Bank Token Teardown

My hardware token ran out of battery recently. Before throwing it out, I opened it up to remove the battery so I can dispose of it separately. I decided to take the opportunity to sneak a quick peek into the insides of the token.

image

The model number etched on the circuit board indicates that it is Vasco DigiPass 270 Rev 4.3 and it is powered by a CR2016 battery. After some tracing, we can see that almost all traces lead to the secure element which is covered with black epoxy resin, possibly to deter reverse engineering. The secure element handles the input from the keypad, performs the calculations and outputs the results on the LCD screen. The token is a time based OTP as evidenced from the presence of the quartz crystal.

image

Also of interest is the positioning of those tiny holes on the orange plastic backing. They correspond perfectly with the position of the testpads which I believe are for programming the device and for providing power. It gives a clue into the manufacturing process. The circuit board is probably already affixed onto the plastic backing at the time of programming and probes are inserted through those tiny holes to program the device.

Fascinating indeed.