Analysis of Firmware Protection in State-of-the-Art Microcontrollers

Almost every microcontroller features firmware readout protection. It aims at securing the code, algorithms, and cryptographic keys against unauthorized access. Despite datasheets are promising strong security, our research shows that this is often far from being true. In this talk we want to shed light onto the "how?" we approach the security testing of such protection mechanisms. We will present and analyze several conceptual issues of state-of-the-art systems. While some concepts deliver a high level of security, others can be broken with low effort and almost no cost or complexity. In a practical demonstration, a selection of the presented attacks against readout protection will be shown live on stage.