nRF52 Debug Resurrection (APPROTECT Bypass) Part 1

Yes, resurrection of JTAG/SWD interface on protected platforms has always been a sensitive topic in embedded security. This security investigation presents a way to bypass the APPROTECT on a protected nRF52840, in order to reactivate the Serial Wire Debug Interface (SWD), offering full debug capabilities on the target (R/W access to Flash/RAM/Registers, Code Exec and…

Nuvoton M2351 MKROM

TrustZone is the last hardware security mechanism integrated to ARMv8-M. This article presents some Fault Injection results achieved on Nuvoton M2351 (Cortex-M23), targeting MKROM crypto-functions and secure Code. ARMv8-M TrustZone TrustZone technology (TZ) is NOT really a NEW security concept. It has been available on ARM Cortex-A since more than 10 years now. The TrustZone…

Pwn MBedTLS on ESP32: DFA Warm-up

Introduction ESP32 is a System-on Chip (SoC) from Espressif Systems, launched in 2016. This SoC will be supported until 2028 (12 years longevity commitment) and has already been shipped more than 100 Millions times around the world. ARM MbedTLS is a the open source crypto-library from ARM, used in IoT devices. In my opinion, both…