Microcontroller Exploits

3h 40m
Travis Goodspeed
No Starch Press
2024

In this advanced guide to hardware hacking, you'll learn how to read the software out of single chip computers, especially when they are configured not to allow the firmware to be extracted.

This book documents a very wide variety of microchip hacking techniques; it's not a beginner's first introduction.

You'll start off by exploring detailed techniques for hacking real-world chips, such as how the STM32F0 allows for one word to be dumped after every reset. You'll see how the STM32F1’s exception handling can slowly leak the firmware out over an hour, and how the Texas Instruments MSP430 firmware can be extracted by a camera flash.

For each exploit, you'll learn how to reproduce the results, dumping a chip in your own lab.

In the second half of the book, you'll find an encyclopedic survey of vulnerabilities, indexed and cross referenced for use in practicing hardware security.

About the Author

Travis Goodspeed is an embedded systems reverse engineer from Tennessee, where he drives a Studebaker and collects memory extraction exploits for microcontrollers. His recent projects include a function recognizer for Thumb2 firmware, a fresh memory corruption exploit for a 90's smart card, and a CAD tool for extracting bits from mask ROM photographs.

In this Book

Introduction
Basics of Memory Extraction
STM32F217 DFU Exit
MD380 Null Pointer, DFU
LPC1343 Call Stack
Ledger Nano S, 0xF00DBABE
NipPEr Is a buTt liCkeR
RF430 Backdoors
Basics of JTAG and ICSP
nRF51 Gadgets in ROM
STM32F0 SWD Word Leak
STM32F1 Interrupt Jigsaw
PIC18F452 ICSP and HID
Basics of Glitching
MC13224, the Simplest Fault Injection
LPC1114 Bootloader Glitch
nRF52 APPROTECT Glitch
STM32 FPB Glitch
Chip Decapsulation
PIC Ultraviolet Unlock
MSP430 Paparazzi Attack
CMOS VLSI Interlude
Mask ROM Photography
Game Boy Via ROM
Clipper Chip Diffusion ROM
Nintendo CIC and Clones
A More Bootloader Vulns
B More Debugger Attacks
C More Privilege Escalation
D More Invasive Attacks
E More Fault Injections
F More Test Modes
G More ROM Photography
H Unsorted Attacks
I Other Chips
Bibliography

FREE ACCESS

Course CEH v11: Steganography & Avoiding Detection

(22)

Book Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

Book Hacking and Security: The Comprehensive Guide to Penetration Testing and Cybersecurity

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills and Salary Report

ESG Impact Report

Microcontroller Exploits

In this Book

YOU MIGHT ALSO LIKE