We have discovered vulnerabilities in EEPROMS (Electric Erasable Programmable Read Only Memory) and Flash Memories which are used in a vast variety of security devices like electronic locks, alarms and mobile communication systems.
By manipulating the forced erasing/writing of bytes and instead brute force them into building blocks to read them out from there without erasing and rewriting the integral structure. Therefor no signs are left behind.
The vulnerability, especially of electronic safe locks is a very critical issue. We were successful of accessing the information stored inside the lock/safe/vault/door, from the outside keypad years ago and since then we haven't seen anyone being able to duplicate that.
As you might know, the data memory is not directly mapped in the register file space, but is indirectly addressed through special function registers. The registers which read and write this memory hold different kind of data.
However, there are conditions when the device may not want to write/read data EEPROM memory. Various mechanisms have been built in to protect against spurious entry.
When the device is code protected, the CPU is reading/writing data to the data EEPROM.
We have been able to manipulate a vast majority of devices which probably cover more then 70% of todays electronic security market.
Due to the sensitivity of this issue, knowledge and results of our findings are just shared with government institutions.