A look at bypassing the Code Read Protection in the NXP LPC family of
ARM microcontrollers. This is an example of one of the simple security
features found in common microcontrollers, and how it is easily bypassed.The Code Read Protection (CRP) is implemented in bootloader software and
can be easily read and disassembled, showing the fragility of the CRP
mechanism. This talk describes the path to exploiting the bootloader
software, developing and using a simple glitcher. A glitcher is
designed, the chip is tested for vulnerability to glitch, and an attack
is formulated to disable CRP and enable readout of FLASH contents.As glitch attacks go, this is a simple and ‘beginner-level’ attack which
should be easily reproducible. The talk will include hardware and
software design, including schematics and source code, for a glitcher
able to bypass CRP.