|
|
|
|
|
|
by gquere
102 days ago
|
|
|
First I'd like to point out that "Decryptor" is an ill-chosen term: there's no encryption mechanism here, RDP is a software lock based on an internal flash state. This dongle is very likely to be this original attack https://github.com/JohannesObermaier/f103-analysis/tree/mast... but now packaged. If you want to read more this repo has the best doc: https://github.com/CTXz/stm32f1-picopwner. It's a multi-step attack where a payload is executed from persisted SRAM (RDP1 means you can read/write to it) after a quick reset. The fact that they mention freezing the chip heavily weighs in that direction since it's needed for higher clock chips. |
|
|