Yahoo Groups archive

Lpc2000

Index last updated: 2026-04-28 23:31 UTC

Message

Re: [lpc2000] Re: LPC2148 identifyed as a LPC2138 ?

2006-01-10 by Robert Adsett

At 01:19 AM 1/10/06 +0000, jayasooriah wrote:
>Unlike in the case of AMD flash in the earlier board which had feed
>sequence requirements (0xaa followed by 0x55), the on-chip flash
>controller for LPC had no such requirements.

Actually I consider that less a protective feed sequence and more the call 
sequence for invoking the state machine in the flash.  It ends up serving 
the same purpose since the flash algorithm is essentially in a hidden 
address space.

>I was less than impressed with the code.  The CSI (command string
>interpreter that decodes and dispatches ISP commands) was broken.

How so?  The obvious would be buffer overflows which cold conceivably open 
it up quite far.

>For those who seem bent on shooting down this thread with statements
>like "you have not proven how to break CRP", ask yourself what would
>be gained by publishing exploits on this forum.

I would have thought that was obvious.  It shows it can be done.  There is 
something to be said for the courtesy of informing Philips before doing so 
but most security vulnerabilities appear to have only been addressed when 
the holes are demonstrated, not just talked about.  Until it is shown with 
how much ease security can be bypassed claims about that ease are generally 
disregarded by most people concerned.

Of course in some parts of the world it may now be questionable as to 
whether it is legal to perform any research on this question so some people 
may not want to take that risk...

>As an academic I am committed to telling all I know so that others may
>learn, but at the same time, I also recognise and accept that it is
>not responsible to post vulnerabilities, especially if there are
>already parts in the field with code that is "CRP protected".

If there is a security hole is it more responsible to expose it before more 
people rely on it or to keep it hidden?  See above if you are wondering why 
I would consider the discussion so far to be one that leant towards keeping 
it hidden.

BTW, it's of little concern to me.  I don't have a lot of use for code 
protection.  For the stuff I've done, although the code is significant it 
cannot stand alone.

Exploding flash on the other hand :)

Robert

" 'Freedom' has no meaning of itself.  There are always restrictions,   be 
they legal, genetic, or physical.  If you don't believe me, try to chew a 
radio signal. "  -- Kelvin Throop, III
http://www.aeolusdevelopment.com/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.