search

CTXz / stm32f1-picopwner

Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 on STM32F1 chips
163 stars 21 forks source link

Could GD32F103 support be possible ? #32

Open cxgth opened 3 weeks ago

cxgth commented 3 weeks ago

Hey, thanks for your work and implementation.

I'm facing the same problem as described in https://github.com/CTXz/stm32f1-picopwner/issues/27. I tried to dump the firmware of an STM32 clone (GD32F103). Due to multiple failed attempts, I ordered a genuine STM32 blue pill and built a rig to be able to quickly swap microcrontrollers for testing.

The first attempt with a STM32F103 worked flawlessly. So my guess is, right now it will not work with a GD32F103, but:

I found the CVE and original paper, the conference presentation @ WOOT '20 and another repository with an exploit for CKS and GD32 clones.

The attack between STM32F103 and GD32F103 seems to be similar. Do you think it could be implemented ?

yangzs001 commented 2 weeks ago

I also want to know how to extract the firmware of GD32F103

CTXz commented 2 weeks ago

Thanks for the CVE references.

I'll take a look when I find the time. If they seem doable with an RP2040, I might get my hands on a GD32!

curcius commented 2 weeks ago

I would be very happy if it were possible to dump the GD32f103 and thank you very much for your effort in making it work @CTXz

chupalt commented 1 week ago

GD32F103 doesn't require glitching https://github.com/JohannesObermaier/f103-analysis.git

curcius commented 2 days ago

GD32F103 doesn't require glitching https://github.com/JohannesObermaier/f103-analysis.git

Do you have any tutorials?

curcius commented 2 days ago

😭