BQ20Z65 SHA-1 feature: what happens if someone tries to break in?

Bernhard Krämer

Other Parts Discussed in Thread: BQ20Z65, BQ20Z65-R1, BQ20Z60-R1

I am constructing a battery that I'd like to protect using BQ20Z65's built-in SHA-1 encryption.

The question is: When someone wants to find out the right key in order to gain full access over the BQ20Z65, he would probably try out a lot of different keys. What happens if he enters a couple of wrong keys in a row? Will there be a certain time out until he can try again? I like to find out the probability that someone makes it to crack both 32 bit keys.

over 13 years ago

0 Patrick Rayero over 13 years ago

Intellectual 290 points

Hi Bernhard

See on page 65 of the Tech Ref,

A.1.2.14 Unseal Device (UnsealKey)

Instructs the bq20z60-R1/bq20z65-R1 to enable access to the SBS functions and data flash space and

clear the [SS] flag. This two-step command must be written to ManufacturerAccess in the following order:

first word of the UnSealKey first, followed by the second word of the UnSealKey. If the command fails, 4

seconds must pass before the command can be reissued. This command is only available when the bq20z60-R1/bq20z65-R1 is in Sealed mode.

So I think it's not impossible that someone could (e.g. a battery counterfeiter) hack the password for the Unsealed mode, but unlikely as also when hacking 100 battery packs in parallel it would need a lot of time.

All the best,

Patrick

0 Jason Battle over 13 years ago

TI__Prodigy 515 points

Hi Bernhard,

The bq20z65 will force a 4-second timeout between access attempts. Also, just a clarification, the unseal and full access security modes are each protected by a 32-bit key but the SHA-1 authentication function uses a 16-byte key. Authentication is the host checking the identity of the pack. Unseal and Full Access are the pack checking the identity of the host.

Power management

Power management forum

BQ20Z65 SHA-1 feature: what happens if someone tries to break in?