lpcware

Security problem with CRP3

Discussion created by lpcware Employee on Jun 15, 2016
Latest reply on Jun 15, 2016 by lpcware
Content originally posted in LPCWare by micrio on Fri Jun 24 04:52:51 MST 2011
[FONT=Arial][SIZE=4][COLOR=black]In reading the manual for the LPC111X chips I came accross table 216; "Code Read Protection hardware/software interaction".[/COLOR][/SIZE][/FONT]
[FONT=Arial][SIZE=4][COLOR=black]If I read this properly, the chip will enter ISP mode if the "user code valid" test fails even with CRP3.[/COLOR][/SIZE][/FONT]

[FONT=Arial][SIZE=4][COLOR=black]Thus, if an someone can force the user code valid test to fail then they can read out the code even if CRP3 has been set.[/COLOR][/SIZE][/FONT]

[FONT=Arial][SIZE=4][COLOR=black]One possible way to cause a error in the first 8 vector table entries and thereby cause the chip to enter ISP mode it to raise the temperature high enough to cause the bits in the flash to fail. After scanning out a few chips and correcting for the errors you could get a good image of the code even if CRP3 is set.[/COLOR][/SIZE][/FONT]

[FONT=Arial][SIZE=4][COLOR=black]I understand that the same technique could be used to attack the CRP3 value directly but the "valid user code" makes the attack easier.[/COLOR][/SIZE][/FONT]

[FONT=Arial][SIZE=4][COLOR=black]Is this realistic or am I just being paranoid?[/COLOR][/SIZE][/FONT]

[FONT=Arial][SIZE=4][COLOR=black]Pete.[/COLOR][/SIZE][/FONT]

Outcomes