From Datasheet to .data Section: Acquiring Firmware From a Code-Protected Microcontroller

Description

Finding and understanding microcontroller datasheets is a skill that is not commonly taught to software developers or application security engineers. Embedded device manufacturers often use the code protection features of microcontrollers to protect their implementation and prevent reverse engineering of their products. However, misconfiguration of those microcontrollers can lead to a false sense of security. "From Datasheet to .data Section" teaches attendees tips to read and understand datasheets from the perspective of a vulnerability researcher and reverse engineer. Attendees will then analyze the configuration of a real-world consumer device microcontroller, organically discover a weakness, and write custom microcontroller tooling and code to recover the protected internal flash. This will be loaded into a disassembler to confirm the validity of data, completing the journey from a datasheet to a .data section.

Learning Outcomes

You will learn the following material in the specific context of a PIC18 microcontroller

• Reading datasheets and interacting with microcontrollers with vendor-provided tools

• Reading configuration bits and unprotected memory regions

• Identifying and attacking improper configuration of microcontroller code protection

• Interfacing with a UART peripheral in PIC18 assembly

• Bit-banging a microcontroller programming specification via an FTDI cable with C

• Dumping code-protected memory regions from a breadboarded microcontroller

• Loading the firmware into a disassembler for initial reverse engineering