2021-11-26 02:37 AM
I am developing some products based on STM32F407/STM32F429. What I am trying to do is to protect my firmware that:
And what I am trying to do is use mbedtls as a crypto library and encrypt part of my code then store it in some flash sector. Then each time when I boot, decrypt the code into SRAM2 and point the function to that region.
It is a good idea to do that? and I have tried to copy the function from flash 0x0800xxxx to SRAM2 (0x2001C000) and made a function pointer to that region. but call the function caused HardFault exception.
2021-11-26 07:13 AM
Why not just use RDP level 1 to prevent readout? Seems a lot easier with about the same level of protection, maybe even more.
2021-11-26 05:52 PM
Since I found [this](https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf). I don't carefully read it. but some blog referenced this paper that said one can bypass the protection of read-out.
2021-11-26 06:08 PM
Well there are people with better reverse engineering skills than your forward engineering ones, so there's that hurdle..
You could do some elliptical curve signing using a private key and the unique id of a specific chip, and the firmware could have the public key to check/validate it.
The RDP methods protect FLASH, but code in RAM could be pulled unless you lock out JTAG/SWD.
Function pointers need odd addresses, it is certainly possible to unpack code to RAM and run it. Compression and Encryption are viable methods, I've worked on firmwares using a variety of methods.
2021-11-26 06:43 PM
Actually, in a previous version, I use some kind of fingerprint (not EC-like) to verify the firmware. But I think the single point which mark it valid or not would be easy to bypass. So I thought to encrypt some part of my code by the UID to prevent the simple clone and junior skill reverse engineer.
For the senior engineer, I don't think I have enough knowledge to prevent them.
2021-11-26 11:37 PM
Well it's not always a matter of comparative skillz, someone wanting you break your code has mechanical advantage. ie low skillz but persistent, having the advantage of time and collaboration, and the ability to leverage techniques or holes others have found.
The earlier STM32 have their own vunerabilities.
ST once claimed it would take $M in equipment, but this misunderstand the threat, you simply need access to the equipment.
2021-11-27 01:44 AM
Yes, that kind of crack is ignored. We will try another method like minimizing the cost.