[NIIBE Yutaka] STM32F103 flash ROM read-out service

[NIIBE Yutaka]

Hello,

Continues at gnuk-users...

tomli at tomli.me wrote:
> These services have came into existence as early as 2012. It is a main
> way used to create cheap clones by rogue competitors of products on
> the existing market. It's commonly believed STM32F1 is easy to crack,
> both through physical IC decapping, or by mounting a fault injection
> attack to disable the flash readout protection, or exploting the
> bootloader, who knows...

Generally speaking (not specific to this chip and this context), I think
that disassembly of IC cap is not that hard.  And once the chip is
analyzed to locate its flash ROM part, the flash ROM content may be
accessible by data+address lines directly.

In this context, GD32F103 is considered easier to break (after
disassembly of IC), because of its composition of MCU part and flash
part.  So, for me, it's no wonder they need to claim they have
countermeasure(s).

> you'll find many advertisements and victims of copycat complaining in EE
> forums. While GD32 seems to include more countermeasures in the chip,
> relatively obscure and have a higher cost of attack, I can only find
> one company or two cracking GD32, compared to lots of companies for
> STM32. 
>
> BTW, BasicCard and JavaCard seemed even more obscure and I cannot find
> any public service of cracking.

Thanks for your references.  I think that market size matters.  For
reading out proprietary program (for copying product), there would be
more demand.  For reading out private material, it would violate laws in
many countries.  So, even if it's possible technically, it would not be
advertised like pcbcopy.com does so for STM32F103.  That's my
consideration.

I am not sure if the service itself can be profitable.  But, claiming
they can do that, it sounds like they have enough technology.  And it is
true that it is an important part of copying a product and its PCB.

> My point is, if these hardware is instructed exclusively by Free Software,
> the ultimate master of these devices are their users, and none of these will
> be a problem. So, we need to find a security chip that comes with OPEN,
> PUBLIC specs, so we can develop free software for it.

... provided it can be manufactured independently with reproducibility
(as NdK points out in another expression).  I think that dependency to
specific company matters.

And... when you use a "secure" chip, how can you measure their claim to
be "secure"?  In my opinion, it should be possible to be evaluated by
independent party.

Furthermore, if some technology is available for a chip to be "secure",
it is good for users of semiconductor to ask applying the technology to
improve some other chips.

My point is that it's not only obscurity, but it's too far to be
scientific.  I wonder the reason why people can rely on that, seriously.

> Now I have plans to experiment with the ATECC508A chip by Atmel

Good.  If it's going well (or not), I would recommend to make a chip
with similar functionality or more (as NdK suggested another curve).

> Also, the TPM chips found on x86 systems are really underestimated by the
> Free Software community, since it's a mass-produced commodity chip with full
> spec available.

It is true some specification is available to produce hardware (a board
of PC with the chip), but...

I have a TPM chip from Infineon, but the spec how to use it
(independently, out of scope of TCG) is not available to public, as far
as I know.  In some cases, for my experience, it requires NDA documents,
non-free tools and drivers/libraries.  At leaset, Infineon suggested so.

But I'm an old engineer, the situation may be changed now.

Could you please let me know if any specification is available?  Then,
making something like Yubikey or Nitrokey Pro, using a TPM chip will be
possible.

> All to be said, we don't really know if the "STM32 Cracking" service really
> works. Perhaps we can launch a funding campaign to accept donations, and
> find one company to actually pay them to attack our existing Gnuk systems,
> and see if they can recover the encrypted data from ROM.

Please make sure it doesn't violate any laws and regulations, if someone
is going ahead.

In my opinion, these things (evaluation how secure a chip is) should be
possible, in some scientific ways, not only for Gnuk (or for STM32F103),
but for general cases.
--