A curated list of research papers and blog posts on embedded security, keyed by the device p/n

imperfect-design.md

The list below is compiled to inform, guide, and inspire budding security researchers. Oh and to pick something for bedtime reading too.

Included in the list are works on the following topics related to MCU/SoC security:

• Secure boot
• Fault injection
• Side channel attacks

At the end of the list, there is also a section with links to articles of potential general interest, not addressing vulnerabilities in any specific device.

Amlogic

S905

• Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM

Broadcom

BCM61650

• Pwning the bcm61650

Cypress

CY8C21434

• Aigo Chinese encrypted HDD − Part 2: Dumping the Cypress PSoC 1

Espressif

ESP32

• Raelize:Espressif ESP32: Breaking HW AES with Power Analysis
• Raelize:Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)
• Raelize:Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)
• Raelize:Espressif ESP32: Controlling PC during Secure Boot
• Raelize:Espressif ESP32: Bypassing Secure Boot using EMFI
• LimitedResults:Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
• LimitedResults:Pwn the ESP32 Secure Boot
• LimitedResults:Pwn the ESP32 crypto-core
• Courk:Breaking the Flash Encryption Feature of Espressif’s Parts

GigaDevice

Pretty much all of them

https://web.archive.org/web/20240125094607/https://offzone.moscow/upload/iblock/0a5/nad1d86e3ah3ayx38ue56vxbh2j07kd4.pdf

Google

Titan M

• Quarkslab:Attacking Titan M with Only One Byte

Infineon

SLE95250

• Skorobogatov:Compromising device security via NVM controller vulnerability
• Skorobogatov:Practical reverse engineering of ECC-based authentication device with zero knowledge

MediaTek

MT8163V

• NCC:There’s A Hole In Your SoC: Glitching The MediaTek BootROM

Microchip/Atmel

AT91SAM7XC256

• Atmel SAM7XC Crypto Co-Processor key recovery (with bonus Mifare DESFire hack)

ATECC508A

• Black-box Laser Fault Injection on a Secure Memory

ATSAMA5Dx

• Microchip ATSAMA5 SoC Multiple Vulnerabilities

PIC18F452

• Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security

PIC18F1320

• Bunnie:Hacking the PIC 18F1320

Nordic Semi

nRF51822

• Firmware dumping technique for an ARM Cortex-M0 SoC

nRF52

• LimitedResults:nRF52 Debug Resurrection (APPROTECT Bypass) Part 1
• LimitedResults:nRF52 Debug Resurrection (APPROTECT Bypass) Part 2

Nuvoton

M2351

• LimitedResults:Nuvoton M2351 MKROM
• https://media.ccc.de/v/36c3-10859-trustzone-m_eh_breaking_armv8-m_s_security

NVidia

Tegra

• Fusée Gelée

NXP

i.MX50

• Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors

i.MX53

• Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors

i.MX6

• Quarkslab:Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors

i.MX with HAB < 4.3.7

• NCC:Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices

i.MX RT101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid

• Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)

LPC

• https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf

LPC1343

• Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis
• https://i.blackhat.com/eu-19/Thursday/eu-19-Temeiza-Breaking-Bootloaders-On-The-Cheap-2.pdf
• NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader
• NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher
• NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together

LPC55S69

• Oxide:Exploiting Undocumented Hardware Blocks in the LPC55S69
• Oxide:Another vulnerability in the LPC55S69 ROM
• Oxide:A Gap in the TrustZone preset settings for the LPC55S69

PN54x

• Breaking the NFC chips in tens of millions of smart phones, and a few PoS systems

Qualcomm

MSM8916/APQ8016

• Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC

MSM8994

• Quarkslab:Analysis of Qualcomm Secure Boot Chains

Renesas/NEC

78K0

• Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis
• Shaping the Glitch: Optimizing Voltage Fault Injection Attacks
• D78F0831Y

M306K9FCLRP and possibly others

• Hacking Toshiba Laptops

RH850

• Bypassing the Renesas RH850/P1M-E read protection using fault injection

RL78

• f0:PS4 Aux Hax 2: Syscon

RX65

• Renes'hack

SiLabs

EFM32 Gecko

• LimitedResults:Enter the EFM32 Gecko
• Quarkslab:Breaking Secure Boot on the Silicon Labs Gecko platform

STMicro

STM8

• Fill your Boots: Enhanced Embedded BootloaderExploits via Fault Injection and Binary Analysis
• Dumping Firmware With a 555

STM32F0

• Shedding too much Light on a Microcontroller’s Firmware Protection

STM32F1

• Exception(al) Failure - Breaking the STM32F1 Read-Out Protection

STM32F103

• How to bypass Debug Disabling on SM32F103

STM32F205

• Kraken Identifies Critical Flaw in Trezor Hardware Wallets
• Riscure:Glitching the KeepKey hardware wallet

STM32F373

• Shaping the Glitch: Optimizing Voltage Fault Injection Attacks

TI

CC2510Fx

• Reverse engineering an e-ink display

MSP430

• Practical Attacks against the MSP430 BSL

MSP430F5172

• Shaping the Glitch: Optimizing Voltage Fault Injection Attacks

Xilinx

7-series FPGA products

• https://www.usenix.org/system/files/sec20-ender.pdf

Zynq-7000

• https://www.xilinx.com/support/answers/76201.html
• Zynq Part 2: UART Secrets
• Zynq Part 3: CVE-2021-27208
• Zynq Part 4: CVE-2021-44850

General interest

• The Sorcerer’s Apprentice Guide to Fault Attacks
• Skorobogatov:Copy Protection in Modern Microcontrollers
• chip.fail
• https://research.nccgroup.com/wp-content/uploads/2020/02/NCC-Group-Whitepaper-Microcontroller-Readback-Protection-1.pdf
• Taking a Look into Execute-Only Memory
• Skorobogatov:Copy Protection in Modern Microcontrollers
• https://ryancor.medium.com/pulling-bits-from-rom-silicon-die-images-unknown-architecture-b73b6b0d4e5d
• Hacker's guide to deep-learning side-channel attacks: the theory
• Hacker's guide to deep-learning side-channel attacks: code walkthrough
• Design Considerations for EM Pulse Fault Injection
• Shaping the Glitch: Optimizing Voltage Fault Injection Attacks
• Quarkslab:Vulnerabilities in the TPM 2.0 reference implementation code
• Quarkslab:RFID: Monotonic Counter Anti-Tearing Defeated
• High Precision Laser Fault Injection using Low-cost Components
• SiliconToaster: A Cheap and Programmable EM Injector for Extracting Secrets

There's Milosch Meriac attack on PIC18F452 too : https://get.meriac.com/docs/HID-iCLASS-security.pdf

There's Milosch Meriac attack on PIC18F452 too : https://get.meriac.com/docs/HID-iCLASS-security.pdf

Added, thanks!

Xilinx 7-Series (Spartan-7, Artix-7, Kintex-7, Virtex-7) & Virtex-6
The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs
Maik Ender, Amir Morad, and Christof Paar
https://www.usenix.org/conference/usenixsecurity20/presentation/ender (Embedded presentation video)
https://www.usenix.org/system/files/sec20-ender.pdf

In this paper, we introduce novel low-cost attacks against the Xilinx 7-Series (and Virtex-6) bitstream encryption, resulting in the total loss of authenticity and confidentiality. We exploit a design flaw which piecewise leaks the decrypted bit-stream. In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely. In addition to the attacks, we discuss several countermeasures.

MediaTek MT8163V
There’s A Hole In Your SoC: Glitching The MediaTek BootROM
Ilya Zhuravlev, Jeremy Boone
https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom

(Full disclosure: biased submission given that they're my colleagues, but I do think very highly of their work. :) )

Added, thanks!

hi, you can probably update that old Zynq article to the published one :)

https://blog.ropcha.in/part-3-zynq-cve-2021-27208.html

Nice to have a list like this, thanks!

A few more that come to mind:

• https://yifan.lu/2019/02/22/attacking-hardware-aes-with-dfa/
• Nvidia Tegra X2 https://arxiv.org/pdf/2108.06131.pdf
• Renesas RL78 https://fail0verflow.com/blog/2018/ps4-syscon/
• Renesas RX65 https://www.collshade.fr/articles/reneshack/rx_glitch_article.html
• A recent survey paper: https://arxiv.org/abs/2105.04454
• LPC1114 ChipWhisperer tutorial: https://github.com/newaetech/chipwhisperer-jupyter/blob/master/courses/faultapp1/LPC1114_Fuse_Bypass.ipynb
• MC68HC705C8 https://github.com/philpem/68hc705_glitcher

Turns out there was a pair of additional defects in the NXP i.MX ROM that affected second-stage loaders using the ROM-resident HABv4 API:

https://research.nccgroup.com/2022/10/03/shining-new-light-on-an-old-rom-vulnerability/

Hi @dev-zzo, Thanks for sharing the list. Here is my beginner-friendly article. If you find it relevant, feel free to add it to your list. Thanks! 🙌🏼https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf

The vast majority of them links have been replaced with wayback machine links now. Bit rot is real.