Closed Skorpionm closed 1 year ago
Oh, this is a blast from the past! 😄
The attacks are against the ISP protocol, intended for both for bypassing the security fuse and finding unlisted commands, I don't think the fuse bypass worked here, IIRC you need to power cycle the target to get the fuses read again (see here)
It looks like I was using a secondary trigger / support system but can't recall exactly what I used (i.e. not triggering on the reset pin... maybe on an SPI command), so I can't give an answer on what the timing was.
then remember everything you remember) from attacks on locked AVRs. Every little thing can help...
I took a new look at this as part of benchmarking some new tools. Targetting atmega328p, notes below:
>>> a.enterProgramming()
0x0:0x0:0x53:0x0
>>> a.readMemory(0x00,0x00)
bytearray(b'\x00 \x00\x0c')
bytearray(b'\x00(\x00\x94')
>>> a.setLockbits(0xF0)
0x0:0xac:0xe0:0x0
>>> a.readMemory(0x00,0x00) # without releasing rst
bytearray(b'\xf0 \x00\xff')
bytearray(b'\x00(\x00\xff')
>>>
Think there's a few paths to explore, but not glitching the memory read as I was trying years ago. Not sure if we can read out the ISP code itself somewhere?
Keen to share notes, shout out if you - or anyone reading - wants to work together.
if you could tell me about your developments, I would be very happy, what did you mean by high power attacks while reading? can you provide a diagram and oscillogram of the attack
Sure. High power just means I'm using the same mosfet as ChipWhisperer Lite as the glitch output to the target (IRF7807. Digikey's suggested replacement should work too, maybe with timing adjustments.
A few quick updates:
Traces below: these are 125MS, triggering on rst low. avr_locked has lockbits 0xF0, avr_unlocked should be 0xFF (just after chip erase).
yes, I tried the erase command, it reads its execution at the moment when the address of this command has already been received but the checksum has not been transmitted. i.e. in the middle of the transmission. I tried to turn off the power at the start of erasing, but apparently Lock bits remain at the end, when the flash has already been erased. I don’t understand whether you succeeded or not to knock down the check of the lock bits, are we serving with a glitch of 0 volts or 12? if it worked out, you can throw off the oscillogram of a successful attempt
The attack above is unsuccessful (so far), I'm not sure where to test. I'll try to look for where the lock bits are loaded.
I'm pulling VCC to gnd via serial programming.
Have you had any success attacking 12V / parallel programming?
no. i tried glitch to gnd. in a wide range after the reset signal and goes into the programming mode. so far also without success.
I've got this working reliably:
Gently under-volting the target is enough (no glitch needed). Annoyingly, once you bypass the lock bits, the first read to a given address will give the wrong result, but you can just read it a few times until the value "stabilizes".
https://github.com/CreateRemoteThread/sparkgap/tree/master/experiments/avr If I understand correctly, these are attacks on the ISP protocol with the firmware read protection bits set. Did they get away? and if I counted correctly, you make glith in the window 16000..45000 nc after lowering the Reset pin, the duration of glith is 95..150nc. do I understand correctly?