Hacking STM32 microcontrollers by shining light on them: Low-cost attacks on the RDP mechanism π¨π½βπποΈππ¦π
Security researchers Johannes Obermaier and Stefan Tatschner present their research on methods for bypassing Readout Protection (RDP) mechanisms in STM32 microcontrollers.
With a focus on the STM32F0 series, the authors demonstrate that:
1οΈβ£ RDP Level 1 is insecure.
2οΈβ£ RDP Level 2 can be downgraded to RDP Level 1.
In addition, all the attacks can be implemented using only low-cost equipment. The authors managed to unlock supposedly βirreversibleβ firmware protection by literally shining light on the microcontroller to break its security. :)
More details:
Shedding too much Light on a Microcontrollerβs Firmware Protection [PDF, 2023]: https://embedthreads.com/wp-content/uploads/2023/12/Microcontrollers-Firmware-Protection.pdf
