As of August 2020 the site you are on ( is deprecated, and content is now at


Jump to: navigation, search

Tutorial A9 Bypassing LPC1114 Read Protect

1 byte removed, 07:56, 17 April 2018
no edit summary
To help protect proprietary code from being dumped via a bootloader or a debugging interface, many microcontrollers include some mechanism that locks down the flash and prevents reads. In the case of NXP's LPC1114, this is done by reading a value from flash during the boot sequence, with different values corresponding to different levels of protection. As is shown in the figure below, there are 4 levels of read protection, with the rest of the values representing an unlocked device. This makes this a great target for glitching, as corrupting one bit from this read will unlock the device and give us full access. Since higher CRP levels are harder (or in the case of CRP level 3, "impossible") to remove, we'll be using the device in CRP level 1.
  This was first published by Chris Gerlinksy Gerlinsky at RECON Brussels. You can see his [](slides here), ] or [](watch his presentation here)].
== Hardware Setup ==
Approved_users, bureaucrat, administrator

Navigation menu