and the manufacturer is being blackmailed with a certain command you could just make them fair or something but it could also be political motives like for example a dictator wants to take a closer look at his subjects and just monitor their communication in order to do that he would introduce the Trojan on the other side of the spectrum you have the the good intent they still do it on purpose we already think about service interfaces debugging maybe even customer support for example customer support asking you do you want this stuff to be repaired for you or maybe we can get your data out of course also here there is political intent of course now we have to replace the mean dictator by maybe a good monarch who wants to protect his citizenship then we have two more categories they are not on purpose or there is no active non purpose we call them ignorance and idiocy we separated them on purpose with the ignorance the intention or the the consequences are at least partially known when you're doing the design it could be for example you're being pressed for time and you don't have the time to just take the debugging interface out you know that it's not secured but you don't have the time so you just leave it in yeah well of course you try to rationalize it for yourself then it's not gonna be that bad you just leave it in or someone tells you that you have to do it and you just don't think about it you don't speak up but you just trust the person who says leave it in idiocy we used a pretty harsh word for it we just wanted to make clear we call it subjects no functional idiocy the systems we build these days are pretty complex and there is in part in hundreds and more than hundreds of languages that work together and no one knows quite exactly how they all work together and how the cocks fit in the system it's often not known and there's blind spots and we have already shown ways pretty good idea actually has really bad we do about that and here we also looked at some three categories so first to talk communicate it with a to force them externally or internally and here with the green and gray sides you can see how helpful they are the first one is is the teaching it really it helps with stupidity and ignorance but against bad intentions it doesn't help at all if you say someone hey that's a really bad idea to do that at the company and if the sebertor will put it in but that's really important the technology technological purposes is independent of what the attacker wants it makes it harder to implement backdoors and choice generally but on the left and the right side we did not put it there completely because those two are with intention look at which technological measures are used and tries to figure out how to circumvent those security features and in the last case the the to require them to do it properly internally or externally or everybody himself and they are quite differently important and it sometimes works more or less good but here some more information about the possibilities what can everybody do who is in part of one of these areas of the implementation or the analyzing or the testing so first teach them teach them about the technical features security should always be a feature Debugs interfaces are not good for security chips, they mustn't be used not for your own development or error checking they don't fit in and last but not least developers usually don't think like hackers they are constructive and that means that usually your own results and you look at them and you really trust them and an attack or security or pentrest is assumed as an attack on the own person everybody who works in the IT security area knows that that you have to create a constructive atmosphere where you work to the betterment of the product political aspects are also an aspect here the Frankenstein effect if you actually have a try in the praxis it's uncontrollable you don't know what's going to happen about it who's going to use it and sometimes it's even about the person who really is it in political in the history book we see that situations can change in this case it's not that important in one country but if it's sold in different countries maybe one of those might get a different leader in the next month or years and furthermore there are the ethical aspects vectors can bring people in deadly danger if you think about compromise where someone with top secret information they have on their keys and they're thereby connected stopped at the border and that's a real problem and as always the rush hell is paved with good intentions so there are some technological help against triumphs and backdraws so first of all don't use technologies that may be used within backdraws if you notice them or if you notice that technology uses it that might be used for backdraws don't use it in security chips furthermore the design must be chosen in such a way that changes appear if someone changes something it will be noticed that something is wrong because the changes that have to be done are larger than what you normally would have with their snake oil in the design there are similar things about technological about technology there are also two other options first of all self test of chips and furthermore the recognition of the chips is manufactured with a self-tip test it might be reasonably helpful so a chip before there was a really critical chip and there runs a test operation and checks whether everything is alright where the chip is not the the keys are not changed and after all these chips the tests are run the chip only after all this checks are done the chip will do its own the security relevant thing but these might be also interfered by an internal person but that makes it much more important and you may need more people which is also always a problem with the finding by looking at them afterwards we are more skeptical sometimes others have too looked at it and they looked at maybe the power consumption curves of the chip but you have to be really careful about that usually the spectros are created in such a way that they are not always active and furthermore especially with security chips and security hardware the power consumption is chosen randomly to reduce the chance of power analysis attacks therefore the recognizing to recognize manipulation on a ready chip is really hard there is another option and its also creative is to make everybody sign that they will not create a backdoor for example nowadays we see that people who want to create such a chip look at who creates them what history they may have who owns the company where is the main seat of the company located how can other parties influence these companies and its really good to see that furthermore laws and rules the data protection laws are quite nice but who controls them and who looks that everything is done according to those laws and you have to check with the reality where are they value in space or in a different country and furthermore the self thats all that bad the company that creates the chips promises not to create backdoors and trojans what happens there is that there is an additional problem if the chip creator although he promises not to change it to implement backdoors it will have negative consequences for him and that additional risk economical risk is that the developer himself in the development processes will look at it more closely that no backdoors are created or just happen so the tests might be better or the evaluations are better so the influence its harder to influence it so thats all good but why should the creator go to a start risk but nowadays even there the situation changes it changes slowly the developer the manufacturers who go ahead with that sometimes have more chip cells but of course there is always the question what produces and manufacturers are doing that and we are hoping to commit to that cause so we come to the end of our presentation we have a couple of book recommendations and literature recommendations we here have a couple books from 1991 from computers and trojans where there is talk about trojans and the concepts of them and there is also one in december where everybody can check out who got the time with that we want to wish you lots of fun for your own research and we are open for questions and tomorrow we gonna be at our assembly and everybody that wants to come by and talk with us we are open to it thank you a lot thank you a lot you here there are a couple of minutes to ask your questions please line up at the microphones everyone that leaves please be quiet are there any questions there is one ah dort hinten erkenne ich jemanden an microphone 3 ok so i wanna ask you can secure software really really good ah islands are there any movements or Programmes important for the hardware level ja, of course, there is an attempt to see if there is a non intentional feature and there is different answers but to be fair Es ist ziemlich schwer, das ganze Prozess komplett zu sein, wie wir es bereits gesehen haben, während des Produktionsprozesses am Ende, während des Masken-Setzes, wo man nur den Masken oder den finisheden Produkt checken kann. Das ist ziemlich schwer. Es ist sehr schwer, um tatsächlich zu versuchen und zu verstehen, ob das die Intention ist. Ja, es gibt verschiedene Antworten, aber ich glaube, es ist klar, dass das alles komplett ist. Mikrofon hier, bitte. Mikrofon 4, bitte. Hey. Ich habe die Frage, was die Arbeit, das du musst, wenn du ein Masken-Setz-Prozess in der Applikation willst, was ein Single-Developer hat, zu machen. In meiner Imagination ist es wirklich, wenn du einen Masken-Setz-Prozess, eine andere Struktur, in zwei verschiedene Lasern, dass du, wenn du etwas kreierst, in deinem Masken, das du anderen Lasern effizienterst. Ja, also, als Antwort, vielleicht, bei der Vermeidung der Trojaner, wenn es um die Masken geht, dann musst du das Masken, das Haragetz, das mehr Effort, das du in musst, und natürlich, wenn du es in das VHTL, in dem Anfang, und das ist sehr leicht. Danach, wenn du in das Produktion-Prozess, das Haragetz, und das Tricky-Bit ist, dass du die Technologien, die es leicht machen musst, mit dem Design zu tampern. Zum Beispiel, dass du das auch nicht mehr benutzt. Die Ramsel nicht wirklich zu spüren, wenn die Verbraucher des Lasers etwas stärker oder etwas weicher ist. Sie arbeiten einfach. Zum Beispiel, wenn du das physisch- und unklarnable Funktionen benutzt und etwas von der Erinnerung von der Lassung benutzt, wenn jemand das manipuliert hat. Du wirst nicht das bemerken, dass jemand das manipuliert hat, aber wenn etwas Wichtige ist, was das Chip eigentlich in das benutzt, und das nie falsch geht, dann ist es wirklich schwer. Also, für einen Start ist es wirklich wichtig, für alles, was es leichter macht, um sie in die Hand zu bringen. Aber, wenn du die wrongen Technologien benutzt, dann ist es leichter. Und das ist das reale Problem. Okay, wir haben die letzte Frage von der Internet, die Frage ist, ob du eigentlich evtl. Trojans, die als Trojan und nicht als Debuginterface implementiert haben? Ja, es gibt mehrere Exzellen, wo z.B. die Hardware-Random-Number-Generators mitgegeben sind. Und die Random-Number war nicht random, aber es könnte nicht beinflusst werden. Und, ja, es gibt real-world-Exzellen, bei denen es gebraucht ist. Sind da Names für diese? Nein Dialogs, bitte. Vielen Dank. Vielen Dank. Du kannst applaudieren, aber wir haben keine Fragen mehr. Du hast auf Hardware-Trojan gehört.