[Gnuk-users] reflash without working pin?

NIIBE Yutaka gniibe at fsij.org
Mon Oct 2 00:43:04 UTC 2017 

Vagrant Cascadian <vagrant at debian.org> wrote:
> Then run the following commands, with regnual.elf and gnuk.elf in the
> same directory:
[...]
>   arm-none-eabi-gdb \
>     -ex 'target extended-remote /dev/ttyACM0' \
>     -x flash.begin \
>     -x flash.end \
>     gnuk.elf
>
> This got me most of the way there:
>
>   https://github.com/blacksphere/blackmagic/wiki/GDB-Automation
>
> And found this useful for identifying exactly which pins to use:
>
>   https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html

And now, I recommend protecting your flash ROM, that is, disabling
access from SWD debugger.

> After messing with SWD it makes me wonder: is it feasible to dump the
> key material using an SWD debugger?

In current situation (erase and write, not disabled yet), it is
possible.

When disabled, it is not possible.  All that we can do is erasing flash
ROM, which re-enables SWD full-access to the flash ROM.

>> I recommend building Gnuk with --enable-factory-reset option, only when
>> needed, because it means inviting another attack vector.  Default is
>> --disable-factory-reset option.
>
> What sort of attacks are you concerned about with enabling factory reset
> by default? Someone wiping the keys with access to the device, or worse
> than that?

It's just a small factor.  I don't know if it really works as I imagine.


My concern is: It's not the attack about steal of my private keys.
It is a risk of steal of my device itself in some circumstances.

If factory-reset option is enabled, the device could be useful for
another person (for other person's use), by resetting, even if he
doesn't have SWD debugger.  He can use it for himself, or sell it.

If it is not enabled, it is only useful with SWD debugger.

If the device were so expensive than a SWD debugger, there would be no
real difference.  (And you know, in (most) SWD debuggers from ST, we can
see STM32F103.)


Even if you enable the option of --enable-factory-reset for your Gnuk
(say, for your own convenience), I think that it's not that good to
expose this fact publicly.  It would invite a risk of stealing
needlessly.
--

More information about the gnuk-users mailing list