Breaking Code Read Protection on the NXP LPC-family Microcontrollers

Presented at REcon Brussels 2017, Jan. 28, 2017, 4 p.m. (60 minutes)

A look at bypassing the Code Read Protection in the NXP LPC family ofARM microcontrollers. This is an example of one of the simple securityfeatures found in common microcontrollers, and how it is easily bypassed.The Code Read Protection (CRP) is implemented in bootloader software andcan be easily read and disassembled, showing the fragility of the CRPmechanism. This talk describes the path to exploiting the bootloadersoftware, developing and using a simple glitcher. A glitcher isdesigned, the chip is tested for vulnerability to glitch, and an attackis formulated to disable CRP and enable readout of FLASH contents.As glitch attacks go, this is a simple and ‘beginner-level’ attack whichshould be easily reproducible. The talk will include hardware andsoftware design, including schematics and source code, for a glitcherable to bypass CRP.



Similar Presentations: