Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
stacksmashing Profile picture
@ghidraninja
Aug 8 9 tweets 3 min read Read on X
Let's talk about some of the security features of the new @Raspberry_Pi RP2350, because they are 🔥🧵
1.) Glitch Detectors

The RP2350 has 4 embedded glitch detectors, with configurable sensitivity. These will respond to voltage & EM fault-injection attempts, and reset the chip.

In our testing we found that they are quite effective at capturing most glitches. Image
2.) The RCP - Redundancy Coprocessor

The RCP protects the bootrom against fault-injection (and other) attacks by generating randomized stack canaries (in hardware!), providing boolean value validation based on bit-patterns, etc. Image
3.) Secure Boot

RP2350 has secure-boot - firmware can be signed using ECC, and the device comes with 4 key-slots. You can still use the USB bootloader together with secure-boot, making it super easy to use.
4.) TrustZone-M

The RP2350 is a Cortex-M33 - featuring TrustZone-M to split the device into "Secure" and "Non-secure". Peripherals, OTP, etc. can be set to be only available in secure world, allowing nice privilege separation.
5.) Debug protection

The debug interface of the chip can be permanently disabled - or locked by a 128-bit debug key.
6.) OTP protections

The chip has a large (8kB) OTP, which can even hold a small bootloader. It comes with protections such as page lock (and additional sw locks). I.e. an early-stage bootloader can have access to secrets, while later code (even in "Secure" mode) can't acces it!
We (@hextreeio) even worked with Raspberry Pi on the RP2350 Security Playground board - it allows you to play & test with all of these features, going as far as telling you exactly how to glitch it!

Find us at @defcon in the @EmbeddedVillage to play with it!
Image
Image
We are also running the RP2350 Hacking Challenge: If you manage to hack the RP2350 you can win $10,000!

hextree.io/rp2350-hacking…
Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with stacksmashing

stacksmashing Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ghidraninja

stacksmashing Profile picture
Mar 5
One of my neighbours seems to have a smart toilet - and it looks like I can connect to it 👀 Image
According to the website I can remote control the bidet functionality 😂 Image
Can someone figure out the part number of the control board? Can't seem to find it as a replacement part :D
Read 6 tweets
stacksmashing Profile picture
Oct 12, 2023
So I was trying to sniff the BitLocker TPM key on an old laptop of mine - it has this great debug port that exposes most of the TPM (Low Pin Count Bus) signals, but it’s missing the clock signal. Image
So I could either hunt for the clock signal on the backside - or build a "clockless" LPC analyzer! And after a bit of coding I built a @saleae LA analyzer that doesn't need a clock signal - and was able to decode the whole TPM communication! Image
Then I wrote a couple of simple scripts to extract the VMK (Volume Master Key) from my recorded traffic! Image
Read 9 tweets
stacksmashing Profile picture
Sep 23, 2023
Let’s gooo Image
Off to a good start - let the jankiness begin Image
First good news, the amazing Asahi macvdmtool works with the iPhone 15! So you can reboot etc the phone via USB-C :)

(Ignore the error)
Image
Image
Read 16 tweets
stacksmashing Profile picture
Jul 13, 2023
Ever wondered what makes a secure element secure?

A part of it is this pattern: Image
This is a (not-so-great😅) die shot of the upper side of an ATECC608A secure element. As you can see, the upper layer looks like it's all metal - but if we zoom in, we get the above pattern Image
This pattern is there to prevent invasive attacks such as microprobing, and also makes it necessary to delayer the chip to start even seeing any of the actual logic (though you can just look at it from the backside using IR).

(Picture by TU München: ) https://t.co/TtL7UNgsqece.cit.tum.de/en/eisec/resea…
Image
Read 5 tweets
stacksmashing Profile picture
Aug 16, 2021
Bought one of those small 7” field monitors for filming…

Turns out it drains its battery with 72mA - while turned off 😐
I’m sure my NP-F550 batteries really like to get discharged to absolute zero 🥲
Is that a debug header? 👀 Backside of a device, showing a tiny connector
Read 7 tweets
stacksmashing Profile picture
Aug 4, 2021
20 arcade buttons and a Raspberry Pi Pico make for a fun evening project 😀
Total project costs:
- $30 for arcade buttons
- $4 Pico
- $10 Blade receptacles
- Wire + random wooden board I had laying around

Time: Roughly two hours for the build (damn cable crimping). Takes longer if your chordless drill dies in the middle 🥲
In German we call it “Kabelsalat” Image
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(