Powering the Device and Testing

The device was connected to a DC power supply set to 1.5V and 300 amps in order to power it properly, since it was originally powered with a AAA battery. Each of the input/output wires were taped to the table, and the device was connected to a multimeter, with the ground pin connected to the ground wire soldered to the chip and the voltage pin connected to each of the input/output wires in turn. This verified that, when powered, each I/O wire was receiving data (indicating that data was flowing from the static RAM chip to the CPU), since the multimeter showed a voltage reading (between 0.3 and 0.5v) for each I/O wire.

This confirmed that the device is vulnerable to a hardware man-in-the-middle attack.

Capturing Data

In order to capture data, it was connected to the Saleae Logic 8 analyzer and a Raspberry Pi via a breadboard. 8 of the input/output lines were connected to the logic analyzer, as was the chip's ground wire. The chip's voltage wire was connected to the Raspberry Pi. However, it was determined that the Logic 8 only reads voltages of 1.2v or higher as high (or 1), so it ended up not capturing any data flowing on its digital lines (though we did see some data flow on the analog lines, which confirmed that the setup was otherwise functional).

In order to fix this issue, we ordered a voltage booster that will convert the voltage of 0.3-0.5 coming from the I/O wires to a higher voltage that the logic analyzer can read.