38C3 - Hacking the RP2350
ฝัง
- เผยแพร่เมื่อ 5 ก.พ. 2025
- media.ccc.de/v...
Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior.
The RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization.
Since there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems.
Aedan Cullen
events.ccc.de/...
#38c3 #Security
Licensed to the public under creativecommons...
Incredible talent against a pretty hardened chip, especially for someone who isn't even a security researcher. And going the extra mile and having the chips decapped, and correctly inferring the voltage rails to attack? Holy moly he's smart.
Well that's unfortunate! Great talk, very impressed by your sofisticated "just giving it a try."
Wow. I love the creativity of this hack. It really goes to show what a fresh perspective can bring. Also, a really clear presentation. I felt like I understood his explanations really clearly.
Interesting talk about somewhat creative thinking in this field. Definitely one of the talks on the good side.
If ARM_DISABLE plus RISCV_DISABLE are both true, and furthermore RISCV mode represents the "insecure mode", shouldn't "ARM mode" be the default mode in that case (and in any case)? Am I missing something here?
The almost hidden but true wisdom beyond having fun with electronic gadgets mentioned in this talk with possibly and hopefully huge impact was "Human communication factors is huge.", because these factors tend to be more or less chaotic under several circumstances.
Turns out there was some... risk involved with including risc-v cores in the MCU
Excellent!
Great work!
I already saw this, was this uploaded somewhere else before?
yes, someone is uploading bootleg 38C3 talks.
@@rootuser9218 the algo knows us well lol
Why is there only one Redundancy Coprocessor?
hi , not related but , how to learn more about thid nitty gritty details of Hardware ? i am a CS student but cant find a good standalone ressource for this 😢
@@aymanelhasbi5030 for this case in particular, the chip should be very well documented by the pi foundation itself. They often offer datasheets on their own websites.
@@aymanelhasbi5030 try zero to asic course
True!
Intel and AMD had unused redundancy processorcores for decades! And I'm not quite sure if this isn't still true as of today, at least for most tasks done on computers. 🤣
All it took to keep this chip actually secure is use a guard read with 0x00000 and to have ARM be preferred over RISC-V. Which I feel if they would have thought about the security implications a bit longer, I think they could have figured out.
Generally you *probably* want your guard read to have a mix of both 1 and 0 bits - otherwise a glitch that CLEARS bits might not be detected
@@OpenKeith Generally, yes but in this case specifically all the OTP bits, have 1 to disable some security feature or do something that opens an attack vector.
I could cleary read force_magic_word
After this video, Chinese hackers will come out with alternative RPi and with more cheaper price.
A 80c MCU at single quantities is going to be hard for the Chinese to even beat.
@monkev1199 It is a matter of time, do not underestimate them.
Excellent talk.
Is this an "attempt" to hack it... or did he actually hack it...
He totally hacked it and blew off the chip's entire read-out protection