Extracting the firmware from microcontrollers is a crucial step in analysing the security of embedded systems. However, to protect IP and other secret information, most microcontrollers allow vendors to lock down the device and prevent firmware readout. In many cases, this is realised in software with a ROM bootloader: apart from debug and flashing features, it commonly implements different levels of code readout protection (CRP) to prevent malicious access to firmware flash.
As bootloaders often provide a rich feature set over a standard interface such as UART or USB, there is ample opportunity to mount software (and other) attacks. Our previous work (at BHEU 2019 – Breaking Bootloaders on the Cheap) showed that on the NXP LPC1343, the least restrictive CRP level 1 can be bypassed through stack overwrites and ROP techniques.
In this presentation, we show that the USB bootloader interface of the LPC1343 contains a critical vulnerability that allows an attacker to bypass the higher CRP level 2 (and level 3 if ISP is enabled) at low-cost (<$40).
Specifically, reverse-engineering the bootloader, we discovered:
a) A vulnerability in firmware writes, where a maliciously crafted “Write (10)” USB packet can overwrite the beginning of the flash, where the CRP level is stored, hence disabling the protection.
b) A tear-off vulnerability, where a carefully timed power cut-off during flash erasure flips the first few CRP bytes, but leaves the remaining firmware largely intact.
We responsibly disclosed the identified issues to NXP, and they updated their guidance to customers, discouraging the use of LPC1343 microcontrollers in new designs.
Beyond those specific vulnerabilities, our presentation will include a survey of common security anti-patterns in firmware readout mechanisms across the industry, informing more secure designs in the future.
