extracting secrets from an embedded chip
Posted
by Will
on Stack Overflow
See other posts from Stack Overflow
or by Will
Published on 2010-06-07T08:08:03Z
Indexed on
2010/06/07
8:12 UTC
Read the original article
Hit count: 331
I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out - all access to this flash is policed by program code.
All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-on-a-chip.
How might an attacker recover the secrets in that Flash?
I understand they can fuzz for vulnerabilities in the app code and exploit it, that there could be some indistinct general side channel attack or something.
But how would an attacker really go about trying to recover those keys? Are there viable approaches for a determined attacker to somehow shave-down the chip or some kind of microscope attack?
© Stack Overflow or respective owner