Blog Posts

NXP LPC1343 Bootloader Bypass (Part 3) - Putting it all together

By: Dmitry Nedospasov

In the last part we covered what the logic might look like. Assuming you can now readout an unlocked device, in this part we'll cover the logic necessary for generating glitch pulses of varying widths with varying delays. Read More…

NXP LPC1343 Bootloader Bypass (Part 2) - Dumping firmware with Python and building the logic for the glitcher

By: Dmitry Nedospasov

Last week I shared a working passthrough configuration for the Digilent Arty board on Github. This logic implemented in this design essentially bypasses the FPGA, exposing the TX/RX of the second channel of the FTDI 2232H on pins IO[26] and IO[27]. Read More…

NXP LPC1343 Bootloader Bypass (Part 1) - Communicating with the bootloader

By: Dmitry Nedospasov

This will be the first of a three part series on bypassing the security of the embedded NXP LPC1343 ISP bootloader. Although we'll focus on the LPC1343, keep in mind that this bootloader is the embedded bootloader in many NXP LPC microcontrollers. Read More…

Read-protection enabled? No problem.

By: Dmitry Nedospasov

Recon Brussels featured a lot of great talks this year. One of our favorites was David Hulton's "Legacy Crypto Never Dies." Chris Gerlinky had an excellent talk on "Breaking Code Read Protection on the NXP LPC-family Microcontrollers." Read More…

New 5-Day Format for Berlin & Singapore

By: Dmitry Nedospasov

One of the most common requests we get is to offer a 5-day training instead. Each day of the training includes one assignment focusing on one common issue related to hardware security and takes approximately one day to solve. The fifth day of the training now includes … Read More…