By: Chris Gerlinsky

Scheduled on: January 28 at 16:00

A look at bypassing the Code Read Protection in the NXP LPC family of ARM microcontrollers. This is an example of one of the simple security features found in common microcontrollers, and how it is easily bypassed.

The Code Read Protection (CRP) is implemented in bootloader software and can be easily read and disassembled, showing the fragility of the CRP mechanism. This talk describes the path to exploiting the bootloader software, developing and using a simple glitcher. A glitcher is designed, the chip is tested for vulnerability to glitch, and an attack is formulated to disable CRP and enable readout of FLASH contents.

As glitch attacks go, this is a simple and ‘beginner-level’ attack which should be easily reproducible. The talk will include hardware and software design, including schematics and source code, for a glitcher able to bypass CRP.