About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Another vulnerability in the LPC55S69 ROM- 803

Laura Abbott - OxidePosted 4 Years Ago
  • Oxide is building a computer completely from scratch. Before blindly using something, they have decided to completely understand everything on a chip before using it. While developing a product for the LPC55S69, they found undocumented code last year that led to a huge security problem. They are back at it again with these bugs!
  • The In-System Programming (ISP) interface is used for a signed firmware update mechanism that exists on the ROM. This is for updating the firmware of the chip itself in the case that a critical security issue was found on the chip. Doing this securely requires perfect code and proper cryptography.
  • The ISP interface receives data in the SB2 format. This format includes a header followed by a set of commands to modify the flash or start code execution. To ensure confidentiality and integrity, the update commands are encrypted with a key set at the manufacturing line.
  • The update itself is parsed as groups of 16-byte blocks, where different parts of the update are referenced by this block number. The SB2 parser copies the entire ROM into a global buffer before checking the signature. However, instead of just grabbing the header information for this (128 bytes), it uses the field m_keyBlobBlock. If this variable is harder than 128, then a buffer global memory buffer overflow occurs.
  • In practice, this causes major security issues. By using this buffer overflow, code execution is possible until reboot of the chip. However, since we now control the flash update mechanism, this can be used to modify flash contents, ignoring the signature verification altogether. The POC mentioned in the article enables SWD mode on the chip in order to allow for debugging the existing ROM, which should not be possible.
  • There are some mitigating factors though. First, if the system is secured with secure boot and sealed via the Customer Manufacturing Programming Area (CMPA), modification of the code in flash will be detected on boots in the future. I was also thinking that if the commands must be encrypted, then can this code even be hit?
  • Overall, another really interesting finding within the NXP chip by Oxide! This seems like a super cool product and company to work for.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed