Limited contribution to this world
This blogpost presents a modding system, called PocketGlicher. It provides an automated way to perform voltage glitching, without any expensive electronic equipments or any “hardware” skills.As proof of concept, the nRF52 Debug Resurrection Attack presented at BlackHat EU 2020 can be reproduced easily using this plug-and-play solution. Introduction I recently found back my PocketBeagle in…
TrustZone is the last hardware security mechanism integrated to ARMv8-M. This article presents some Fault Injection results achieved on Nuvoton M2351 (Cortex-M23), targeting MKROM crypto-functions and secure Code. ARMv8-M TrustZone TrustZone technology (TZ) is NOT really a NEW security concept. It has been available on ARM Cortex-A since more than 10 years now. The TrustZone…
I wanted to close my investigation by targeting the two major security features: Secure Boot Flash Encryption My final goal is to achieve a PERSISTENT exploit, bypassing the Secure Boot and the Flash Encryption. In this report, I disclose a full readout of protected E-Fuses storing two secret keys, one used for Flash Encryption (BLK1)…
In this post, I focus on the ESP32 Secure Boot and I disclose a full exploit to bypass it during the boot-up, using low-cost fault injection technique. Espressif and I decided to go to Responsible Disclosure for this vulnerability (CVE-2019-15894). The Secure Boot Secure boot is the guardian of the firmware authenticity stored into the external…
A crypto-core (also called crypto-accelerator) is a dedicated piece of hardware inside the System-on-Chip. Its main role is to ‘accelerate’ cryptographic primitives and to perform keys management. This post presents several vulnerabilities and fault injection exploits targeting the crypto-core implementation, allowing an attacker to: Bypass the HW-AES encryption Control the AES key value The vulnerabilities…
Introduction ESP32 is a System-on Chip (SoC) from Espressif Systems, launched in 2016. This SoC will be supported until 2028 (12 years longevity commitment) and has already been shipped more than 100 Millions times around the world. ARM MbedTLS is a the open source crypto-library from ARM, used in IoT devices. In my opinion, both…