Flash Extraction: Difference between revisions
Polymorphic7 (talk | contribs) m 0x20 added |
Polymorphic7 (talk | contribs) m Minor improvement + added RECESSIM media from yt. |
||
| Line 85: | Line 85: | ||
=====Internal ROM===== | =====Internal ROM===== | ||
When your traget chip has an built-in ROM and the chip is locked you are out of luck trying to easily read the firmware in most cases.<br> | |||
Here is were it comes handy to know of different methods widely used to attack these chips in order to retrive the firmware for later static analysis or even live debugging. | |||
::* 1. Decapsulation | ::* 1. Decapsulation | ||
:::;- [https://www.youtube.com/watch?v=T1rRgb9N9s4 Nitric Acid and Microscopes. Decapsulating IC's.] | :::;- [https://www.youtube.com/watch?v=T1rRgb9N9s4 [[RECESSIM video:]] Nitric Acid and Microscopes. Decapsulating IC's.] | ||
::* 2. Bootloader hacking | ::* 2. Bootloader hacking | ||
:::;- [https://0xinfection.github.io/reversing/reversing-for-everyone.pdf Great resources on reserve engineering] | :::;- [https://0xinfection.github.io/reversing/reversing-for-everyone.pdf Great resources on reserve engineering] | ||
::* 3. Fault injection & Glitching Attacks | ::* 3. Fault injection & Glitching Attacks | ||
:::;- VCC glitching (Crowbar Circuits) | :::;- VCC glitching (Crowbar Circuits) | ||
::::: [https://www.youtube.com/watch?v=IOD5voFTAz8 [[RECESSIM video:]] Hacking into a Locked Microchip - Reverse Engineer shows you how it's done.] | |||
::::: [https://eprint.iacr.org/2016/810.pdf Example paper 1. Fault Injection using Crowbars on Embedded Systems.] | ::::: [https://eprint.iacr.org/2016/810.pdf Example paper 1. Fault Injection using Crowbars on Embedded Systems.] | ||
::::: [https://arxiv.org/pdf/1903.08102 Example paper 2. Injecting Software Vulnerabilities with Voltage Glitching.] | ::::: [https://arxiv.org/pdf/1903.08102 Example paper 2. Injecting Software Vulnerabilities with Voltage Glitching.] | ||