Changes

Jump to navigation Jump to search

ATSAM4C32 (view source)

Revision as of 18:33, 1 April 2025

701 bytes added ,  1 April
no edit summary
The SAM-BA Boot provides an interface with SAM-BA Graphic User Interface (GUI).
The SAM-BA Boot is in ROM and is mapped in Flash at address 0x0 when GPNVM bit 1 is set to 0.</blockquote><br />While my attack focused on targeting the security bit GPNVM 0, it may also be possible to target GPNVM1 to enter the boot-loader and extract the flash memory that way. In that case, a JTAG programmer would not be necessary. I have not tested to see if this works as of April 1, 2025.
===Reset vs Power Cycle===
Some microcontrollers in the SAM series exhibit different behavior on the VDDCORE power rail when they are reset vs power cycled. I have verified the SAM4C32, SAM4S2A and 0x01 Teams [[SAM E70/S70/V70/V71]] all exhibit the behavior shown below. My hypothesis is any Microchip SAM series processor that mentions GPNVM in the datasheet is susceptible to this attack.
 
==== Reset Capture ====
TBD
 
==== Power Cycle Capture ====
TBD
Retrieved from "https://wiki.recessim.com/view/Special:MobileDiff/2896"

Navigation menu