210
edits
Changes
m
loads of typos fixed (thanks to L.B.)
=====External ROM=====
: In case of an external rom ROM you can always try to read it with a programmer and try to dump the contents this way for later static analysis.
=====Internal ROM=====
When your target chip has an built-in ROM and the chip is locked you are out of luck trying to easily read the firmware in most cases.<br>
Here is were where it comes handy to know of different methods widely used to attack these chips in order to retrive retrieve the firmware for later static analysis or even live debugging.
::* 1. Decapsulation
:::- [https://www.youtube.com/watch?v=T1rRgb9N9s4 '''RECESSIM video:''' Nitric Acid and Microscopes. Decapsulating IC's.]
::* 2. Bootloader hacking
:::;- [https://0xinfection.github.io/reversing/reversing-for-everyone.pdf Great resources on reserve reverse engineering]
::* 3. Fault injection & Glitching Attacks
:::;- VCC glitching (Crowbar Circuits)
: > [[:ATSAM4C32|Full in-depth wiki page can be found here.]]
: Atmel SAM4C32 reset low period during early start-up process somewhere in the bootloader showing vurnable vulnerable time for glitch.<br>
: After glitching the chip, JTAG comes online serving a command prompt which allows to dump the firmware of the chip protected by Atmel's Security Bit Feature called GPNVM.<br>
: [[File:Atmel SAM4 series glitch.png|none|thumb|Atmel SAM4C32 glitching. Yellow VDDCORE, Purple RST..]]