Bypassing CRP on Microcontrollers by Andrew Tierney скачать в хорошем качестве

Bypassing CRP on Microcontrollers by Andrew Tierney

Abstract: Bypassing security controls on microcontrollers - reading flash and seeing secrets Talk outline: Nearly all microcontrollers with embedded flash memory have a form of "code readout protection" (broadly termed CRP) to prevent adversaries recovering code, keys or other confidential material. Different microcontrollers use different mechanisms to prevent code readout, with widely varying efficacy. We already know that software will always contain bugs, but the same is true of silicon. What we have learnt over the last ten years is that many CRP mechanisms can be bypassed, allowing access to flash memory. A device cannot rely entirely on CRP to provide secrecy. We're going to cover a range of attacks against devices, showing you the concepts that can be used to allow you to bypass these controls: PIC18FXX2/XX8 bypass ("Heart of Darkness" attack) - the PIC18FXX2/XX8 series allows the flash to be divided into blocks, each of which can have readout protection enabled. It is however possible to erase one block, write code to this block, and then run it. The code can access the other flash blocks, allowing them to be read out of the serial port. PIC18F1320 bypass - the PIC18F1320 uses a series of fuses to prevent code readout. These fuses are distinct to the flash memory, and special techniques can be used to reset them using UV light. The code can then be readout conventionally. STM32F0 bypass (readout protection level 1). The STM32F0 provides 2 levels of readout protection. In level 1, it is still possible to connect via JTAG, but this halts the processor and prevents flash being read. It is still possible to read SRAM. If the processor carries out any operation over the entire flash memory - such as a CRC integrity check - it is possible to perform a "cold boot stepping" attack, where small parts of the flash are read out from SRAM piece by piece. Several other chips, including the common EM359x series are also vulnerable. NXP LCP bypass - some of the NXP LCP processors use a serial bootloader that performs a naive check on flash memory to determine if code readout protection is enabled. Using a technique called "clock glitching" it is possible to bypass this check, allowing the flash to be readout. nRF51822 bypass - the nRF51822 contains an ARM Cortex-M0. Code readout protection disables direct access to the flash or RAM through the SWD interface. It is still possible to step through instructions and view register content. By carefully choosing an instruction that reads a given memory address into a register, it is possible to readout the code. The same technique works on several other processors using the Cortex-M0 Some live demos will be performed! Some reasonable desk lights, a desk, and power would be helpful We hope to convince you that firmware secrecy using CRP is not a strong layer of security and cannot be relied upon. Speaker Bio: Andrew Tierney (cybergibbons) - full time hardware security consultant, breaking IoT for the last 5 years, and now trying to move to fixing IoT.