Hacking the RP2350 (38c3) episode artwork

EPISODE · Dec 27, 2024 · 57 MIN

Hacking the RP2350 (38c3)

from Chaos Computer Club - archive feed · host Aedan Cullen

Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior. The RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization. Since there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hacking-the-rp2350/

Episode metadata supplied by the publisher feed · Published Dec 27, 2024

Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior. The RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization. Since there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hacking-the-rp2350/

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Hacking the RP2350 (38c3)

0:00 57:14

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

LIGHTS, CAMERA, SMILE! Creatives Club Media Lights, Camera, Smile, is a podcast for anyone with a dream to share something with the world, out of the overflow of themselves - be it their mind, their heart, their personalities, and much more. Each of us are alive in this moment in time, with an innate ability to have ideas and create various things to benefit both ourselves and the people around us for a reason, and here, you will find the encouragement, the inspiration, and the motivation to do just that. Hosted by Cicily, founder of Creatives Club, she dives into various topics surrounding creativity and business. Exploring entrepreneurship for creatives in a corporate reality, sharing tips and tricks in a media centered company, answering questions regarding what a creative actually is are just a few of the things discussed on this podcast. Be encouraged to create for yourself as Cicily gets vulnerable by pivoting the camera to herself for the first time.To submit questions for Cicily to answer, or have her address certain t The PFN Cincinnati Bengals Podcast Pro Football Network The PFN Cincinnati Bengals Podcast is where you can stay up-to-date with the latest news and analysis on the Cincinnati Bengals! Our hosts, industry experts Jay Morrison and Dallas Robinson, provide weekly coverage of all the latest rumors and updates about the Bengals. Don’t forget to follow the show to receive new episodes directly in your podcast feed and leave a rating and review to let us know your thoughts. Piramidi Club The Bitcoin Butcher La Migliore Pizza di Firenze Blue Light News Archive Blue Light News is an innovative new Internet radio show devoted to covering the news of Unicoi County in a unique and interesting way.

Frequently Asked Questions

How long is this episode of Chaos Computer Club - archive feed?

This episode is 57 minutes long.

When was this Chaos Computer Club - archive feed episode published?

This episode was published on December 27, 2024.

What is this episode about?

Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the...

Can I download this Chaos Computer Club - archive feed episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!