nRF52 microcontroller debug resurrection #ReverseEngineering @limitedresults

Resurrection of the JTAG/SWD interface on protected platforms has always been a sensitive topic in embedded security. LimitedResults dives into this topic:

This security investigation presents a way to bypass the APPROTECT on a protected nRF52840, in order to reactivate the Serial Wire Debug Interface (SWD), offering full debug capabilities on the target (R/W access to Flash/RAM/Registers, Code Exec and reprogramming). All the nRF52 versions are impacted.

Due to its intrinsic characteristics, the vulnerability cannot be patched without Silicon redesign, leading to a countless number of vulnerable devices on the field forever.

The nRF52840 System-on-Chip (SoC) is the most advanced member of the nRF52 Series SoC family. It is an advanced Bluetooth, Thread and Zigbee multi-protocol SoC built around a 64 MHz Cortex-M4F CPU.

The nRF52 has a restricted security mechanism in order to protect against Memory Readout. This security feature is called Access Port Protection (APPROTECT).

NordicSemiconductor does not provide any information about the APPROTECT mechanism.

In the blog post, a low-cost fault attack is successfully achieved on nRF52840. It allows an attacker having physical access to bypass the APPROTECT to reactivate the SWD debug interface permanently(R/W access to memories and registers, control CPU code execution, dump the Flash memory, FICR and UICR…)

See the methodology in the attack in the LimitedResults article.

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 35,000+ makers on Adafruit’s Discord channels and be part of the community!

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more

CircuitPython – The easiest way to program microcontrollers –

Maker Business — Challenges in trade between China and U.S. highlighted by forced labor bill

Wearables — Zip it, zip it good

Electronics — When to opt for alkaline batteries

Python for Microcontrollers — Python on Microcontrollers Newsletter: Arduino 2.0, Podcasts and much more! #CircuitPython @micropython @ThePSF @Raspberry_Pi

Adafruit IoT Monthly — BBQ Smoker, Emoji Telegraph, and more!

Microsoft MakeCode — MakeCode Thank You!

EYE on NPI — Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 9/21/2022 Featuring Adafruit ENS160 MOX Gas Sensor – Sciosense CCS811 Upgrade – STEMMA QT / Qwiic

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at !

No Comments

No comments yet.

Sorry, the comment form is closed at this time.