Enter the EFM32 Gecko

This new post presents a hardware exploit to unlock the debug port on the EFM32 Gecko MCUs Series 1 designed by Silicon Labs. Once again, after the previous nRF52 episode, this security research reveals an entire range of products vulnerable to a silicon design vulnerability. The way to unlock these chips was quite challenging and…

The PocketGlitcher

This blogpost presents a modding system, called PocketGlicher. It provides an automated way to perform voltage glitching, without any expensive electronic equipments or any “hardware” skills.As proof of concept, the nRF52 Debug Resurrection Attack presented at BlackHat EU 2020 can be reproduced easily using this plug-and-play solution. Introduction I recently found back my PocketBeagle in…

nRF52 Debug Resurrection (APPROTECT Bypass) Part 2

After the Part 1 describing the APPROTECT Bypass, this new post presents how to: exploit a real product based on nRF52840 to extract the Firmware and reactivate the SWD interface. reproduce the attack on others nRF52 SoCs to confirm the vulnerability in all the nRF52 versions. Exploit Validation on real Product Let’s start by a…

Nuvoton M2351 MKROM

TrustZone is the last hardware security mechanism integrated to ARMv8-M. This article presents some Fault Injection results achieved on Nuvoton M2351 (Cortex-M23), targeting MKROM crypto-functions and secure Code. ARMv8-M TrustZone TrustZone technology (TZ) is NOT really a NEW security concept. It has been available on ARM Cortex-A since more than 10 years now. The TrustZone…