eToken R1 Private Information Extraction

Aladdin Knowledge Systems' eToken is a portable USB authentication device providing access control for digital assets. By using any industry-standard device programmer to modify the unprotected external memory, the user PIN can be changed back to the default PIN. The attack requires physical access to the device circuit board and will allow all private information to be read from the device without knowing the PIN number of the legitimate user.
Aladdin states that version R1 (also known as 3.3.3.x) of their eToken is a demo and "proof-of-concept" product and was never released.
Platforms: Aladdin eToken USB Key R1 Severity: An attacker can access all private information stored on the hardware token device without knowing the PIN number of the legitimate user.
<a href="https://grandideastudio.com/media/etoken_sa.txt">Security Advisory: eToken Private Information Extraction and Physical Attack</a> (CVE-2000-0427)
Heimlich is a data extraction program for the Aladdin Knowledge Systems' eToken R1 (3.3.3.x) USB authentication tokens. It allows quick extraction of all private, public, and configuration data from the key after a successful login using the default PIN.
Platforms: Win 98
<a href="https://www.grandideastudio.com/media/heimlich_tool.zip">Tool: Heimlich</a>
Originally published as an @stake Security Advisory.