Projects:Secure Bootloader for Insecure Firmwares
|Description||Goal is to create a secure flashing mechanism for a microcontroller with the assumption that the firmware running on it can be compromised. It's an Automotive Security project. Let's discuss the design and implementation; or Automotive Security in general!|
|Persons working on|
|Tags||automotive, security, automotive security, bootloader, exploit, ctf, CAN, microcontroller, hardware, flash, pentesting, penetrationtesting, embedded|
|Located at assembly||Assembly:Binary kitchen|
(Click here to refresh this page.)
Hi! I'm designing and implementing a secure bootloader meant to be used for CTF challenges (but not only); therefore the firmware running is insecure by-design. It will be automotive-like and therefore will be flashed over automotive protocols (CAN, ISOTP, UDS) and it's going to be open-source!
Currently, the project is still in quite an early stage, but the goal is to have the following:
- secure flashing over automotive protocols
- no binary manipulations
- protect the flag/secrets located within the binary when flashing over the untrusted distribution channel
- protect crypto keys/secrets located in the bootloader
- microprocessor: ATSAME70N21B (ARM Cortex-M7)
- use hardware capabilities like the Memory Protection Unit (protect secrets in flash), Crypto Module (make it fast), the internal clock (to counter clock-glitching attacks), ...
Let's discuss the concept! Exchange new ideas on possible attack vectors and hardening a secure bootloader (or other embedded software). I will have the hardware with me! If you're interested I'll be happy to talk to you about it! You can also talk to me about automotive security/embedded security/pentesting in general - there are a lot of interesting topics to talk about. You'll sometimes find me at the Binary Kitchen Assembly; preferably hit me up through email (firstname.lastname@example.org) or you can also call me on Phone 8900.