Exploit - LimitedResults

nRF52 Debug Resurrection (APPROTECT Bypass) Part 2

Posted on June 14, 2020May 22, 2021 by LimitedResults

After the Part 1 describing the APPROTECT Bypass, this new post presents how to: exploit a real product based on nRF52840 to extract the Firmware and reactivate the SWD interface. reproduce the attack on others nRF52 SoCs to confirm the vulnerability in all the nRF52 versions. Exploit Validation on real Product Let’s start by a…

nRF52 Debug Resurrection (APPROTECT Bypass) Part 1

Posted on June 10, 2020May 23, 2021 by LimitedResults

Yes, resurrection of JTAG/SWD interface on protected platforms has always been a sensitive topic in embedded security. This security investigation presents a way to bypass the APPROTECT on a protected nRF52840, in order to reactivate the Serial Wire Debug Interface (SWD), offering full debug capabilities on the target (R/W access to Flash/RAM/Registers, Code Exec and…