|As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.|
no edit summary
To help protect proprietary code from being dumped via a bootloader or a debugging interface, many microcontrollers include some mechanism that locks down the flash and prevents reads. In the case of NXP's LPC1114, this is done by reading a value from flash during the boot sequence, with different values corresponding to different levels of protection. As is shown in the figure below, there are 4 levels of read protection, with the rest of the values representing an unlocked device. This makes this a great target for glitching, as corrupting one bit from this read will unlock the device and give us full access. Since higher CRP levels are harder (or in the case of CRP level 3, "impossible") to remove, we'll be using the device in CRP level 1.
This was first published by Chris
Gerlinksy at RECON Brussels. You can see his [https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017-Breaking_CRP_on_NXP_LPC_Microcontrollers_slides.pdf ](slides here ), or [https://www.youtube.com/watch?v=98eqp4WmHoQ ](watch his presentation here ).
== Hardware Setup ==