LimitedResults

First Post of the year! Glitch the Nuvoton M2351 MKROM and its crypto. This MCU is based on Cortex-M23 (TrustZone-M) and dedicated to IoT security: https://limitedresults.com/2020/01/nuvoton-m2351-mkrom-armv8-m-trustzone/ … #HardwareHacking #ARM #TrustZonepic.twitter.com/tlYv1w82Rn

Slides from #BHEU 2019 available here: https://limitedresults.com/wp-content/uploads/2019/12/eu-19-LimitedResults-Fatal-Fury-On-ESP32-Time-To-Release-HW-Exploits-1.pdf …pic.twitter.com/s4gWbOqAUG

Last and FATAL HW exploit on ESP32. Using this, an attacker is now able to decrypt the firmware and install its own (encrypted) malware PERSISTENTLY. No Fix on current ESP32 , vuln is here forever Enjoy: https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/ … #FatalFuryonESP32 #ESP32 #EspressifSystemspic.twitter.com/wkZm8aGF3l

Silicon cannot be patched #Esp32 #EspressifSystems https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections … Full disclosure at @ZeroNightspic.twitter.com/fmMmb1EeS4

I Offer 2 Student Passes for #BHEU 2019. Conditions for student: https://www.blackhat.com/eu-19/student-scholarship.html … So, DM with your first/last name, email, and nice words maybe... I will forward to @BlackHatEvents and they will contact you to confirm your qualification. Results announced Friday 4th Oct.pic.twitter.com/kWwDgJklFY

The Disclosure about Esp32 security continues. This time, it's a secure boot bypass using voltage glitching: https://limitedresults.com/2019/09/pwn-the-esp32-secure-boot/ … No way to fix it except hardware revision. Stay tuned for the final act. #Esp32 #EspressifSystemspic.twitter.com/1SQHZIAlHG

Flash Encryption Key and Sec Boot Key extracted from 'fully secure' Esp32. Allows Persistent FW modification on the target, firmware & data readout... No way to patch except hardware redesign . More info and write-up soon... #hardwarehacking #Esp32 #EspressifSystemspic.twitter.com/oQpMutuzpq

My disclosure about ESP32 security starts today by pwning the Crypto-Core: https://limitedresults.com/2019/08/pwn-the-esp32-crypto-core/ … More serious exploits on ESP32 soon…stay tuned ;-) #hardwarehacking #esp32pic.twitter.com/GxxewUUNnS

10$ EMFI on STM32. For-loop iteration skipped in custom test app... == pic.twitter.com/CPUnxtygjp

Dont hesitate man pic.twitter.com/dmD5IB1OrJ

I notify a silent patch into ESP-IDF three days ago (v4 vs v3.3) after reporting the crypto vulns I found. No reward, no credits?!? WTF, You loose a friend today... @EspressifSystem @projectgus full disclosure is comingpic.twitter.com/zkjSATm575

Live PoC! Just a bypass Esp32 Secure boot.... #hardwarehacking #esp32 Stay tuned, More hack to come pic.twitter.com/myzjz5hgD2

I don't like being recorded but I like sharing my slides! Find them here: https://limitedresults.com/2019/05/bsides-stuttgart-2019/ … #bsidesSTR @BSidesStuttgart Thanks for this nice day guys! pic.twitter.com/9Anpiggf3O

Some results about DFA on MbedTLS: PoC on ESP32 https://limitedresults.com/2019/05/pwn-mbedtls-on-esp32-dfa-warm-up/ … More vulns to come soon! Let's pwn. #hardwarehacking #iotsecurity #Arm #ESP32 #faultInjection #MbedTLSpic.twitter.com/xXYbIsTU5d

DFA successful on MbedTLS AES (PoC on esp32) #hardwarehacking #faultinjection And nice analysis tools Jeangrey & Stark from @doegox thx man!pic.twitter.com/v4x9kWmEje

Little fault inj. setup and your AES hw accelarator returns the plaintext as output ... #IoT #esp32 @ArmMbedpic.twitter.com/MkTd18V9WM

Sandpaper experiments on fcbga, soooo low cost pic.twitter.com/3gvXh03ozh

On my way home! Thanks to @BSidesLjubljana for the great conference and the amazing party #BSidesLjubljanapic.twitter.com/JwnjQeLObm

I share the slides here: https://limitedresults.com/2019/03/bsides-ljubljana0x7e3/ … More hack to come... Nice conference, nice place...look at this logo ! Thanks! #BSidesLjubljanapic.twitter.com/8JXVlQvnSR

Ljubljana == the ghidra city #BSidesLjubljana #Ghidrapic.twitter.com/o3jLkPzV4y