Welcome to Scribd!

Skip carousel

RECON-BRX-2017-Breaking CRP On NXP LPC Microcontrollers Slides

Uploaded by

paul

0% found this document useful (0 votes)

322 views57 pages

RECON-BRX-2017-Breaking CRP on NXP LPC Microcontrollers Slides

Original Title

RECON-BRX-2017-Breaking CRP on NXP LPC Microcontrollers Slides

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

RECON-BRX-2017-Breaking CRP on NXP LPC Microcontrollers Slides

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

322 views57 pages

RECON-BRX-2017-Breaking CRP On NXP LPC Microcontrollers Slides

Uploaded by

paul

RECON-BRX-2017-Breaking CRP on NXP LPC Microcontrollers Slides

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 57

Search inside document

Breaking Code Read Protection on the NXP LPC-family Microcontrollers

Chris Gerlinsky
@akacastor
chris@pdrnorth.com
Source:
http://www.nxp.com/products/microcontrollers-and-processors/arm-processors/lpc-cortex-m-mcus
Source: LPC1343 User Manual
Source: LPC1343 User Manual
Source: LPC1343 User Manual
Values at FLASH:02FC that enable Code Read Protection: 0x12345678 CRP1
0x87654321 CRP2
0x43218765 CRP3
0x4E697370 NO_ISP

4 possible 32-bit words

Values at FLASH:02FC that disable Code Read Protection: 0xFFFFFFFF

0x00000000
0xABCDEF12
0x12345679
0x87654320
0x53218765
0x4E687370
...
4,294,967,292 possible 32-bit words
Source: LPC1343 User Manual
Useful tools and links:

lpc21isp software to program LPC-family microcontrollers using ISP

http://eleceng.dit.ie/frank/arm/BareMetalLPC812/index.html
http://eleceng.dit.ie/frank/arm/BareMetalLPC812/serial.tar.gz

http://eleceng.dit.ie/frank/arm/BareMetalLPC1114/index.html

git://gnudd.com/cortex-m3.git http://www.gnudd.com/wd/cortex-m3.pdf

https://www.olimex.com/Products/ARM/NXP/LPC-P2148/

http://siwawi.bauing.uni-kl.de/avr_projects/arm_projects/lpc2k_bundle_port/
lpc213x_lpc214x_examples_20061205.zip
LPC812
Volage measured across 10 ohm resistor
in series with GND

Reset and start bootloader

Reset and start application

LPC812
Volage measured across 10 ohm resistor
in series with GND

Reset and start bootloader

Reset and start application

Video: https://youtu.be/PoXMVWch1dM
Video: https://youtu.be/a_rlakXJwck
Source: MAX4619 datasheet
Source: MAX4619 datasheet
LPC812

Xmega-A1 Xplained

10 ohm resistor
in series with
LPC812 GND

MAX4619
Input from adjustable power supply
red = normal voltage level
green = glitched voltage level
white = ground

Target chip Vdd

Target chip GND

Assembler code generated by GCC

a=0

decrement b

increment a

check if a < NUM_GLITCH_LOOPS

Video: https://youtu.be/gr_qiN5DDqo
Video: https://youtu.be/kEG-djZCsUc

Video: https://youtu.be/r8-1TAQS49c
Loop executes normally (no glitch)
a: 00000010
b: 00000000

a: 50030008
b: 0000000e

a: 00000010
b: fffffff1

a: 00000010
b: fffffff2
Video: https://youtu.be/ZNo9O94isHU

Video: https://youtu.be/IJWCpp7jgcs
Loop executes normally (no glitch)
a: 00000010
b: 00000000

a: 00000010
b: fffffffc

a: 50030009
b: 00000009

a: 00000021
b: 100003fc
Video: https://youtu.be/qLsVhVi2Ew8
Video: https://youtu.be/4UQ27hMuwNw
https://github.com/akacastor/xplain-glitcher
sbl_config.h:

#define CRP1 0x12345678

#define CRP2 0x87654321
#define CRP3 0x43218765
#define NOCRP 0x11223344

Readout only allowed if CRP word == NOCRP

Source: AN10866 LPC1700 Secondary USB bootloader

No CRP
CRP1

Trellix Insights Essentials
Document3 pages
Trellix Insights Essentials
Lyu Sey
No ratings yet
Module 7 Assignment
Document13 pages
Module 7 Assignment
api-360051483
No ratings yet
McAfee MOVE AntiVirus 4.8.0 Client Command Line Interface Reference Guide - CLP9421
Document8 pages
McAfee MOVE AntiVirus 4.8.0 Client Command Line Interface Reference Guide - CLP9421
Sérgio Locatelli Júnior
No ratings yet
Book Du Toc PDF
Document19 pages
Book Du Toc PDF
shrestha_ojesh
0% (2)
GD Nist 800 53 Compliance Controls
Document21 pages
GD Nist 800 53 Compliance Controls
naveed
No ratings yet
Crowdstrike Tuesday Morning Case Study PDF
Document3 pages
Crowdstrike Tuesday Morning Case Study PDF
Sarayuth Sae-tung
No ratings yet
Nsaf - Netsentries Swift Assessment Framework
Document8 pages
Nsaf - Netsentries Swift Assessment Framework
co ca
No ratings yet
Pci DSS Docs New
Document2 pages
Pci DSS Docs New
Jen
No ratings yet
CAIQv4.0.2 STAR Security Questionnaire Generated at 2021-09-23
Document141 pages
CAIQv4.0.2 STAR Security Questionnaire Generated at 2021-09-23
ssglcn
No ratings yet
B Qradar Users Guide
Document226 pages
B Qradar Users Guide
SandeepKumar
No ratings yet
GRC & Open-AudIT
Document39 pages
GRC & Open-AudIT
Hossam Eissa
No ratings yet
Tutorial For NXP S32 Design Studio: Starting Out - Creating A Workspace
Document17 pages
Tutorial For NXP S32 Design Studio: Starting Out - Creating A Workspace
Htet lin Ag
No ratings yet
Dxdiag Lumion
Document46 pages
Dxdiag Lumion
Abdul Malik
No ratings yet
Security Policy 10 Security Incident Management
Document9 pages
Security Policy 10 Security Incident Management
Marsels
No ratings yet
Vendor: Cisco Exam Code: 300-360 Exam Name: Designing Cisco Wireless Enterprise Networks
Document85 pages
Vendor: Cisco Exam Code: 300-360 Exam Name: Designing Cisco Wireless Enterprise Networks
spa
No ratings yet
Iso 27002 Compliance Guide
Document23 pages
Iso 27002 Compliance Guide
pioneers ksa
No ratings yet
Arcsight Connector Supported Products Flyer
Document8 pages
Arcsight Connector Supported Products Flyer
Ramnesh Dubey
No ratings yet
Infineon Whitepaper IEC62443 PDF
Document12 pages
Infineon Whitepaper IEC62443 PDF
Pa
No ratings yet
Cisco Asa 5525 X
Document16 pages
Cisco Asa 5525 X
abdel taib
No ratings yet
Linkedin-Skill-Assessments-Quizzes - Cybersecurity-Quiz - MD at Main Ebazhanov - Linkedin-Skill-Assessments-Quizzes GitHub
Document25 pages
Linkedin-Skill-Assessments-Quizzes - Cybersecurity-Quiz - MD at Main Ebazhanov - Linkedin-Skill-Assessments-Quizzes GitHub
Ankit Raj
No ratings yet
Yamicsoft Windows 7 Manager 4.3.7
Document2 pages
Yamicsoft Windows 7 Manager 4.3.7
Widagdho Widyo
No ratings yet
SWIFT L2BASOFv2021 Self Attestation 2
Document8 pages
SWIFT L2BASOFv2021 Self Attestation 2
Vijay Devre
No ratings yet
About Fortify Docs 21.2.0
Document3 pages
About Fortify Docs 21.2.0
Hùng Đào
No ratings yet
Shifting The Balance of Cybersecurity Risk: Principles and Approaches For Security-By - Design and - Default
Document18 pages
Shifting The Balance of Cybersecurity Risk: Principles and Approaches For Security-By - Design and - Default
yanezmr
No ratings yet
Cloud Computing Security
Document10 pages
Cloud Computing Security
IJRASETPublications
No ratings yet
Wvs Manual
Document64 pages
Wvs Manual
Cătălin Alexandru
No ratings yet
2022 Security Report 01-24-22
Document75 pages
2022 Security Report 01-24-22
jeffhouse7858
No ratings yet
Cisco ASA 5520
Document47 pages
Cisco ASA 5520
sayritabelen
No ratings yet
Forrester Zero Trust Model Information Security
Document18 pages
Forrester Zero Trust Model Information Security
Smart Tirmizi
No ratings yet
Real-Time De-Identification of Healthcare Data Using Ephemeral Pseudonyms
Document5 pages
Real-Time De-Identification of Healthcare Data Using Ephemeral Pseudonyms
International Journal of Application or Innovation in Engineering & Management
No ratings yet
Idc Worldwide Siem Market Share
Document13 pages
Idc Worldwide Siem Market Share
Neon Logic
No ratings yet
Pro-Watch 4.5 Installation Guide
Document46 pages
Pro-Watch 4.5 Installation Guide
Tiago Dutra
No ratings yet
PacketFence 2017-Administration Guide
Document166 pages
PacketFence 2017-Administration Guide
scrib_nok
0% (1)
The Fortigate and The 3G Modem
Document4 pages
The Fortigate and The 3G Modem
Joao Grilo
No ratings yet
Introduction To Idrac6 PDF
Document23 pages
Introduction To Idrac6 PDF
Mac Loverz
No ratings yet
Security Information and Event Management (SIEM) - 2021
Document4 pages
Security Information and Event Management (SIEM) - 2021
Harum
No ratings yet
Kabu Linux Project Proposal
Document7 pages
Kabu Linux Project Proposal
Emmanuel Nyachoke
No ratings yet
Children S Social Care Stable Homes Consultation February 2023
Document220 pages
Children S Social Care Stable Homes Consultation February 2023
Busyharriedmum
No ratings yet
CEH Broucher
Document2 pages
CEH Broucher
Manal Saeed
No ratings yet
Self Evaluation Guide 1657811889
Document46 pages
Self Evaluation Guide 1657811889
Vincent Ip
No ratings yet
Essential Cybersecurity Controls (ECC - 1:2018) Standard Compliance
Document15 pages
Essential Cybersecurity Controls (ECC - 1:2018) Standard Compliance
Pratik Bhalerao
No ratings yet
Network Infrastructure Security Guidance
Document58 pages
Network Infrastructure Security Guidance
Sylvious Pampa Rocha
No ratings yet
10 Popular Cybersecurity Certifications (2022 Updated) - Coursera
Document20 pages
10 Popular Cybersecurity Certifications (2022 Updated) - Coursera
Massimo Riserbo
No ratings yet
Virtualization Security
Document33 pages
Virtualization Security
Stéphane Kenthor
No ratings yet
UTD NGFW Workshop Guide 3.5 20180831 PDF
Document67 pages
UTD NGFW Workshop Guide 3.5 20180831 PDF
Jesus Chavez
No ratings yet
DL Custom - UL 60950
Document1 page
DL Custom - UL 60950
Henry delavari
No ratings yet
IT Risk Assessment Template Checklist
Document6 pages
IT Risk Assessment Template Checklist
Captain Agnihotri
No ratings yet
Snort Installation PDF
Document21 pages
Snort Installation PDF
shubhangi
No ratings yet
Meritas Cybersecurity Standards: January 2020
Document1 page
Meritas Cybersecurity Standards: January 2020
Roy Adig Menacho Cespedes
No ratings yet
Advisory Detection of PyXie RAT Custom Loaders and Details of Their Combined Use in Ransomware Campaigns PDF
Document12 pages
Advisory Detection of PyXie RAT Custom Loaders and Details of Their Combined Use in Ransomware Campaigns PDF
Stratigus Pty Ltd
No ratings yet
Diskstation Manager 7.0: User Guide For
Document86 pages
Diskstation Manager 7.0: User Guide For
plho
No ratings yet
Windows and Linux Operating Systems From PDF
Document9 pages
Windows and Linux Operating Systems From PDF
PAULA ANDREA PERALTA TRIANA
No ratings yet
UNION Based SQL Injection
Document2 pages
UNION Based SQL Injection
Tarik Ameziane
No ratings yet
Observeit vs. Interguard: A Competitve Comparison: Supported Platforms
Document2 pages
Observeit vs. Interguard: A Competitve Comparison: Supported Platforms
gabytgv
No ratings yet
Sangfor NGAF Introduction 8.0.5 Final
Document24 pages
Sangfor NGAF Introduction 8.0.5 Final
Albarn Paul Alicante
No ratings yet
State of Software Security Focus On Application Development
Document20 pages
State of Software Security Focus On Application Development
bineintelescaeu
No ratings yet
ProxySG SWG Gen2 Initial Configuration Guide
Document60 pages
ProxySG SWG Gen2 Initial Configuration Guide
dbf75
No ratings yet
Qualys Third Edition
From Everand
Qualys Third Edition
Gerardus Blokdyk
No ratings yet
PAM Solutions A Complete Guide - 2019 Edition
From Everand
PAM Solutions A Complete Guide - 2019 Edition
Gerardus Blokdyk
No ratings yet
SD-WAN and Security The Ultimate Step-By-Step Guide
From Everand
SD-WAN and Security The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
RECON BRX 2017 Analyzing Mifare Classic Cracking
Document21 pages
RECON BRX 2017 Analyzing Mifare Classic Cracking
paul
No ratings yet
RECON-BRX-2017-Harnessing Intel Processor Trace On Windows For Vulnerability Discovery
Document47 pages
RECON-BRX-2017-Harnessing Intel Processor Trace On Windows For Vulnerability Discovery
paul
No ratings yet
RECON BRX 2017 Analyzing Mifare Classic Cracking
Document21 pages
RECON BRX 2017 Analyzing Mifare Classic Cracking
paul
No ratings yet
RECON-BRX-2017-Your Chakra Is Not Aligned
Document39 pages
RECON-BRX-2017-Your Chakra Is Not Aligned
paul
No ratings yet
RECON BRX 2017 Reversinghsms2
Document108 pages
RECON BRX 2017 Reversinghsms2
paul
No ratings yet
RECON-BRX-2017-Teaching Old Shellcode New Tricks
Document105 pages
RECON-BRX-2017-Teaching Old Shellcode New Tricks
paul
No ratings yet
RECON-BRX-2017-Reverse Engineering Satellite Based IP Content Distribution
Document32 pages
RECON-BRX-2017-Reverse Engineering Satellite Based IP Content Distribution
paul
No ratings yet
Recon MTL 2017 Mazewalker
Document48 pages
Recon MTL 2017 Mazewalker
paul
No ratings yet
RECON MTL 2017 Bubble Struggle
Document50 pages
RECON MTL 2017 Bubble Struggle
paul
No ratings yet
RECON BRX 2017 r2m2
Document73 pages
RECON BRX 2017 r2m2
paul
No ratings yet
Recon MTL 2017 Miasm
Document143 pages
Recon MTL 2017 Miasm
paul
No ratings yet
RECON BRX 2017 Analysing Ios Apps
Document42 pages
RECON BRX 2017 Analysing Ios Apps
paul
No ratings yet
RECON BRX 2017 FreeRTOS Embedded Reversing
Document47 pages
RECON BRX 2017 FreeRTOS Embedded Reversing
paul
No ratings yet
RECON-MTL-2017-Hacking Cell Phone Embedded Systems
Document44 pages
RECON-MTL-2017-Hacking Cell Phone Embedded Systems
paul
No ratings yet
Recon MTL 2017 Idapython
Document19 pages
Recon MTL 2017 Idapython
paul
No ratings yet
RECON MTL 2017 Freecalypso
Document19 pages
RECON MTL 2017 Freecalypso
paul
No ratings yet
RECON MTL 2017 Exporting IDA Debug Information
Document23 pages
RECON MTL 2017 Exporting IDA Debug Information
paul
No ratings yet
RECON MTL 2017 Bochspwn Reloaded
Document140 pages
RECON MTL 2017 Bochspwn Reloaded
paul
No ratings yet
Recon MTL 2017 Cant Hide
Document29 pages
Recon MTL 2017 Cant Hide
paul
No ratings yet
Recon MTL 2017 Bass
Document30 pages
Recon MTL 2017 Bass
paul
No ratings yet
Recon MTL 2017 Bincat
Document66 pages
Recon MTL 2017 Bincat
paul
No ratings yet
Recon MTL 2017 Badfet
Document126 pages
Recon MTL 2017 Badfet
paul
100% (1)
EE2024 Lecture 1 Intro
Document23 pages
EE2024 Lecture 1 Intro
Dexter
No ratings yet
Identification of Train Collision Avoidance Based On Sensor
Document59 pages
Identification of Train Collision Avoidance Based On Sensor
Sreekanth Pagadapalli
No ratings yet
Openocd
Document127 pages
Openocd
Ene Alexandru
No ratings yet
CODESYSControlV3 uRTS Manual 01 PDF
Document74 pages
CODESYSControlV3 uRTS Manual 01 PDF
mladen00
No ratings yet
Unmanned Aerial Vehicle - Summer Project Report
Document35 pages
Unmanned Aerial Vehicle - Summer Project Report
ankit007aj
No ratings yet
Iot Final
Document324 pages
Iot Final
rustxd
No ratings yet
Advanced Micro-Controllers Application & Programming
Document3 pages
Advanced Micro-Controllers Application & Programming
Pragati -
No ratings yet
NI Tutorial 6994 en
Document1 page
NI Tutorial 6994 en
asutoshpat
No ratings yet
Interfacing A Stepper Motor With ARM Controller LPC2148
Document9 pages
Interfacing A Stepper Motor With ARM Controller LPC2148
Rahul Sharma
100% (2)
Landtiger v2.0 Manual
Document27 pages
Landtiger v2.0 Manual
pp
No ratings yet
BlackBox Monitoring System Using IoT
Document19 pages
BlackBox Monitoring System Using IoT
Palam Pvr
No ratings yet
Armsravan 140618054148 Phpapp01
Document132 pages
Armsravan 140618054148 Phpapp01
smganorkar
No ratings yet
LPC 2148
Document62 pages
LPC 2148
Karthikeyan Jhk
No ratings yet
LPC2148 Quick Start Board Users Guide-Version 1.0 Rev A
Document17 pages
LPC2148 Quick Start Board Users Guide-Version 1.0 Rev A
rsudjian
No ratings yet
Wireless Power Theft Monitoring System
Document21 pages
Wireless Power Theft Monitoring System
Gautam Sai Teza
No ratings yet
Point To Point GPS Data Logger For Cab Vehicles Monitoring Systems
Document3 pages
Point To Point GPS Data Logger For Cab Vehicles Monitoring Systems
VigneshInfotech
No ratings yet
Internship Report
Document38 pages
Internship Report
Haythem Sakka
No ratings yet
Smart Meter
Document70 pages
Smart Meter
deepika
No ratings yet
Advanced Microcontroller: A Laboratory Manual For
Document84 pages
Advanced Microcontroller: A Laboratory Manual For
FS18EC007 Mihir Gharat
No ratings yet
ARM - LPC2148 GPIO Basics With Calculator - Learn - Pechnol - Pechnol
Document11 pages
ARM - LPC2148 GPIO Basics With Calculator - Learn - Pechnol - Pechnol
Trust Munyaradzi Marongedze
No ratings yet
Arm Processor Pin Details
Document44 pages
Arm Processor Pin Details
xperiaash
No ratings yet
Microcontroller Features
Document21 pages
Microcontroller Features
usama riaz
No ratings yet
lpc17xx Um
Document835 pages
lpc17xx Um
krunal_299
No ratings yet
Manufacturing Processes Report (Thapar University)
Document10 pages
Manufacturing Processes Report (Thapar University)
Nishant Saini
No ratings yet
Arm Processor Architecture
Document84 pages
Arm Processor Architecture
bhargava Prasad
No ratings yet
Resume Nakul Kumar
Document2 pages
Resume Nakul Kumar
Pivion Healthcare
No ratings yet
Record - Embedded Lab
Document93 pages
Record - Embedded Lab
Satheesh Kumar
No ratings yet
LPC2148 Microcontroller Architecture and
Document50 pages
LPC2148 Microcontroller Architecture and
Manikandan Annamalai
No ratings yet
User Manual To LPC Controllers
Document709 pages
User Manual To LPC Controllers
Anna Sandoval
0% (1)