After reading that, I don't feel particularly bad that I didn't find anything. I am a bit bummed that I didn't check how the hardware state machine loads security critical bits from OTP like Aedan did, otherwise I might have found that as well. I only checked things out after the first ROM instruction and assumed a completely locked down chip running the challenge binary, so no code running that can execute reset calls or whatever.
I also have no access to a FIB, no custom laser injection machine and not even an EMFI pulse generator. I should really finally build myself a PicoEMP to change at least the latter.
https://www.raspberrypi.com/news/security-through-transparency-rp2350-hacking-challenge-results-are-in/
=> More informations about this toot | View the thread | More toots from G33KatWork@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).