one exploit to rule them all on the security of drop in
play

One Exploit to Rule them All? On the Security of Drop-in Replacement - PowerPoint PPT Presentation

Johannes Obermaier, Marc Schink, Kosma Moczek August 11, 2020 One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers Outline - Research Scope - Optical Die Inspection - Security Concept -


  1. Johannes Obermaier, Marc Schink, Kosma Moczek August 11, 2020 One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers

  2. Outline - Research Scope - Optical Die Inspection - Security Concept - Debugger-based Attack Vectors - Hardware-based Attack Vectors - Conclusion and Outlook

  3. Research Scope Drop-in Replacement and Counterfeit Devices One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 2 / 17

  4. Research Scope Drop-in Replacement and Counterfeit Devices FAKE! One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 2 / 17

  5. Research Scope Drop-in Replacement and Counterfeit Devices FAKE! One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 2 / 17

  6. Research Scope Drop-in Replacement and Counterfeit Devices FAKE! Unknown source: Surplus devices? Manufacturing data leak? Device security unknown / undisclosed → Research: One exploit to rule them all? Limitation: DiY attacks only! One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 2 / 17

  7. Research Scope Selected Devices The original → device STM32F103(C8T6) One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 3 / 17

  8. Research Scope Selected Devices The original → device STM32F103(C8T6) APM32F103(CBT6) CKS32F103(C8T6) Cortex-M3 only except for one RISC-V device → GD32F103(C8T6) GD32F130(C8T6) GD32VF103(CBT6) One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 3 / 17

  9. Optical Die Inspection Digging Deeper... Sulfuric acid chip decapping Exposes the silicon die for comparison One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 4 / 17

  10. Optical Die Inspection Digging Deeper... STM32F103C8T6 APM32F103CBT6 CKS32F103C8T6 Sulfuric acid chip decapping Exposes the silicon die for comparison GD32F103C8T6 GD32VF103CBT6 GD32F130C8T6 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 4 / 17

  11. Optical Die Inspection Digging Deeper... STM32F103C8T6 APM32F103CBT6 CKS32F103C8T6 Sulfuric acid chip decapping Exposes the silicon die for comparison → Individually developed devices GD32F103C8T6 GD32VF103CBT6 GD32F130C8T6 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 4 / 17

  12. Security Concept Readout Protection Levels RDP Level 1 Flash Read Protection Others RDP Level 0 Full Access 0xA55A Read Protection Debug Permissions Config Value One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 5 / 17

  13. Security Concept Readout Protection Levels RDP Level 1 Flash Read Protection Others Yes Full erase RDP Level 0 Full Access 0xA55A Read Protection Debug Permissions Config Value One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 5 / 17

  14. Security Concept Readout Protection Levels RDP Level 2 Debug Interface Disabled 0x33CC (GD32F130 only) Never Yes RDP Level 1 Flash Read Protection Others Yes Full erase RDP Level 0 Full Access 0xA55A Read Protection Debug Permissions Config Value One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 5 / 17

  15. Security Concept Bus Masters and Flash Access Permissions Bus masters: Debug, CPU, DMA DBG Debug ICode Flash memory DCode Bus Matrix CPU Core CM3 / RISC-V System SRAM Peripherals DMA DMA One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 6 / 17

  16. Security Concept Bus Masters and Flash Access Permissions Bus masters: Debug, CPU, DMA DBG Debug ICode Flash memory DCode Bus Matrix CPU Core CM3 / RISC-V System SRAM Peripherals DMA DMA CPU or DMA: Flash access allowed One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 6 / 17

  17. Security Concept Bus Masters and Flash Access Permissions Bus masters: Debug, CPU, DMA Attacker DBG Debug ICode Flash memory DCode Bus Matrix CPU Core CM3 / RISC-V System SRAM Peripherals DMA DMA CPU or DMA: Flash access allowed Debugger: Flash access blocked One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 6 / 17

  18. Security Concept Bus Masters and Flash Access Permissions Bus masters: Debug, CPU, DMA Attacker DBG Debug ICode Flash memory DCode Bus Matrix CPU Core CM3 / RISC-V System SRAM Peripherals DMA DMA CPU or DMA: Flash access allowed Debugger: Flash access blocked → Debugger via CPU or DMA: Indirect flash access permitted? One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 6 / 17

  19. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  20. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  21. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger Flash read access when running from SRAM DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  22. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger Flash read access when running from SRAM → Dump flash via SRAM firmware DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  23. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger Single stepping via debugger allowed Flash read access when running from SRAM → Dump flash via SRAM firmware DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  24. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger Single stepping via debugger allowed Flash read access when running from SRAM CPU registers can be modified → Dump flash via SRAM firmware DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  25. Debugger-based Attack Vectors Load Instructions (GD32VF103, CKS32F103) GD32VF103 CKS32F103 SRAM writeable+executable via debugger Single stepping via debugger allowed Flash read access when running from SRAM CPU registers can be modified → Dump flash via SRAM firmware → Dump flash via LDR-gadget stepping DBG Debug ICode DBG Debug ICode Flash Flash memory memory DCode DCode Bus Matrix Bus Matrix CPU Core CPU Core RISC-V CM3 System System SRAM SRAM Peripherals DMA DMA Peripherals DMA DMA APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 7 / 17

  26. Debugger-based Attack Vectors Demo: CKS32F103 Memory Extraction APM32F103 CKS32F103 GD32F103 GD32F130 GD32VF103 STM32F103 One Exploit to Rule them All? | Johannes Obermaier, Marc Schink, Kosma Moczek | August 11, 2020 | 8 / 17

Recommend


More recommend