It looks like the Raspberry Pi RP2350 Hacking Challenge may have been beaten — Hacker gains access to the OTP secret by glitching the RISC-V cores to enable debugging

300

•

It looks like the Raspberry Pi RP2350 Hacking Challenge may have been beaten — Hacker gains access to the OTP secret by glitching the RISC-V cores to enable debugging (www.tomshardware.com)

Once you have physical access to the hardware... There is damn near nothing you can do to stop a motivated attacker from gaining access/data.

Archive: https://archive.today/dqDQL

From the post:

>We may have a winner for the $20,000 Raspberry Pi and Hextree RP2350 Hacking Challenge, but we won't officially find out who the winner is until January 14. Engineer Aedan Cullen went public with his Hacking the RP2350 presentation at the recent 38th Chaos Communication Congress (38C3), and there is a GitHub repo now published to accompany the video here. Cullen studied the RP2350 in detail before going for a voltage injection glitch attack on pin 53 of the RP2350 chip, which managed to turn on the 'permanently disabled' RISC-V cores and their debug access port, enabling him to read the secret.

Once you have physical access to the hardware... There is damn near nothing you can do to stop a motivated attacker from gaining access/data. Archive: https://archive.today/dqDQL From the post: >>We may have a winner for the $20,000 Raspberry Pi and Hextree RP2350 Hacking Challenge, but we won't officially find out who the winner is until January 14. Engineer Aedan Cullen went public with his Hacking the RP2350 presentation at the recent 38th Chaos Communication Congress (38C3), and there is a GitHub repo now published to accompany the video here. Cullen studied the RP2350 in detail before going for a voltage injection glitch attack on pin 53 of the RP2350 chip, which managed to turn on the 'permanently disabled' RISC-V cores and their debug access port, enabling him to read the secret.

(post is archived)