Hacking Microcontroller Firmware through USB - Boris Larin
Modern microcontrollers (MCUs) come with built-in security features aimed at preventing the retrieval of firmware by third parties and eliminating the risk of reverse engineering. Manufacturers rely on the security of MCUs to protect secrets and intellectual property. Often, the prevention of firmware reverse engineering is used as a form of "security by obscurity": if an attacker can't analyze the code it will be harder to them to find and exploit vulnerabilities.
However, firmware sometimes needs to be extracted from microcontroller in order to perform a security analysis. If you consider the vast number of different MCUs out there and the fact that they all come with various security mechanisms, it can be impractical to extract firmware through a hardware attack. In this case, if the target communicates over a USB interface, this can be the best point through which to perform a firmware extraction attack.
In this presentation, I will demonstrate all stages of a real attack on a consumer product with an ARM Cortex-M0 processor, and will share my tools and all the nuances I’ve encountered.
Besides that, I will reveal how obtaining the firmware of a counterfeit product revealed that it was developed by a big manufacturer of game accessories and how it led to the compromise of security for all products developed that manufacturer.