Recon 2017 Brussels - Breaking Code Read Protection on the NXP LPC-family Microcontrollers скачать в хорошем качестве

Recon 2017 Brussels - Breaking Code Read Protection on the NXP LPC-family Microcontrollers

A look at bypassing the Code Read Protection in the NXP LPC family of ARM microcontrollers. This is an example of one of the simple security features found in common microcontrollers, and how it is easily bypassed. The Code Read Protection (CRP) is implemented in bootloader software and can be easily read and disassembled, showing the fragility of the CRP mechanism. This talk describes the path to exploiting the bootloader software, developing and using a simple glitcher. A glitcher is designed, the chip is tested for vulnerability to glitch, and an attack is formulated to disable CRP and enable readout of FLASH contents. As glitch attacks go, this is a simple and ‘beginner-level’ attack which should be easily reproducible. The talk will include hardware and software design, including schematics and source code, for a glitcher able to bypass CRP. Chris Gerlinsky is a Canadian hacker on Vancouver Island whose interest in computers led to his introduction to pay TV security systems twenty years ago. From bulletin boards and analog TV scrambling to smartcards and SOCs, Chris wants to disassemble it all to see how it works.