After the Part 1 describing the APPROTECT Bypass, this new post presents how to: exploit a real product based on nRF52840 to extract the Firmware and reactivate the SWD interface. reproduce the attack on others nRF52 SoCs to confirm the vulnerability in all the nRF52 versions. Exploit Validation on real Product Let’s start by a…
Tag: JTAG
nRF52 Debug Resurrection (APPROTECT Bypass) Part 1
Yes, resurrection of JTAG/SWD interface on protected platforms has always been a sensitive topic in embedded security. This security investigation presents a way to bypass the APPROTECT on a protected nRF52840, in order to reactivate the Serial Wire Debug Interface (SWD), offering full debug capabilities on the target (R/W access to Flash/RAM/Registers, Code Exec and…
Pwn the Xiaomi Yeelight
The Yeelight Bought on Amazon (20 euros). The Yeelight (Xiaomi) bulb is fitted. Yeelight app is installed and launched on a android smartphone to set the Wi-Fi connection. The password is entered into the app and the bulb is finally registered. Everything is fine. Light goes on. Time to focus on the hardware. The teardown…