Projects:Secure Bootloader for Insecure Firmwares

From 36C3 Wiki
Description Goal is to create a secure flashing mechanism for a microcontroller with the assumption that the firmware running on it can be compromised. It's an Automotive Security project. Let's discuss the design and implementation; or Automotive Security in general!
Language
Has website
Organized by KeksMassacre
Persons working on
Tags automotive, security, automotive security, bootloader, exploit, ctf, CAN, microcontroller, hardware, flash, pentesting, penetrationtesting, embedded
Located at assembly Assembly:Binary kitchen
Other projects... ... further results

(Click here to refresh this page.)

Hi! I'm designing and implementing a secure bootloader meant to be used for CTF challenges (but not only); therefore the firmware running is insecure by-design. It will be automotive-like and therefore will be flashed over automotive protocols (CAN, ISOTP, UDS) and it's going to be open-source!

Currently, the project is still in quite an early stage, but the goal is to have the following:

  • secure flashing over automotive protocols
    • no binary manipulations
    • protect the flag/secrets located within the binary when flashing over the untrusted distribution channel
    • protect crypto keys/secrets located in the bootloader
  • microprocessor: ATSAME70N21B (ARM Cortex-M7)
  • use hardware capabilities like the Memory Protection Unit (protect secrets in flash), Crypto Module (make it fast), the internal clock (to counter clock-glitching attacks), ...

Let's discuss the concept! Exchange new ideas on possible attack vectors and hardening a secure bootloader (or other embedded software). I will have the hardware with me! If you're interested I'll be happy to talk to you about it! You can also talk to me about automotive security/embedded security/pentesting in general - there are a lot of interesting topics to talk about. You'll sometimes find me at the Binary Kitchen Assembly; preferably hit me up through email (project.m.schroetter@gmail.com) or you can also call me on Phone 8900.